HIPAA For Midwifery 101: Part 1 - The Basics by Brynne Potter, CPM

Size: px
Start display at page:

Download "HIPAA For Midwifery 101: Part 1 - The Basics by Brynne Potter, CPM"

Transcription

1 HIPAA For Midwifery 101: Part 1 - The Basics by Brynne Potter, CPM The Basics: The biggest concerns we hear from midwives about their charts center around HIPAA. They wonder whether they need to comply, or more importantly how to do so in a way that retains the personal and flexible style of practice that is inherent to midwifery. As it s a 1,000 page law with numerous subsections and amendments, there is no such thing as a 10 Easy Steps to HIPAA Compliance article, but there is some basic information to help us all get a better understanding of what it is, why it matters, and how you can implement simple steps into your workflow to be more conscientious about HIPAA. HIPAA IN DEPTH For a comprehensive and technical definition of HIPAA, visit the government s Web site. You ll find everything you could possibly want to know and more. Just about any question you can think of can be answered in the FAQ section alone. The goal of this series of articles (yes, it s going to take more than one to cover HIPAA in the Midwives Workflow) is to give you the basics in a context that you can really relate to: what you do every day. What is HIPAA? HIPAA is an acronym for a federal law that pertains to the protection of personal health information. It stands for the Health Insurance Portability and Accountability Act. HIPAA is divided into two primary Rules or sections: Privacy and Security. Does every midwife have to comply? You might have noticed that the I in HIPAA stands for Insurance, not Information as most people assume. This is because HIPAA came about in response to the insurance industry moving toward modernization through electronic billing systems and the concern over intentional or accidental release of insurance related information. HIPAA calls providers who must comply covered entities and the definition of a covered entity relates almost entirely to providers and associates who deal with insurance billing. This effectively means that if you never bill insurance, don t have a lab account or an account with any other entity that bills insurance, then you can stop reading after you consider this: HIPAA has rapidly altered the standard of professional health care in this United States. Despite the loophole of insurance billing, all providers are assumed to be practicing in accordance with HIPAA. Though compliance may not be your favorite word, consider the word professional and know that these standards are only going to become more ingrained in our electronic culture.

2 The Rules: Privacy Privacy is the easy one to understand and, in many cases, is what you already do for ethical and professional reasons. You don t talk about your clients to others in the community and you remove all protected health information (PHI) when you have a case in peer review. What is PHI? PHI is defined by HIPAA as individually identifiable health information. If there is anything in the information that you store or send that can identify who that client is, it is PHI. The HIPAA Privacy Rule addresses issue of privacy in terms of both formal and informal situations. I could list various scenarios (and would be happy to try to answer your specific questions), but the simple thing to keep in mind is the first step you should take with your clients regarding privacy: Authorization Think of authorization as the Informed Disclosure of HIPAA. As you review your workflow and identify places where there is either a need (eg. insurance billing) or a routine (eg. group prenatal care, or a facebook page) that will expose personal health information, you need to put it in writing to your client and get their permission or authorization. Some examples of situations for which you should get prior authorization: Release of records to another provider (except for treatment purposes*) Release of records to an insurance company or billing service Birth announcements in print or Internet Birth data for research, education, or certification (that contains PHI) There are plenty more examples, but the point is that you need to be sure that you don t release any PHI without authorization in writing from your client. *There are exceptions for the authorization requirement. The primary exception that relates to midwives is when the release of records is for treatment purposes. The Privacy Rule allows health care providers to use or disclose protected health information for treatment purposes without the clients s authorization. This includes sharing the information to consult with other providers to treat or to refer the client. This means that you don t need to get a HIPAA release when you are transferring care in labor, or anytime, to share the chart with the receiving provider. If the client is no longer under your care and there is a records request, you do need a HIPAA release. It s under Privacy, but let s talk about Security Just so you don t embarrass yourself at any hip HIPAA parties, don t make the gaffe that I did of confusing the steps you need to take to protect your client s stored records as being part of the Security Rule. It s part of the Privacy Rule, silly! I ll mention the Security Rule later, but just so we re straight you need to take steps to ensure that all of your active and stored records are secure. This is the perfect moment for a lawyer joke, but I ll refrain for the sake of brevity (even the jokes go on and on ). Here s the simple truth: You need to have a policy that outlines your procedures for security. If you fail to follow your procedures or your procedures result in an unintentional failure to comply with your policies, then you need to tell on yourself via a disclosure. Got it? I ll try again, here s a basic summary of the security safeguards section of the Privacy Rule: Know where all of your charts are, keeping them locked up when you re not using them. If you have a practice that includes more than one person (yourself), write out some guidelines for how to keep

