1 Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate window. Note: Once the video is playing, navigate through the presentation by first clicking on this slide, then by using the Page Up and Page Down keys to navigate as the video plays. 1
2 Objectives Understand what information must be protected under the HIPAA privacy laws Understand the HIPAA patient rights Understand your role as a healthcare provider in maintaining privacy of protected health information for: patient care, teaching, research, fundraising, marketing and media Be aware of consequences for non-compliance
3 HIPAA, passed in 1996, sought to make health insurance more efficient and portable. Administrative simplification will save the healthcare industry billions of dollars. Because of public concerns about confidentiality, it also addresses information protection. HIPAA Privacy Standards: April 2003 Protect an individual s health information and provide patients with certain rights Security Standards: Regulations expected shortly. Physical, technical and administrative safeguards of patient information that is stored electronically. Codes and Transaction Standards: October 2003 Standardization for electronic billing and claims management.
4 The HIPAA Privacy Standards Protect the privacy and security of a person s health information when That health information is used, disclosed or created by a Healthcare Provider Health Plan Healthcare Clearinghouse
5 What information must you protect? Information you create or receive in the course of providing treatment or obtaining payment for services or while engaged in teaching and research activities, including: Information related to the past, present or future physical and/or mental health or condition of an individual Information in ANY medium whether spoken, written or electronically stored including videos, photographs and x-rays This information is PROTECTED HEALTH INFORMATION (PHI)
6 In order for a UC Provider to use or disclose PHI The University must give each patient a Notice of Privacy Practices that: Describes how the University may use and disclose the patient s protected health information (PHI) and Advises the patient of his/her privacy rights The University must attempt to obtain a patient s signature acknowledging receipt of the Notice, EXCEPT in emergency situations. If a signature is not obtained, the University must document the reason it was not.
7 The Notice of Privacy Practices allows PHI to be used and disclosed for: Treatment Payment Operations (teaching,medical staff/peer review, legal, auditing, customer service, business management) Hospital directories Public health and safety reporting Other reporting required by government, such as in cases of abuse Subpoenas, trials & other legal proceedings
8 Other uses require Authorization For many other uses and disclosures of PHI, a written Authorization from the patient is needed Example: disclosures to an employer or financial institution or to the media or for research when the IRB has not provided a waiver of Authorization HIPAA has very specific requirements for the Authorization. It must: Describe the PHI to be released Identify who may release the PHI Identify who may receive the PHI Describe the purposes of the disclosure Identify when the Authorization expires Be signed by the patient/patient representative
9 Minimum Necessary Standard requires Providers and others to only access the minimum amount of PHI necessary to get the job done The University to develop specific policies that link access to the individual s job description The University has determined that members of the patient s provider team must have access to the full medical record so that the patient receives quality care and providers can comply with all laws regarding appropriate and timely treatment For anything else, users can only access the minimum amount of information necessary to perform their duties. Examples: a billing clerk may need to know what laboratory test was done, but not the result; an admissions clerk does not need to have access to the full medical record in order to carry out her job; a researcher may not need full access to the medical record for purposes of research; a patient transporter does not need access to the medical record to do his job
10 HIPAA gives the patient specific rights The right to request restriction of PHI uses and disclosures, such as the use of their information in the facility directory. Granting restrictions may affect UC s ability to sustain its teaching or care mission. Restrictions should not be granted by faculty without consulting the Privacy Officer. The right to request confidential forms of communications (mail to P.O. Box not street address; no message on answering machine, etc.). The right to access and receive a copy of one s own PHI. The right to an accounting of the disclosures of PHI. The right to request amendments to the medical record.
11 Incidental uses and disclosures of PHI Incidental means a use or disclosure that cannot reasonably be prevented, is limited in nature and occurs as a by-product of an otherwise permitted use or disclosure. Example: discussions during teaching rounds; calling out a patient s name in the waiting room; sign in sheets in hospital and clinics. Incidental uses and disclosures are permitted, so long as reasonable safeguards are used to protect PHI and minimum necessary standards are applied. HELP KEEP PHI CONFIDENTIAL
12 Consider the following example: 1. You are a healthcare provider. Your friend s spouse is in the hospital after an accident. Your friend asks you to review what treatment has been provided to the spouse and see if you concur. You are not part of the person s treatment team. What are you able to do under HIPAA? A. Access the person s chart so that you can communicate with your friend about the patient s condition. B. Contact the charge nurse on the floor and ask her to look into the patient records for you. C. Advise your friend that you can only look at the medical records if you are treating the patient or you receive the patient s Authorization to review the medical record.
