HIPAA and Medicare for Chiropractors
|
|
- Leon Dickerson
- 8 years ago
- Views:
Transcription
1 HIPAA and Medicare for Chiropractors
2 Disclaimer None of the CCS employees are healthcare attorneys. All advice given by CCS is for educational purposes only and should not be considered a legal opinion. The information that follows has been obtained from the Federal Register and other associated government documents. Now on with the show
3 Dr. Jeff Sandquist Chiropractor and Consultant Director of Program Development for CCS CertiGied Chiropractic Professional Coder (CCPC) CertiGied Professional Compliance OfGicer (CPCO)
4
5
6 How Do We Cross the Chasm?
7 The successful person has the habit of doing things failures don t like to do. They don t like doing them either necessarily. But their disliking is subordinated to the strength of their purpose. Albert Gray
8 What is HIPAA? h"ps://
9 HIPAA History Objective Improve efgiciency and effectiveness of health care by standardizing electronic exchange of administrative, Ginancial and clinical data Encompasses Transactions standards, electronic signatures, unique identigiers (NPI), privacy, security, breach notigication, coding, and more
10 HIPAA History Developed by the US Department of Health and Human Services (HHS) and enforced by the OfGice of Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 HIPAA Administration SimpliGication in 2006 (HIPAA II) Mandated national standards for electronic health care transactions, required national identigiers for providers (NPI number), mandated security and privacy of health data
11
12 HIPAA History Updated in 2009 with HITECH Act Finalized in 2013 with Omnibus Final Rule Original HIPAA law consisted of less than 20 pages HIPAA Omnibus Final Rule law consisted of over 500 pages NOT including HITECH Act!!!
13 HITECH Health Information Technology for Economic and Clinical Health Act Part of American Recovery and Reinvestment Act (ARRA) stimulus package of 2009 Focused on leveraging INFORMATION (technology) to achieve better health care outcomes
14 HITECH Promoted adoption of EHR technology Expanded existing Privacy and Security standards BA subject to direct enforcement of Security and Privacy Rules New breach notigication requirements Enhanced enforcement Increased penalties, proactive audits, etc. Gave HIPAA teeth
15 Omnibus Final Rule The U.S. Department of Health and Human Services (HHS) Of=ice for Civil Rights announces a =inal rule that implements a number of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
16 What Changed? The changes in the =inal rulemaking provide the public with increased protection and control of personal health information. HHS News Release, January 17, 2013
17 What Changed? Finalized/implemented many changes from HITECH Act Business Associate and subcontractor liability Breach NotiGication requirements Notice of Privacy Practices requirements Increased penalties for noncompliance Use and disclosure of Protected Health Information (PHI) Expanded individuals rights
18 New HIPAA Deadlines Jan 25, 2013 Published in Federal Register Mar 26, 2013 Effective Date Sept 23, 2013 Compliance Date
19 HIPAA Compliance Privacy Rule since 2003 Security Rule since 2005 HITECH Interim Rule 2009 Meaningful Use in 2011 (Security Risk Analysis) HIPAA Omnibus Final Rule September 23, 2013
20
21 Penalty Factors Nature and extent of violation Number affected, time period Nature and extent of harm resulting from violation History of prior noncompliance Financial condition of covered entity Other factors
22 HIPAA Compliance HIPAA compliance is MANDATORY even if you do NOT utilize EHR HIPAA laws do NOT fall under Obamacare (can t blame that) Can blame HIPAA (in part) for ICD- 10
23 HIPAA Compliance REQUIRED for all Covered Entities (YOU!) Been around but rarely enforced until NOW!
24 HIPAA Noncompliance agreeing to a $150,000 payment. APDerm will also be required to implement a corrective action plan to correct de=iciencies in its HIPAA compliance program. This case marks the =irst settlement with a covered entity for not having policies and procedures in place to address the breach noti=ication provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
25 HIPAA Noncompliance The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the con=identiality of ephi as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Noti=ication Rule to have in place written policies and procedures and train workforce members.
26 HIPAA Noncompliance As we say in health care, an ounce of prevention is worth a pound of cure, said OCR Director Leon Rodriguez. That is what a good risk management process is all about identifying and mitigating the risk before a bad thing happens. Covered entities of all sizes need to give priority to securing electronic protected health information. In addition to a $150,000 resolution amount, the settlement includes a corrective action plan requiring APDerm to develop a risk analysis and risk management plan to address and mitigate any security risks and vulnerabilities, as well as to provide an implementation report to OCR.
27 ACTIVE Compliance PROCESS 8 HIPAA Compliance Elements
28 HIPAA Compliance Elements 1. Develop and implement WRITTEN policies and procedures, including changes and updates as necessary; NPP, BAA, Use and Disclosure, Privacy and Security, etc. 2. Designate a Privacy and Security OfGicer; Compliance OfGicer
29 HIPAA Compliance Elements 3. Workforce training for ALL employees; Who, What, When (at least annually and ASAP when hired) 4. Maintain reasonable and appropriate administrative, technical and physical safeguards to prevent intentional or unintentional use or disclosure of PHI; Security Rule = ELECTRONIC PHI (ephi) Perform a Risk Analysis and Risk Management (SRA Tool)
30 HIPAA Compliance Elements 5. Mitigate harmful effects of use or disclosure of PHI by staff or Business Associates in violation of policies and procedures; Breach, Sanctions, etc. 6. Privacy complaint procedures contained in Notice of Privacy Practices and identify how to and who to make complaints;
31 HIPAA Compliance Elements 7. NEVER retaliate against staff or patients for exercising their rights for assisting in an investigation or for opposing an act or practice that the person believes violates the Privacy Rule; and 8. Record retention of HIPAA related items for 6 YEARS after their effective date
32 Privacy Rule What is it? How to comply with it?
33 Privacy Rule The HIPAA Privacy Rule provides federal protection for individually identi=iable health information held by covered entities. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.
34 Privacy Rule Portion of HIPAA law that pertains to interaction between patient and health care professionals and other entities Final ruling effective as of April, 2003
35 Protected Health Information (PHI) all individually identi=iable health information that is held or transmitted by a covered entity or its business associates, in any form, whether electronic, paper, or oral.
36 Individually IdentiGiable Health Info information, including demographic data, that relates to: the individual s past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identi=ies the individual or for which there is a reasonable basis to believe can be used to identify the individual. e.g., name, address, birth date, social security number
37 PHI Contains health information that identigies individual including but not limited to demographic information Relates to individual s health or the provision of, or payment for health care
38 PHI Excludes Educational records covered by Family Educational Rights and Privacy Act (FERPA) Employment records held by covered entity in its role as an employer Persons deceased for more than 50 years
39 PHI De- IdentiGication Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual and is not individually identi=iable health information. The following identigiers of the individual, relatives, employers or household members are REMOVED
40 PHI De- IdentiGication Names All geographic subdivisions smaller than state All elements of dates (except year, unless 89years old and over) Phone numbers Fax number addresses Social security numbers Medical record numbers Health plan beneficiary numbers Account numbers CerGficate/license numbers Vehicle idengfiers and serial numbers Device numbers and serial numbers Web Universal Resource Locators (URLs) Internet Protocol (IP) address numbers Biometric idengfiers (finger and voice prints) Full face photos and comparable images Any other unique idengfying number, characterisgc, or code
41 Use The sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information. i.e. information used INSIDE your practice
42 Disclosure The release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information. i.e. information you share OUTSIDE to others
43 Authorization A covered entity must obtain the individual s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule.
44 Authorization Requirements DescripGon of the informagon to be used or disclosed Name or other specific idengficagon of the person(s), or class of persons, authorized to make the requested use or disclosure Name or other specific idengficagon of the person(s), or class of persons, to whom the covered engty may make the requested use or disclosure A descripgon of each purpose of the requested use or disclosure An expiragon date or an expiragon event that relates to the individual or the purpose of the use or disclosure Signature of the individual and date If the authorizagon is signed by a personal representagve of the individual, a descripgon of such representagve s authority to act for the individual must also be provided
45 Authorization Requirements REQUIRED STATEMENTS The individual s right to revoke the authorizagon in wrigng, and either: The excepgons to the right to revoke and a descripgon of how the individual may revoke the authorizagon; or A reference to the covered engty s nogce The ability or inability to condigon treatment, payment, enrollment or eligibility for benefits on the authorizagon, by stagng either: The covered engty may not condigon treatment, payment, enrollment or eligibility for benefits on whether the individual signs the authorizagon when the prohibigon on condigon of authorizagons; or The consequences to the individual of a refusal to sign the authorizagon the covered engty can condigon treatment, enrollment in the health plan, or eligibility for benefits on failure to obtain such authorizagon
46 Authorization Requirements The potengal for informagon disclosed pursuant to the authorizagon to be subject to re- disclosure by the recipient and no longer be protected by this subpart. Plain language requirement. The authorizagon must be wri"en in plain language. Copy to the individual. If a covered engty seeks an authorizagon from an individual for a use or disclosure of protected health informagon, the covered engty must provide the individual with a copy of the signed authorizagon.
47 Minimum Necessary A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
48 Min Nec Does NOT Apply To or by health care provider for treatment To the individual With a valid authorization To the Secretary and required by law
49 Monday Morning Action Steps Address understanding and implementation of Use and Disclosure PHI and de- identigied PHI Minimum necessary Determine if valid authorization is in use
50 Security Rule What is it? How to comply with it?
51 Security Rule The Security Rule speci=ies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the con=identiality, integrity, and availability of electronic protected health information.
52 Security Rule SpeciGic to ELECTRONIC protected health information AKA ephi Requires specigic Risk Analysis to determine security Administrative safeguards Training/Management Physical Safeguards Facility Access/Security Technical Safeguards Access/Transmission Security
53 Security Measures Takes into consideration Size, complexity, capabilities Technical, hardware and software infrastructure Cost of security measures Likelihood/possible impact of potential risks to ephi
54 Required vs. Addressable Required = must be implemented Addressable = does NOT mean optional Determine if reasonable and appropriate OR Adopt alternative measure to achieve purpose of standard if reasonable and appropriate OR DOCUMENT why it was NOT implemented
55 Risk Analysis Forms the FOUNDATION upon which an entity s necessary security activities are built.
56 Risk Analysis Part of Administrative Safeguards Security Rule requires you to implement policies and procedures to prevent, detect, contain, and correct security violations.
57 Threat The potential for a person or thing to exercise (accidentally trigger or intentionally exploit) a speci=ic vulnerability. Natural threats Gloods, earthquakes, tornadoes, etc. Human threats intentional (unauthorized access, theft) or unintentional (incidental) Environmental threats power failure, water, Gire, etc.
58 Vulnerability A =law or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system s security policy. Can be technical (technology) OR non- technical (administrative, physical, policies and procedures, staff, etc.)
59 Threats and Vulnerabilities ephi = Chickens Threat = Fox, Wolf, Coyote, Hawk, etc. Vulnerability = Hole in fence, tunnel under fence, gate left open, improper shelter, etc.
60 Risk Function of the likelihood of a given threat triggering or exploiting a particular vulnerability and the resulting impact on the organization. Threat + Vulnerability + Likelihood + Impact
61 Risk Analysis Overview Evaluate likelihood and impact of potential risks to ephi Implement appropriate security measure to address risks identigied Document chosen security measures and rationale Maintain continuous, reasonable and appropriate security protections ONGOING PROCESS update annually and with major changes
62 Administrative Safeguards Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect ephi and to manage the conduct of the CE s workforce in relation to the protection of that information.
63 Administrative Safeguards Security management process including Security OfGicer designation and implementing various Policies and Procedures Information access management policies and procedures Workforce training and management including sanctions Periodic evaluation
64 In Other Words What are the threats, vulnerabilities and risks to ephi and how are they managed? Who is in charge (CO) and involved (TEAM)? Who has access to ephi? Is there authorization, supervision and training? Are there periodic evaluations and assessments?
65 Physical Safeguards Physical measures, policies and procedures, to protect a covered entity s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.
66 Physical Safeguards Facility access and control Workstation and device security Policies and procedures for use and access to workstations and electronic media Policies and procedures regarding transfer, removal, disposal, reuse and protection of electronic media
67 In Other Words Where are the facilities? Who has access to the facilities? How is access to the facilities granted/ controlled? What is the security of workstations and technology? How is transfer, removal, disposal and re- use handled?
68 Technical Safeguards The technology and the policies and procedures for its use that protect ephi and control access to it.
69 Technical Safeguards Policies and procedures allow access to authorized users only Hardware, software, procedures to record and examine access Policies and procedures to ensure ephi is not improperly altered or destroyed Technical security to guard against unauthorized access to ephi transmitted
70 In Other Words ONLY authorized personnel has access to ephi? Audit controls to track and evaluate ephi access/use? What s in place to assure proper destruction and prevent improper destruction or alteration of ephi? What s in place to secure transmission of ephi?
71 Unsecured PHI PHI that is NOT rendered unusable, unreadable or indecipherable to unauthorized individuals according to NIST guidelines (National Institute of Standards and Technology) or by physical destruction
72 Encryption Method of converting original message of regular text into encoded text Encrypted by means of algorithm (formula) Done according to National Institute of Standards and Technology (NIST) guidelines
73 Encryption and Destruction PHI at Rest NIST PHI in Motion NIST , , PHI Disposed Physical Shredded or destroyed so cannot be read or reconstructed Electronic NIST PHI in Use No specigic guidelines other than standard access control technologies (and common sense)
74
75
76 PHI at Rest NIST STORED PHI in some capacity (e.g. desktop, laptop, phone, Glash drive, memory care, external hard drive, CDs, DVDs, etc.)
77 PHI in Motion NIST PHI MOVING across the wire (i.e. internet or intranet) Transport Layer Security (TLS) recommended Provides authentication, congidentiality, data integrity
78 PHI Disposed NIST Sanitized PHI Use approved techniques/methods Not easily retrieved and reconstructed Track and document sanitation and destruction actions
79 Sanitation/Destruction Methods Clearing Can not simply delete Overwrite technology Purging Degaussing Destroying ULTIMATE form Disintegration, incineration, pulverizing, shredding, melting, etc.
80 Disaster Plan LONG- term recovery plan to get you back to where you where before disaster HIPAA REQUIRES access and security of data in the event of a disaster
81 Contingency Plan AKA Business Continuity Plan SHORT- term temporary resumption of critical business operations, helps business survive during Disaster Recovery HIPAA REQUIRES access and security of data
82 Contingency Plan Disaster Risk Analysis Access to critical contact info Info about facility (water, gas, electrical shut- offs) Planned steps for various applicable disasters (natural disasters, equipment failure, power failure, communications failure, burst water pipe, loss of key employee, loss of facility access, etc.)
83 Risk Management REQUIRED under Administrative Safeguards Implement security measures suf=icient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with the Security Rule.
84 Where is YOUR ephi? At the ofgice? At home? In your pocket? Another ofgice?
85 Monday Morning Action Steps Perform a Risk Analysis to determine vulnerabilities, threats, and risks Address Administrative, Physical, and Technical Safeguards Perform a Risk Management to implement, revise and monitor
86 Business Associates Who is involved? What changed? What are the requirements?
87 Covered Entity A health care provider who transmits any health information in electronic form YOU!!! (also includes healthcare clearing houses and health plans)
88 Business Associate A person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information.
89 Workforce Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity or business associate, is under direct control of such covered entity or business associate, whether or not they are paid by the covered entity or business associate.
90 Business Associate An entity that creates, receives, maintains, or transmits protected health information on behalf of a covered entity (YOU)
91 Subcontractor An entity that creates, receives, maintains, or transmits protected health information on behalf of another business associate i.e. Your BA s business associate
92 Business Associate Examples Billing Services EHR Vendor Accounting Consulting Practice Management Transcriptionist Collection Agency Administrative Financial* Accreditation Attorneys Data Aggregation Computer Repair/ Technician Cloud Storage*
93 Cloud Storage
94
95 Business Associate Exceptions Other Healthcare Providers Health Insurance Carriers Financial Institutions for care payment Conduits (USPS, FedEx, UPS, ISP, etc.) Janitor, Electrician, OfGice Repair, Cleaning Service, etc. (NEVER a Business Associate)
96
97 BA Exceptions
98 BA Exceptions
99 Business Associate or Not? Role or activity based Do they create, receive, maintain or transmit PHI on your behalf? Do they have access to PHI as part of their role or activity? Even if not routinely; need only be POTENTIALLY
100 What Changed? Revised deginition of a Business Associate Added entities that fall under BA deginition Increased liability and compliance requirements for BA and subcontractors NEW/UPDATED BA Agreements REQUIRED
101 BA Liability DIRECTLY liable for violations of HIPAA Contractually liable However, liable whether or not they have agreement in place with CE Liable for actions of subcontractors
102 Business Associate Agreement Contract between you and each of your BA outlining the following: NOTE: Do NOT need BAA w/ subcontractors Permitted uses of PHI Restricted uses of PHI Appropriate safeguards Breach procedures Terms and termination
103 BAA Requirements Establish permitted/required uses/ disclosures of PHI BA will not use/disclose PHI other than permitted/required BA will implement appropriate safeguards consistent with HIPAA security rule
104 BAA Requirements BA will report to CE any uses or disclosures not covered in contract, including breaches BA will make PHI available for individuals requests, amendments and accountings BA will comply with applicable HIPAA Privacy Rule requirements
105 BAA Requirements BA will make available internal practices/ books/records to HHS Termination requires BA to destroy/return PHI received/created BA ensures subcontractors agree to same requirements; may be more but NOT less strict Authorize termination by CE if BA violates terms
106 Monday Morning Action Steps Make a list of all Business Associates Get an updated and signed Business Associate Agreement from all BAs
107 Notice of Privacy Practices What is it? Who gets it? Where does it go?
108 What is in the NPP? Describes how medical information about patient may be used and disclosed and how patients can get access to this information Patient Rights Patient Choices Uses and disclosures
109 State vs. Federal Usually Federal Laws are more strict HIPAA takes precedence HOWEVER if State Laws are more strict State Law takes precedence
110 OK Records Request
111 Patient Rights Receive electronic OR paper copy of medical records Ask to correct medical records Request congidential or alternative communications Ask to limit what we use or share Ex. Insurance carriers for care paid for out of pocket
112 Patient Rights Get list of those with whom we ve shared info Get copy of this privacy notice Choose someone to act for you File a complaint if you feel your rights are violated WITHOUT fear of retaliation
113 Patient Choices In these cases, you have both the right and choice to tell us to: Share info with your family, close friends, or others involved in your care
114 Patient Choices In these cases we NEVER share your info UNLESS you give us WRITTEN permission: Marketing purposes* Sale of your information
115 Marketing REQUIRES written signed authorization To make a communication about a product or service that encourage the recipient of the communication to purchase or use the product or service.
116 Marketing An arrangement between a covered entity and any other entity whereby the covered entity discloses PHI to the other entity in exchange for REMUNERATION, for the other entity or its af=iliate to make communication about its own product or service that encourage recipients of the communication to purchase or use that product or service. Financial remuneration means direct or indirect payment from or on behalf of a third party whose product or service is being described. Direct or indirect payment does not include any payment for treatment of an individual.
117 Marketing EXCEPTIONS Face- to- face communications Promotional gift of nominal value* UNLESS Ginancial REMUNERATION takes place Treatment of patient (i.e. case management, care coordination, alternative treatments, therapies, providers or settings) Health- related products or services as part of a plan of benegits (health care provider/plan network) Case management or care coordination, treatment alternatives that do NOT fall under treatment deginition
118 Uses and Disclosures Allowed or required to share patient info Treatment Bill for patient services and receive payments Run your organization (practice) Public health and safety issues Conduct research Comply with law
119 Treatment Provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party, consultation between health care providers regarding a patient, or the referral of a patient from one health care provider to another.
120 Payment Encompasses the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to ful=ill their coverage responsibilities and provide bene=its under the plan, and to obtain or provide reimbursement for the provision of health care.
121 Health Care Operations Certain administrative, =inancial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support core functions of treatment and payment.
122 Uses and Disclosures Allowed or required to share patient info Respond to organ and tissue donation requests Work with medical examiner or funeral director Address workers compensation, law enforcement and other government request Respond to lawsuits and legal actions (against you)
123 Decedents NOT PHI 50 years following death of person CAN disclose to decedents family members and others involved in care or payment for care prior to death
124 Provider Responsibilities Required by law to maintain privacy and security of PHI Inform patient promptly if a breach occurs that may compromise the privacy or security of the patient PHI Follow the duties and privacy practices in the NPP and give a copy to the patient Not to use or share info other than described in NPP unless told in writing; can be revoked in writing as well
125 Who Gets the NPP? ALL NEW patients during initial paperwork Obtain written acknowledgment Placed in patient Gile Anyone else who asks for it (NOT likely)
126 Where to Post the NPP? Post in, clear and prominent location and have copies of the NPP at the delivery sight for individuals to request to take with them. May post a summary, as long as the full notice is IMMEDIATELY available. (i.e. should NOT have to ask for full notice) Full notice posted on the ofgice website
127 Monday Morning Action Steps Update NPP Give to all new patients Post in prominent location Post on website
128 Breach NotiGications What is a Breach? What Changed? What is a Breach NotiGication?
129 What is a Breach? Acquisition, access, use or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information. Basically someone has PHI who should NOT have it (NOT authorized or allowed)
130 Guilty Until Proven Innocent Harm standard REMOVED PRESUMED to be a breach UNLESS covered entity demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors
131 4 Risk Assessment Factors 1. Nature and extent of PHI involved, types of identigiers, likelihood of re- identigication 2. Unauthorized person who used PHI or who the disclosure was made to 3. Whether PHI was actually acquired or viewed 4. Extent to which risk to PHI was mitigated
132 Breach NotiGications Treated as discovered on FIRST day it was known or should have been known Notify EACH individual affected SpeciGic requirements of info included Have 60 days from discovery to do so Business Associates have obligation to notify the Covered Entity (YOU!) about a breach
133 Individual Breach NotiGications Brief description of what happened Including date of breach and date of discovery Description of types of unsecured PHI involved Steps individual should take to protect themselves Brief description of what you are doing to investigate and mitigate harm and protect in the future Contact procedures Including toll- free number, address, website or postal address
134 Breach NotiGications NotiGication to media More than 500 individuals affected NotiGication to Secretary More than 500 individuals affected within 60 days Less than 500 individuals affected by end of year
Data Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationM E M O R A N D U M. Definitions
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationProtecting Patient Information in an Electronic Environment- New HIPAA Requirements
Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationCompliance Training for Medicare Programs Version 1.0 2/22/2013
Compliance Training for Medicare Programs Version 1.0 2/22/2013 Independence Blue Cross is an independent licensee of the Blue Cross and Blue Shield Association. 1 The Compliance Program Setting standards
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationBusiness Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule
Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationNCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup
NCHICA HITECH Act Breach Notification Risk Assessment Tool Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NORTH CAROLINA HEALTHCARE INFORMATION AND COMMUNICATIONS ALLIANCE, INC August
More informationHHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule
JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On
More informationHIPAA/HITECH: A Guide for IT Service Providers
HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )
HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address
More information2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S. 2012 Revised
2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S 2012 Revised 1 Introduction CMS Requirements As of January 1, 2011, Federal Regulations require that Medicare Advantage Organizations (MAOs) and
More informationREPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.
REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationCompliance Program and HIPAA Training For First Tier, Downstream and Related Entities
Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent
More informationNOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):
More informationThe Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationNOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES
SCHOOL DISTRICT OF BLACK RIVER FALLS 523.5 Exhibit NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how
More informationChiropractor Compliance Summary Documentation Compliance Criteria for Chiropractic Claims Submitted to the Funds
Chiropractor Compliance Summary Documentation Compliance Criteria for Chiropractic Claims Submitted to the Funds Date: April 23, 2012 Source Information: Medicare Policy Purpose The United Mine Workers
More informationHIPAA in an Omnibus World. Presented by
HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters
More informationHIPAA Privacy Breach Notification Regulations
Technical Bulletin Issue 8 2009 HIPAA Privacy Breach Notification Regulations On August 24, 2009 Health and Human Services (HHS) issued interim final regulations implementing the HIPAA Privacy Breach Notification
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationMedicare Advantage and Part D Fraud, Waste, and Abuse Training. October 2010
Medicare Advantage and Part D Fraud, Waste, and Abuse Training October 2010 Introduction 2008: United States spent $2.3 trillion on health care. Federal fiscal year 2010: Medicare expected to cover an
More informationHIPAA BREACH RESPONSE POLICY
http://dhmh.maryland.gov/sitepages/op02.aspx (OIG) DHMH POLICY 01.03.07 Effective Date: July 22, 2014 I. EXECUTIVE SUMMARY The Department of Health and Mental Hygiene (DHMH) is committed to protecting
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationSDC-League Health Fund
SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationState of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits
State of Nevada for the Requirements for PEBP Health Benefits Plan Year 2016 July 1, 2015 June 30, 2016 www.pebp.state.nv.us (775) 684-7000 Or (800) 326-5496 Amendments Amendment Log Any amendments, changes
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act of 1996
What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationBUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationGuidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES
DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR PARTS 160 and 164 Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable
More informationFORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT
FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationUnderstanding HIPAA Regulations and How They Impact Your Organization!
Understanding HIPAA Regulations and How They Impact Your Organization! Presented by: HealthInfoNet & Systems Engineering! April 25 th 2013! Introductions! Todd Rogow Director of IT HealthInfoNet Adam Victor
More informationSCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY
SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationPHI Air Medical, L.L.C. Compliance Plan
Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation
More informationNew HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010
New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,
More informationOCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA
Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act
More informationHIPAA Compliance Manual
HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said
More informationHealth Insurance Portability and Accountability Policy 1.8.4
Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law
More informationNew HIPAA Rules and EHRs: ARRA & Breach Notification
New HIPAA Rules and EHRs: ARRA & Breach Notification Jim Sheldon-Dean Director of Compliance Services Lewis Creek Systems, LLC www.lewiscreeksystems.com and Raj Goel Chief Technology Officer Brainlink
More informationHIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS
HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS 1. HIPAA Privacy Policies & Procedures Overview (Policy & Procedure) 2. HIPAA Privacy Officer (Policy & Procedure) 3. Notice of Privacy
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law
More informationHIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.
2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes
More informationNOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS
NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
More informationWhat Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act
What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act
More informationHIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS
HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationState of Connecticut Department of Social Services HIPAA Policies and Procedures Manual
State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is
More informationAdd a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual.
HIPAA/HITECH Policies and Procedures Please read this in its entirety. Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. Give a copy of this to all staff to read and ask
More informationNOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)
NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationName of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:
PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF
More informationSOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of
More informationModel Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
More informationHOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group
HOW TO REALLY IMPLEMENT HIPAA Presented by: Melissa Skaggs Provider Resources Group WHAT IS HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104 191, 110 Stat. 1936,
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationConnecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement
Connecticut Pipe Trades Health Fund Privacy Notice 2013 Restatement Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationPrivacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:
HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS
More informationBusiness Associate Agreement Involving the Access to Protected Health Information
School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationOCR UPDATE Breach Notification Rule & Business Associates (BA)
OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the
More information