3 information secure and make sure everyone follows them. Things like We will not leave pieces of paper with client s PHI lying around the office and Don t leave your charts in your car are good places to start. We ll talk more in a future post about security in your home or office and how to dispose of PHI. The Rules: Security The HIPAA Security Rule specifically relates to electronic transmission of PHI (ephi) for the purposes of transactions (ie. billing). If you contract with a billing service, then you are responsible for those electronic transactions that the billing service conducts on your behalf. There is not much else to say about this except to make sure your billing service is HIPAA compliant. So, that s the basic overview of HIPAA. If you know more now than you did before, that s great. Get ready to know more, because this was just the start of things to consider regarding HIPAA in your workflow HIPAA For Midwifery 101: Part 2 - Disclosures, Communication and Storage by Brynne Potter, CPM Imagine if in 1925 when Mary Breckinridge founded the Frontier Nurse Service, and pioneered nursemidwifery and rural healthcare in the US, she had to maintain HIPAA-compliance. Traveling on her horse caring for the women of Appalachia, obtaining written authorizations and informed disclosures would have been as foreign as the professionalized midwifery model she introduced. All reform brings challenges and contradictions. As any practicing midwife in the U.S. knows, we stand on the shoulders of those who came before us. As we work to move midwifery forward, we have to balance the need to modernize our profession without compromising the essential components of our model of care. One of the hallmarks of midwifery is the personal relationship we have with our clients. We are at times more than healthcare providers, we are mentors, connectors, and friends. Parity between the relationships and connections that come with being a community midwife and the rules and regulations that come along with professionalism doesn t have to hinder the inherent connections that we share with our clients and their families. The HIPAA Privacy and Security Rules are reforms that we as providers may find frustrating to integrate into our professional practices that are already constantly threatened by regulations that are not well suited to our model of care. If we try to keep in mind the good intentions (protection of the public) that are behind HIPAA, it makes it a little easier to take the effort to make these steps routine. Communication under HIPAA As I said in the first part of this 3 part series, HIPAA applies only to those providers and their business associates (or covered entities ) who engage in electronic transmission of protected health information (PHI). However, the actual law itself addresses rules for how ALL records are managed, including paper, fax, and oral transmission. HIPAA was not intended to hinder your ability to communicate with or about your clients. In fact, the intent is to encourage those necessary communications with clarity of purpose and awareness of boundaries. Think of HIPAA as a container for your communications and maybe it can help serve to organize your workflow.

4 Authorizations the fine print Anyone who has visited a health care provider in the last 5 years has probably signed a HIPAA authorization. There is not a single-use HIPAA authorization form that everyone has to use. That is because the idea is for you to actually write your own that tells your clients what you do with their PHI in your practice. There are some specific areas that need to be addressed in your general authorization at the onset of care, which HIPAA calls your Notice of Privacy Practices. This form can look like a bulleted list and here is what it should include: Situations that require no permission that are routine in your practice: Consultations or transfer of care Sharing a chart with a back up midwife Situations related to public benefit: reporting victims of abuse, neglect, domestic violence, legal procedings, national security, and law enforcement Situations where verbal or written consent is required: Disclose information to family or friends involved in client s care Public displays- bulletin boards, Web sites, Facebook Patient Rights (HIPAA requires that you inform your clients of their rights under the law) You clients have the right to: Request access and corrections to their record Request an accounting on how their information was used and who it was released to in the course of their care Request that all communications be confidential Complain about a perceived violation of privacy- to you, your practice s manager (if you have one), your licensing or certifying agency, or the government Now that you ve disclosed or gotten permission to communicate, there are some guidelines under HIPAA about how you communicate PHI in any situation. It s not about the messenger, it s about the message In our world of instant communication and rapidly changing technology, it is very difficult to create a standard for communication that is universal. The HIPAA rules are not intended to limit your use of speedy and convenient communication, the government primarily just wants you to think about what your are doing before you do it. This is highlighted by a phrase used in the law to describe the guidelines for disclosures: Covered entities also must implement reasonable minimum necessary policies and procedures that limit how much protected health information is used, disclosed, and requested for certain purposes. 45 CFR (a) (1)(iii) In legal terms, reasonable measure and minimum necessary are something that the law didn t really want to define because it was recognized that what would be reasonable for one provider wouldn t be reasonable for another. Once the law is in place for awhile things like case law and community standards start to define these subjective terms. As individualized as midwifery practices are, community standard is hard to define for everyone. The basic idea is to apply these concepts to everything that you do with PHI, including sending information or allowing access to information in your office or work place.

5 Sending information: The first reasonable measure to consider when sending info is make sure you are sending the message to the right person. Confirm the address, phone or fax number For written information (mail, , fax), include a cover letter or signature with a instructions for the recipient to contact you and destroy the contents if they are not the intended recipient The second reasonable measure is to send the minimum information necessary to achieve the goal of the communication. A great example would be that when you need to leave a voice mail for your client about their recent lab report, you can just ask them to call you back rather than leaving the details about the report on a machine that others might overhear. Storage and Access to information in your office In large practices, there is usually a privacy/security officer who is in charge of drafting policies and training everyone else. If it s just you and some students, you are your own privacy officer! Most of the reasonable safeguards HIPAA requires that you take in your workplace have to do with basic professional conduct and common sense -for instance: Speak quietly when discussing a client in public areas of your office so that you aren t overheard by family members or people in the waiting room Don t have incidental conversations among your colleagues that are not necessary for treatment keep it on a need-to-know basis Isolate or lock file cabinets or records rooms The basic idea is to take a look around your practice and notice the places where you are already taking care to ensure confidentiality and get a little more formal about it. The process will likely show you areas or habits that you hadn t thought about before that could probably improve your practice while also increasing your HIPAA-compliance. HIPAA For Midwifery 101: Part 3 - The Security Rule- Keeping Electronic Info Safe by Brynne Potter, CPM This last article in our 3 part series on HIPAA Privacy and Security is going to focus on the Security Rule and how it relates to a typical midwife workflow. As we said in our article on The Basics of the HIPAA Rules, most of the safeguards midwives need to take are based on common sense and professional practice standards. Most HIPAA blunders occur when we start using electronic tools like for health care and communication, which most of our typical young and tech-savvy clients seem to embrace. HIPAA Security Rule defined: The rule establishes national standards to protect individuals electronic personal health information (ephi) that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Health Information Privacy, US Dept. Health and Human Services

6 Paper Charting? You still might have ephi to keep secure Even if you are charting on paper, if you keep any amount of PHI (protected health information, or any information that could identify a client) in an electronic format, like files or on your computer or contacts in your phone, the HIPAA requirements for protection of that information fall under the Security Rule. The Rule outlines specific safeguards that everyone needs to take in their practice, whether large or small, to ensure the security of your client s PHI. Number 1 HIPAA Security Breach: Theft of Your Laptop I recently attended a workshop on HIPAA privacy and security issues, held at the HIMSS11 conference, by Adam Greene, JD, MPH, senior health IT and privacy specialist with the Office for Civil Rights at the Department of Health and Human Services. As a representative of the government entity charged with processing complaints regarding HIPAA breach incidents and enforcement, Greene presented some interesting data about common HIPAA mistakes. Over 65% of HIPAA Security breaches are due to theft or loss of a laptop or other computer. The best way to avoid having your laptop stolen is to NEVER leave it in your car. For homebirth midwives who often need to drive around with their birth bags at the ready, keep your laptop and your charts (whether paper or electronic) with you or in your office under lock and key. Since the penalties for not ensuring this simple safeguard range from $100 minimun -$50,000 maximun per incident, it certainly pays to be cautious with PHI. Securing Devices in your Home or Office Now that you are making sure that you are keeping your valuable electronic devices secure from theft or loss, you should also consider the HIPAA guidelines created by the Center for Medicaid Services on Security for the Small Provider. The following is a quick summary of the areas that are most relevant to a midwife workflow. Some of the guidelines are required [R] and some are addressable [A], which means that you aren t required to implement the standard unless you have the reasonable and appropriate means to do it. Reasonable and appropriate are terms that are intended to allow you to take into consideration things like the size of your practice, capabilities of your existing systems, and the cost of implementing new ones. Secret Passwords [R] The best way to restrict access to PHI on your computer or portable device is through a unique password or other authentication process to access your , files, and contacts. This is done on a computer or laptop by setting up a user account. On a cellphone there is generally only one account and you just need to set up a password that is required in order to do anything but answer incoming calls. These unique passwords also add a layer of security if these devices are lost or stolen because the entire device would need to be wiped clean in order for someone to use it again if they don t know your password. Automatic Shutoff [A] This is a feature that you probably already have on your computer. It is what makes your computer go to sleep or turn itself off after a specified amount of time and then requires a password in order to wake it back up. Many of us turn this feature off on our personal computers because it is cumbersome. However, if you have any PHI stored on your computer, you need to turn it back on. Adam Greene defined addressable this way if you have the feature available in your system, but choose not to use it, then it would be a violation of the guidelines under HIPAA. Back up of Data [A] We ve all experienced the dreaded hard drive meltdown. Losing your own information to a system failure is bad enough, but what if you had client records stored on a computer that cannot be recovered? While it is a very good practice to keep your electronic files stored on a back up hard drive, those hard

7 drives can also be corrupted, lost, or stolen. Fire and other natural disasters are things that may be unlikely, but can create a real problem for both electronic and paper file storage. Under HIPAA, and possibly your state licensing laws, you are responsible for ensuring that your client s records is readily available. The time frames for availability are usually defined under state law and can range anywhere from 5 to 18 years. The best way to ensure access to back up records is you keep it on the web cloud. This may sound counter-intuitive since you can t see this cloud, but it actually means that you can access it from any computer with a unique login. So if your computer is damaged or stolen, it doesn t matter because your PHI data is not stored on it. You just buy a new computer and access your account again with no stress. There are many commercial cloud storage systems available for low cost. Because you are storing ephi, you need to make sure that the system uses standard security protocols when you are uploading and downloading your data and that they keep your data secure on their servers. Most Electronic Health Record (EHR) and Practice Management Systems can handle this kind of data storage for you as part of the package. Encryption [A] By it s very definition, encryption is hard to understand because its all about making your text or data hard for other people to understand unless they have the secret code or authorization to do so. Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (type of formula). If information is encrypted, there would be a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (translate) the text and convert it into plain, comprehensible text. If this sounds like a bad spy movie all of a sudden, it s because electronic espionage is exactly what encryption is designed to protect against. The reality is that most hackers who are looking to get at PHI are looking for big caches of data for resell or identity theft. Simple direct back and forth between you and your client is not likely to be hacked, but it is the right of your client to refuse to allow any exchange of information that is not encrypted. Because the cost of encryption, especially for paper based practices who do little ephi exchange, is so high it is not a requirement of all covered entities to send all ephi via encrypted format. However, if you have any Business Associates (Insurance Biller, EHR or Practice Management Software) they also need to ensure that both the stored data and the sent data on your behalf is encrypted. This is something that is handled by the software vendor, and you should make sure that they are handling your practice data in compliance with HIPAA. Contracts with your Business Associates [R] HIPAA requires that you make sure your Business Associates are handling PHI properly on your behalf by having a Business Associate Contract. Most of us have clicked Yes, I have read the Terms and Conditions and Privacy Policy button when we sign up for anything online from a hotel room to a Netflix account. These forms have become so standard that many of us don t really read them. It is important to understand that you are responsible for the actions taken on your behalf and therefore, I recommend that you read all Terms and Conditions with any vendors you choose to work with in your practice. Disposal [R] Whether you are transitioning from paper to electronic charting, or just need to toss out mail or other forms that include PHI, you need to address disposal of that information as part of HIPAA security. 21% of security breaches (the second largest HIPAA complaint) happen with improper disposal of paper based PHI.

8 You can t just toss PHI into the landfill or recycle it. You first need to shred or otherwise alter it to a point where no information is retrievable. The simplest way to incorporate this into your workflow is to buy a quality shredder and shred-as-you-go. Don t let the paper pile up. Not only is it then vulnerable to loss or theft, but you are just causing a quick task to build up to a burdensome one. That shredded paper can now be recycled or used in your garden as extra mulch! Making Security Part of Your Workflow We ve talked a lot in this series about the importance of analyzing your workflow. As I outlined last month in All midwives have a workflow, what s yours?, workflow is how you do things in your practice. Ideally, your workflow makes sense and can be articulated to others. If you have a workflow written out or as you take the time to write it out now that you know about it, you can use the opportunity to really look at how you do things in your practice and decide if things might need some tweaking. During the process you can meet two more HIPAA Security Rule requirements. A Risk Analysis [R] Doing a risk analysis is required by all covered entities. Though the frequency is not specified, if you ve never done one at all then the frequency is as soon as possible. The process involves reviewing your workflow and then adding some special thought to the places where you might be at risk of exposing PHI. A Risk Management Plan is something like your practice guidelines or protocols for routine midwifery care. Risk Management Plan [R] After conducting the risk analysis, you then need to draft a plan that includes the steps you are taking to maximize security in your practice. This is something like your practice guidelines or protocols for routine midwifery care. The plan should include how your practice addresses everything that we have talked about here as well as a Facility Security Plan [A], which includes who has keys to the office files and other access to PHI, and a Sanction Policy [R] which refers to how you will handle violations of the plan by any of your staff. We never said this was easy, but hopefully this series has made it a little bit clearer how to maintain HIPAA compliance in your practice. While you don t need new software to be HIPAA compliant, considering options for workflow support that is also helping you to achieve HIPAA compliance is what Private Practice hopes to achieve. ABOUT THE AUTHOR Brynne Potter is a Certified Professional Midwife (CPM) who has worked in the field of midwifery since She is a member of the North American Registry of Midwives (NARM) Board of Directors and a founding partner of Mountain View Midwives, a midwifery practice in Charlottesville, VA. Brynne is also one of the founders of Private Practice, makers of practice management software for midwives. Disclosure: These articles are an attempt to provide information about HIPAA to midwives and related parties who are struggling to understand and integrate HIPAA-compliance. They are meant to support, not supplant, any previous understanding that you may have about HIPAA and should not be considered the first or the last word on HIPAA-compliance.

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the

More information

Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures

Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 1 What Is HIPAA? HIPAA (pronounced hippa) is a federal law. It s a set of rules and regulations that affect

More information

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity

More information

HIPAA Training for Staff and Volunteers

HIPAA Training for Staff and Volunteers HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help

More information

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

Department of Health and Human Services Policy ADMN 004, Attachment A

Department of Health and Human Services Policy ADMN 004, Attachment A WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts

More information

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014 HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared; Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

Today s Webcast is presented by Michael, also from the DART Team. Michael will provide

Today s Webcast is presented by Michael, also from the DART Team. Michael will provide Welcome to today s Webcast. Thank you so much for joining us today! My name is Ellie Coombs. I m a member of the DART Team, one of several groups engaged by HAB to provide training and technical assistance

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Member Town Hall Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA

More information

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group HOW TO REALLY IMPLEMENT HIPAA Presented by: Melissa Skaggs Provider Resources Group WHAT IS HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104 191, 110 Stat. 1936,

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System

More information

Health Insurance Portability and Accountability Act HIPAA Privacy Standards

Health Insurance Portability and Accountability Act HIPAA Privacy Standards Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

Clinical Solutions. 2 Hour CEU

Clinical Solutions. 2 Hour CEU 1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

HIPAA: Privacy/Info Security

HIPAA: Privacy/Info Security HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected

More information

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

Why the Fuss over Encrypting Email? Empowering People and Business through Technology SMALL AND MEDIUM BUSINESS TECHNOLOGY STRATEGIES

Why the Fuss over Encrypting Email? Empowering People and Business through Technology SMALL AND MEDIUM BUSINESS TECHNOLOGY STRATEGIES Empowering People and Business through Technology SMALL AND MEDIUM BUSINESS TECHNOLOGY STRATEGIES Why the Fuss over Encrypting Email? Presented By: TS Technology Revised May 2014 Statement of Confidentiality

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA)... 1 Welcome to HIPAA Awareness Training Content... 3 HIPAA

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

HIPAA Privacy & Security Rules

HIPAA Privacy & Security Rules HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

MCCP Online Orientation

MCCP Online Orientation Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI

More information

HIPAA Requirements and Mobile Apps

HIPAA Requirements and Mobile Apps HIPAA Requirements and Mobile Apps OCR/NIST 2013 Annual Conference Adam H. Greene, JD, MPH Partner, Washington, DC Use of Smartphones and Tablets Is Growing 2 How Info Sec Sees Smartphones Easily Lost,

More information

Medicaid Enterprise Systems Conference 2012

Medicaid Enterprise Systems Conference 2012 Medicaid Enterprise Systems Conference 2012 Best Practices for Using HIT and HIEs to Keep PHI Secure in an Increasingly Mobile and Technical World Presenters: Charles Sutton, Senior Executive Health Product

More information

Privacy Training for Harvard Medical Students

Privacy Training for Harvard Medical Students HIPAA Training: i Ensuring Privacy for our Patients Privacy Training for Harvard Medical Students Goals By the end of this program you will be able to Explain the basic principles of the Privacy Rule Understand

More information

HIPAA HANDBOOK. Keeping your backup HIPAA-compliant

HIPAA HANDBOOK. Keeping your backup HIPAA-compliant The federal Health Insurance Portability and Accountability Act (HIPAA) spells out strict regulations for protecting health information. HIPAA is expansive and can be a challenge to navigate. Use this

More information

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

Have you ever accessed

Have you ever accessed HIPAA and Your Mobile Devices Not taking the appropriate precautions can be very costly. 99 BY MARK TERRY Alexey Poprotskiy Dreamstime.com Have you ever accessed patient data offsite using a laptop computer,

More information

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of

More information

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Protecting Privacy & Security in the Health Care Setting

Protecting Privacy & Security in the Health Care Setting 2013 Compliance Training for Contractors and Vendors Module 3 Protecting Privacy & Security in the Health Care Setting For Internal Training Purposes Only. After completing this training, learners will

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

Federal Breach Notification Decision Tree and Tools

Federal Breach Notification Decision Tree and Tools Federal Breach Notification and Tools Disclaimer This document is copyright 2013 by the Long Term Care Consortium (LTCC). These materials may be reproduced and used only by long-term health care providers

More information

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman, Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman, Department of Biomedical Informatics Vanderbilt University School

More information

Annual Compliance Training. HITECH/HIPAA Refresher

Annual Compliance Training. HITECH/HIPAA Refresher Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance

More information

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? 6/28/2012

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? 6/28/2012 DIRECTIONS HIPAA Privacy/Security Personal Privacy Catholic Charities On-line Training July 2012 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Presented by: Gina L. Campanella, JD, MHA Rules that Control Privacy A collection of laws and regulations including:

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

HIPAA SECURITY AWARENESS

HIPAA SECURITY AWARENESS April, 2005 HIPAA SECURITY AWARENESS Department of Mental Health, Mental Retardation, and Substance Abuse Services What is HIPAA? HIPAA means Health Insurance Portability and Accountability Act It is a

More information

What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.

What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. HIPAA Training What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It provides the ability to transfer and continue health insurance coverage for workers

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

PERSONAL HEALTH RECORDS AND

PERSONAL HEALTH RECORDS AND PERSONAL HEALTH RECORDS AND THE HIPAA PRIVACY RULE INTRODUCTION A personal health record (PHR) is an emerging health information technology that individuals can use to engage in their own health care to

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information