13 Answer: C.Under HIPAA you are only allowed to use information required to do your job. Since you are not part of the patient care team, it is against the law to access the patient record or ask someone to access it on your behalf even though you may know the person and just want to be helpful. Remember, that if you were in a similar situation, you may not want your colleagues going through your medical records or those of your spouse or close friend.
14 Penalties for violations A violation of federal regulations or University Policy can result in discipline, loss of employment, fines or imprisonment. If a disclosure of PHI is made willfully and with an intent for personal gain, the penalty can be as high as a $250,000 fine and 10- year imprisonment. The University would not consider such an action as in the course and scope of your employment and would not defend you.
15 Use or disclosure of psychotherapy notes To a 3 rd Party requires the patient s Authorization except: Use by the originator of the notes for treatment purposes; Use or disclosure by UC for its own mental health training programs; Use or disclosure by UC to defend itself in a legal action or other proceeding brought by the individual; Use or disclosure that is required or permitted with respect to oversight of the originator of the notes
16 Mental health PHI disclosures to the individual Unlike HIPAA, California Law allows the individual access to his/her mental health PHI, including psychotherapy notes, upon the patient s written request UC can deny access to mental health PHI if there is a substantial risk of physical harm/endangerment of life to the patient, in the professional judgment of the provider
17 How does HIPAA affect teaching activities? Allows the use and disclosure of PHI for the teaching of University of California students (all health professions programs). Allows the exchange of PHI for teaching purposes between UC and other providers, so long as both providers have a teaching relationship with the patient. HIPAA does not allow the use and disclosure of PHI to individuals who do not have a teaching relationship to the University or a teaching relationship to the individual (e.g., attendees at CME conferences or medical/health professions lectures). USE DE-IDENTIFIED or LIMITED DATA SET OR OBTAIN PATIENT AUTHORIZATION.
18 Limited Data Set removes direct identifiers from PHI Facial identifiers Medical record numbers Health plan beneficiary numbers Device identifiers and serial numbers Biometric identifiers With the removal of the Direct Identifiers, the data may be used and disclosed if a Data Use Agreement is in place (e.g., between UC and the PHI recipient) See the Privacy Officer, General Counsel or HIMS Department for assistance with the Data Use Agreement
19 HIPAA allows the use of a Limited Data Set for teaching, research & public health Allied health professionals from a non-covered entity CME and other Education to individuals or entities who may not be part of UC Teaching material for undergraduate education Research purposes
20 Uses and disclosures of PHI for research In order to access or use PHI or databases maintained by a UC health care provider or medical center for research purposes, the researcher must obtain appropriate IRB approval of the research protocol: Additional education on HIPAA research requirements will be provided to investigators and UC health care providers who also engage in research
21 Uses and disclosures for communications with the media The patient s healthcare provider must be the initial contact with the patient for communication with the media or for developing University communications that use PHI and The University must obtain the patient s authorization for the use and disclosure to the media or for other types of external communications that contain PHI.
22 Uses and disclosures of PHI by fundraising staff A UC health care provider may use PHI to communicate to the patient about : a product or service UC provides general health issues: disease prevention; wellness classes, etc. For all other marketing, particularly when a third party requests access to a faculty s patient list for purposes of marketing a product, a patient authorization must be obtained The Authorization must state whether UC has received any direct or indirect remuneration for providing the list or other PHI Any questions should be directed to the UC_HS Marketing Department, to the Office of the General Counsel or to the UC HIPAA Privacy Officer
23 Uses and disclosures of PHI for marketing A UC health care provider may use PHI to communicate to the patient about : a product or service UC provides general health issues: disease prevention; wellness classes, etc. For all other marketing, particularly when a third party requests access to a faculty s patient list for purposes of marketing a product, a patient authorization must be obtained The Authorization must state whether UC has received any direct or indirect remuneration for providing the list or other PHI Any questions should be directed to the UC_HS Marketing Department, to the Office of the General Counsel or to the UC HIPAA Privacy Officer
24 Consider the following example: 2. A Leading children s magazine representative tells the manager of a pediatric practice that they would like to offer a free subscription to their magazine to the parents of all their patients from the last six months. The magazine also offers to do a cover story on the practice and to give them a free advertisement in the magazine if they provide a list of the parents names and addresses. Would this be allowable under HIPAA?
25 Answer: C. No. This is an example of marketing under HIPAA. PHI was IMPROPERLY disclosed. Never provide information to a friend, colleague or business representative UNLESS it is required as part of your job and permitted under HIPAA and/or other state and federal laws. Always keep your patient s information confidential to maintain your rapport and the patient s trust. Providing an unauthorized release of information to anyone for marketing or research purposes violates state and federal law. This could be interpreted as an illegal disclosure for personal gain (the value of the value of the advertisement, cover story, and publicity) and subject you to a hefty fine and imprisonment.
26 HIPAA Do s and Don ts Treat all patient information as if you were the patient. Don t be careless or negligent with PHI in any form, whether spoken, written or electronically stored. Shred or properly dispose of all documents containing PHI that are not part of the official medical record. Do not take the medical record off of University property. Limit the PHI you take home with you. Use automatic locks on laptop computers and PDAs and log off after each time you use a computer. Do not share passwords. Purge PHI from devices as soon as possible.
27 HIPAA Do s and Don ts Use secure networks for s with PHI and add a confidentiality disclaimer to the footer of such s. Do not share passwords. Set a protocol to provide for confidential sending and receipt of faxes that contain PHI and other confidential information. Discuss PHI in secure environments, or in a low voice so that others do not overhear the discussion.
28 Consider the following example: 3. A physician and a nurse were discussing a patient in an elevator filled with people. In the conversation the patient s name, diagnosis and prognosis are mentioned. What could have been done differently to protect the patient s privacy? A. The patient s privacy was protected, nothing was done wrong since no written PHI was exchanged. B. It is important to be aware of your surroundings when you discuss patient information (PHI). The patient s case should have been discussed in another room, away from other patients, or at least in low voices that could not be overheard. C. No patients or patient families should be allowed to use hospital staff elevators to avoid such situations.
29 Answer: B.Although HIPAA allows incidental uses and disclosures, this type of disclosure is not allowed. PHI includes oral communications. The patient s case should have been discussed in a location that allowed for privacy of the information discussed.
30 Consider the following example: 4. You are in the ER examining a 6-year-old boy and observe cigarette burns on the arms and hands of the boy. What does HIPAA require you to do? HIPAA requires you to protect patient confidentiality so no disclosure of PHI should be made. Patient safety is involved, and federal and state law require that you report this. HIPAA does not allow you to report this incident, but state law requires it.
31 Answer: B.While HIPAA requires you to maintain patient confidentiality, exceptions exist which allow PHI disclosures. State law requires and HIPAA allows the reporting of child or elderly abuse and communicable diseases.
32 Remember: PHI is contained in the designated record set. Should you copy any protected information for your use to a PDA, 3x5 card, slip of paper or other site it is your responsibility to safe guard and destroy it once it is no longer needed. It is everyone's responsibility to protect PHI and you may be at personal financial risk if you fail to do so.
33 Thank you! Help us to improve privacy and security of protected health information (PHI). Report improper disclosures of PHI so UC can meet its obligation to mitigate consequences. Report privacy concerns to the Student Health Center Medical Records Administrator ( ), the UCSC HIPAA Privacy Liaison ( ) or the UC HIPAA Privacy Officer at UCOP Contact the same people listed above to obtain more information.
34 *****PRINT THIS PAGE***** Training Certification When you have completed this training please print this page and fill in the following information, sign, and give to your supervisor. By signing you are certifying that you have completed the entire Health Care Provider module of the UCSC HIPAA training program. Disclaimer: This module is intended to provide educational information and is not legal advice. If you have questions regarding the privacy / security laws and implementation procedures at your facility, please contact your supervisor or the healthcare privacy officer at your facility for more information. Name (please print): Job Title: Department/Unit: Date training completed: Signature: Employee s home department (or IRB for researchers) must retain this certification as part of the employee s permanent Record 34
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act Objectives Understand what information must be protected under the HIPAA privacy laws Understand the
Advanced HIPAA Healthcare Provider The Regents of the accepts no liability of reliance placed on it, as it is warranty, express, or implied, as completeness of the presentation. UCSF Healthcare Provider
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
A Privacy and Information Security Guide for UCLA Workforce HIPAA and California Privacy Laws A Privacy and Information Security Guide for UCLA Workforce HIPAA and California Privacy Laws Table of Contents
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
Alliance for Clinical Education (ACE) Student HIPAA Training Health Insurance Portability and Accountability Act of 1996 October 2003 1 Objectives Understand the HIPAA Privacy rules and regulations Understand
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available
WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON
HIPAA (Health Insurance Portability and Accountability Act of 1996) Stetson University HIPAA Training Objectives of this Training l To help you understand: l What HIPAA privacy rule is l Why it is important
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental
Protecting Patient Privacy It s Everyone s Responsibility Observation & Student Learning Packet 1. Read packet Instructions for Self-Study Module 2. Complete post-test. A score of 80% must be achieved.
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
HIPAA Training: i Ensuring Privacy for our Patients Privacy Training for Harvard Medical Students Goals By the end of this program you will be able to Explain the basic principles of the Privacy Rule Understand
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT
HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:
Introduction This course is on the federal HIPPA rule. HIPAA is the Health Insurance Portability and Accountability Act. It is the federal rule that sets standards for the protection of health information.
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
University of California Policy HIPAA Uses and Disclosures Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may
HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas
Clinician s Guide to HIPAA Privacy I. Introduction What is HIPAA? Health Information Privacy Protected Health Information II. HIPAA s Impact On Clinical Practice, Treatment, Referrals And Payment How is
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System
HIPAA Privacy Overview General HIPAA stands for a federal law called the Health Insurance Portability and Accountability Act. This law, among other purposes, was created to protect the privacy and security
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA)... 1 Welcome to HIPAA Awareness Training Content... 3 HIPAA
NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus firstname.lastname@example.org Office of General Counsel University of Texas System April 10,
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
Whitefish School District R PERSONNEL 5510 page 1 of 5 HIPAA Note: (1) Any school district offering a group health care plan for its employees is affected by HIPAA. School districts offering health plans
Office of Integrity and Effective Date: 2005 By: Committee 1.0 PURPOSE The purpose of this policy is to guide (UMMC) employees, who are involved with research, in obtaining an authorization for the use
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
[Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
Privacy Compliance Health Occupations Students Health Occupations Students The information in this power point is the same information provided to new SCHS caregivers at their orientation. We cannot stress
Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 1 What Is HIPAA? HIPAA (pronounced hippa) is a federal law. It s a set of rules and regulations that affect
Health Insurance Portability and Accountability Act (HIPAA) Compliance Training 1 Objectives By the end of this lesson, you should be able to: Define protected health information (PHI) covered under HIPAA
DISCLAIMER This web site is provided for information and education purposes only. No doctor/patient relationship is established by your use of this site. No diagnosis or treatment is being provided. The
DIRECTIONS HIPAA Privacy/Security Personal Privacy Catholic Charities On-line Training July 2012 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings
Northwestern Memorial Hospital DEPARTMENTAL POLICY Subject: DEPARTMENTAL ADMINISTRATION Title: 1 of 11 Revision of: NEW Effective Date: 01/09/03 I. PURPOSE: This policy defines general behavioral guidelines
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related
Page 1 of 7 NOTICE OF PRIVACY PRACTICES FOR KU MEDICAL CENTER THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.
1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
HIPAA Task List from regulations minimum requirements H I P A A P R I V A C Y R U L E I. Individual Rights/Communications Notice of Privacy Practices Develop model notice(s) P&Ps for distributing notices
HIPAA Training: Ensuring Privacy for our Patients The purpose of the HIPAA Privacy Rule is to prevent inappropriate use and disclosure of individual health information, most commonly referred to as protected
TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards
1 PHI - Protected Health Information UNIVERSITY OF MICHIGAN HEALTH SYSTEM Updated 09/23/2013 2 Q: Is PHI the same as the medical record? A: No. protects more than the official medical record. Lots of other
Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of
Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by
THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY Table of Contents I. Overview... 3 II. Legal Authority for NHCS... 3 III. Requirements of the HIPAA Privacy Rule... 3 IV. Extra Safeguards and
What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed