Privacy & Information Security Training. For Health Science Workforce Members

Size: px
Start display at page:

Download "Privacy & Information Security Training. For Health Science Workforce Members"

Transcription

1 Privacy & Information Security Training For Health Science Workforce Members Privacy Program, 4/6/2015

2 Objectives Understand what information must be protected under state and federal privacy laws Understand your role in maintaining privacy and security of protected health information (PHI) Understand patient rights regarding access, use and disclosure of medical information Understand your role with adhering to data security standards and responsibility for reporting incidents Understand the consequences for non-compliance This training module satisfies Federal laws which mandate workforce privacy / security training at the time of hire and UC policy for annual privacy training. 2

3 Who must complete privacy / security training at UCSD? Anyone who works with or may see health, financial, or confidential information with personal identifiers Anyone who uses a computer or electronic device to store and/or transmit personal or health information Such as: Medical Center / Medical Group / Health Science employees Schools of Medicine / Pharmacy employees Health professions students and trainees Campus staff who work in clinical areas Volunteers (including Volunteer Clinical Faculty) Students who work in patient care areas Research staff and investigators Accounting, Payroll and Benefits staff Other independent contractors with access to UC s personal / health information who assist UCSD employees with their job 3

4 Federal and State laws Privacy & Security Laws The following list is not inclusive of all federal and state privacy laws.

5 Federal Privacy Laws Law HIPAA HITECH GINA PCI FERPA Description Health Insurance Portability and Accountability Act of 1996 to make health insurance more efficient and portable; establishes privacy rights, standards to protect privacy and information security. HIPAA s laws also address Code Sets and Transaction Standards. Health Information Technology for Economic and Clinical Health (HITECH, 2013) implements enforcement and oversight of HIPAA, privacy enhancements and added false claims and penalties. Genetic Information Nondiscrimination Act of 2008 (GINA) protects job applicants, current and former employees and trainees from discrimination based on their genetic information. Payment Card Industry Standards address credit card data security. Family Educational Rights & Privacy Act protects the privacy of student education records.

6 California Privacy Laws Law Confidentiality of Medical Information Act (CMIA) Personally Identifiable Information (PII) (AB1298, SB541) Information Practice Act (IPA) Description CMIA prohibits disclosure of medical information without prior authorization unless permitted by law. Medical Information means any individually identifiable information in the possession of or derived from a provider of health care regarding a patient s medical history, mental or physical condition, or treatment. [Cal. Civil Code 56.05(g)), 56.10] Data Protection / Breach Notification. Prevent unlawful or unauthorized access to protected information and breach notification to individuals of any reasonable suspicion of a compromise of that protection. [Cal. Civil Code ] Limits the collection, maintenance, and distribution of personal information by state agencies. Right to review your personal information in state agency records. [Cal.Civ.Code ]

7 Personal Identity Information (PII) Definition PII is a category of sensitive information that includes an individual s name (first name or initial and last name) in combination with any one or more of the following: Social Security number (SSN). Drivers license number or State-issued Identification Card number. Financial account number, credit card number*, or debit card number in combination with any required security code, access code, or password such as expiration date or mother s maiden name that could permit access to an individual s financial account. Medical information (any information regarding an individual s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional) Health insurance information (an individual s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual s application and claims history, including any appeals records) If this information is stored electronically, it must be protected from unauthorized access. Best practice: Encrypt PII data.

8 Protected Health Information (PHI) Definition PHI is any personal or health information UCSD creates or maintains in the course of providing treatment, obtaining payment for services, or while engaged in health care operations including teaching and research activities. Examples of PHI include: Medical records, test results, treatment plans, appointment reminders Billing records, referral authorizations, health insurance information Name, address, social security number and Photographs and images To view a complete list of 18 PHI identifiers, 8

9 To the patient: All Information is Confidential! Patient Personal Information Patient Financial Information Patient Medical Information Written, Spoken, Electronic PHI Patient Information may be accessed, used, viewed or disclosed only to do your job. 9

10 Requirements before PHI is Used or Disclosed In order for UCSD to use or disclose PHI: The University must give each patient a Notice of Privacy Practices that: Describes how the University may use and disclose the patient s protected health information (PHI) and Advises the patient of his/her privacy rights The University must attempt to obtain a patient s signature acknowledging receipt of the Notice, except in emergency situations. If a signature is not obtained, the University must document the reason. The University must provide privacy / security training to its workforce. To view UC San Diego Health System s Notice of Privacy Practices, 10

11 Access to Protected Health Information (PHI) Patient information is confidential and shall not be accessed or viewed other than for the sole purpose of performing employment duties and responsibilities Accessing a medical record, including your own or that of a family member or friend, without a work purpose is a violation of UCSD policy UCSD monitors electronic access to PHI to assure compliance Violations are subject to disciplinary action up to and including termination as well as individual fines. Patients may request access to their medical record via MyUCSDChart or by contacting Health Information Services (Medical Records) for a copy of their record. 11

12 You may Look at a patient s PHI only if you need to do so for your job Use a patient s PHI only if you need to do so for your job Disclose a patient s PHI to others only when it is necessary for others to do their job You must Limit your access, use and disclosure of PHI to the minimum necessary information needed to perform your job. 12

13 PHI may be Used and Disclosed for T.P.O. Treatment We may use and disclose medical information about a patient to health system doctors, nurses, technicians, students or providers who are involved in the patient s care Payment We may use and disclose medical information about the patient so that the treatment and services received may be billed and payment may be collected subject to the minimum necessary standard Operations We may use and disclose medical information for teaching, medical staff peer review, legal purposes, internal auditing, to conduct customer service surveys, and general business management subject to the minimum necessary standard 13

14 Other Permitted Uses and Disclosures To avert serious threat to health and safety For organ and tissue procurement, reimplantation, or banking purposes To military command authorities about armed forces patients To workers compensation programs For public health disclosures For government oversight activities To law enforcement, for certain activities To coroners, medical examiners and funeral directors For national security and intelligence activities To correctional institutions about inmates For certain legal proceedings, lawsuits and other legal activities To business associates with a written business associate agreement (BAA) 14

15 Other Permitted Uses & Disclosures of PHI Appointment reminders but take care to avoid leaving messages on voic or answering machines which disclose sensitive information. To provide treatment alternatives To provide limited information about patients (inpatient directory) To assist other individuals involved in the patient s care (e.g., family, friends, etc.), if determined to be in the patient s best interest. For disaster relief efforts For research with UCSD HRPP / IRB approval and subject consent For fundraising with opt-out notices and limited to certain demographic information. Honor patient requests to opt-out of donation solicitations. To business associates (third parties) who provide a service involving access to PHI data with a signed UC Business Associate Agreement 15

16 Business Associate Agreements (BAA) How to obtain a BAA Notify Health System Purchasing or the Contracting Office if the thirdparty needs access to or use of UCSD s PHI Generally, the UC approved BAA template must be used. BAA contracts may only be executed by individuals with signature authority, e.g., Purchasing, Contracting. A BAA agreement is typically signed as a separate agreement to the purchase order, MOU, or other contractual agreements. Prior to the release of PHI to a third party, ensure that: BAA has been fully executed (signed) by authorized signers. Check Purchasing s site: HIPAA Security risk assessment : Documented and any issues addressed.

17 The Sale of PHI is Prohibited! with certain exceptions Sale of PHI means a disclosure of PHI where the covered entity (UCSD) or BA directly or indirectly receives remuneration from (or on behalf of) the recipient of the PHI in exchange for the PHI unless the disclosure is for one of the following eight purposes. Example of exceptions: For public health purposes For research where the remuneration received is a reasonable costbased fee to cover the cost to prepare and transmit the PHI For treatment and payment purposes Required by law De-identified data which is not PHI

18 All Other Uses of PHI Require the Patient s Written Authorization HIPAA has very specific requirements for the written authorization. It must: Describe the PHI to be released Identify who may release the PHI Identify who may receive the PHI Describe the purposes of the disclosure Identify when the authorization expires (date) Be signed and dated by the patient / patient representative Generally a HIPAA authorization expires one year from the signature date unless indicated otherwise. 18

19 Examples of Circumstances when Patient Authorization is Required Medical Records: For the use and disclosure of medical information or records when that information is being provided / sent to someone other than the patient. Disclosure of PHI to the employer, lawyer, accountant requires the patient s written authorization. Fundraising For the use and disclosure of a patient s PHI, other than limited demographic information and name of treating department / doctor. Media Communications: For the use and disclosure of PHI to the media or news releases Marketing and Other Products: For the use and disclosure of a patient s PHI to pharmaceutical or medical device companies, non-profit organizations, etc. 19

20 Authorization Form for Release of PHI Available from: (form D818) 20

21 HIPAA: Patient Specific Privacy Rights Right to request restriction of PHI uses and disclosures. Restrictions should not be granted by faculty or staff without consulting the Privacy Officer. Right to request confidential forms of communications (e.g., mail to the P.O. Box not street address, no messages on answering machines, etc). Right to access and receive a copy of their medical record. Right to receive an accounting of the disclosures of their PHI. Right to request amendments to their medical record. Right to request NO disclosure to payers regarding services paidin-full at the time of service with written notice. Right to avoid unwanted fundraising solicitations. 21

22 Good Computing & Data Practices Information Security

23 Federal / State Privacy & Security Laws Require Providers of health care to implement administrative, physical and technical safeguards to: Ensure the confidentiality and privacy of medical information Protect against reasonably anticipated threats or unauthorized uses or disclosures of PHI (45 CFR ) Safeguard patient medical information from unauthorized or unlawful access, use or disclosure Implement policies and procedures to prevent, detect, contain, and correct security violations (45 CFR ) 23

24 Privacy / Security: Safeguards & Reminders Keep office(s) secured Encrypt (AES-256) and password protect your computer and portable media. Use strong, complex passwords or passphrase. Backup your electronic information Run anti-virus, anti-spam, anti-spyware software Keep laptops, disks, back-up tapes, USBs secure encrypted & locked up! Lock your computer session: Windows key + L Report privacy complaints & security incidents and respond to incident reports promptly! Do not leave computers or patient papers or research records in your car (even if locked). Risk of theft! 24

25 Good Computing Practices: Don t open, forward, or reply to suspicious s Don t open suspicious attachments or click on unknown website addresses Don t download unknown or unsolicited programs Encrypt attachments or send securely (request a secure link). Verify addresses and delete unnecessary identifiers from the message prior to sending Delete spam Remember: Reputable businesses will not ask you for your SSN or password or credit card number via ! If you receive an requesting this information, do not reply to it. To avoid phishing scams, DELETE the message without responding to it. 25

26 Good Computing Practices: Passwords Use cryptic passwords that can t be easily guessed Avoid using a dictionary word or a person s name Use long passwords (more than 8 characters), mixed upper and lower case, symbols and numbers or a passphrase. Protect your passwords -- don t write them down Never share your passwords 26

27 Good Computing Practices: Workstation Security Physically secure your area and data when unattended Secure your files and portable equipment--including memory / USB sticks Secure laptop computers with a lockdown cable Never share your access code, card or key Lock your screen or log-off from restricted systems promptly 27

28 Good Computing Practices: Portable Device Security Don t keep confidential data on portable devices, unless it is absolutely necessary Encrypt laptops and other portable media containing personally identifiable information Back-up data on portable devices to a secure UCSD server Erase (sanitize) devices before disposal or recycling Password protect smart-phones. Activate function find my device, if available Encryption is a process that renders electronic information unusable, unreadable or indecipherable. HITECH standards recommend using AES-256 FIPS approved encryption methods. Learn more at Guidance to Protect Data tificationrule/brguidance.html 28

29 Other Good Practices: Data Management & Paper Records Know where PHI / restricted data is stored Redact (mask) unneeded identifiers & sensitive data Lock-up paper records with sensitive information Use fax cover sheets, verify the fax number and documents to be faxed -- prior to sending. Report misdirected faxes. Do not leave patient records or other documents with sensitive information in your car even if it is locked! Check conference rooms after meetings and move sensitive information to a secure area Destroy confidential data which is no longer needed Cross-shred (confetti) or use secure locked shred-bins Avoid leaving sensitive information on voic or answering machines where other residents may hear the message. 29

30 Breach Definition, Timely Notification, Policies, Sanctions, Penalties Breach Notification

31 What is a Breach? General Definition & Examples A breach is the unauthorized access to, viewing of, use or disclosure of personal confidential information that violates state or federal privacy laws -- paper, verbal and/or electronic information could be deliberately, or unintentional, accidental. Exception for secured data meeting certain criteria, such as encryption or confetti shredded materials. Examples: Hacked or compromised computer or network Misdirected fax Misaddressed or envelope Misdirected documents (e.g., released in error to someone else) Snooping (unauthorized access to or viewing or restricted information) Web-posting of restricted information (YouTube, PDFs, PPTs, XLS files) Lost or stolen devices, e.g., laptops, CDs, USB drives

32 Report Privacy & Security Breaches UC policy states that any unauthorized access, use (including viewing) or disclosure of a patient s personal or health information is a violation of law and must be immediately reported. 32

33 Breach Notification Privacy Office Tel: In the event of a breach, notify the UCSD Privacy Office promptly! Preferably the same day that you become aware of an incident The Privacy Office will provide assistance with incident investigation, risk assessment and breach notification procedures to the affected individuals and other regulatory agencies. State & Federal laws require breach notices to individuals.

34 Penalties & Sanctions Corrective Actions: If an incident represents a violation of policy or of state / federal laws, the University will apply corrective and disciplinary actions and other sanctions in accordance with UC policy up to and including dismissal -- termination of employment. State / Federal Privacy Penalties: Office for Civil Rights (OCR) and the State may assess fines and civil penalties against health care providers, BAAs, individuals Penalties range from $2,500 - $250,000 per occurrence (or higher), depending on the circumstances. Repeat violations and violations for financial gain are assessed higher penalties. Violations may also be reported to the licensing board California law permits civil suits against the individual 34

35 Privacy Policies UC San Diego Health System s policies Refer to the MCP web-site (intra-net), Privacy & Information Security: MCP 1-25, MCP 210.1, Minimum Network Security Standards (Blink) Notice of Privacy Practices: Privacy Forms: (intra-net) Authorization for Release of PHI, Designation of Personal Representative, Request for Record Amendment / Addendum, Fax Cover Sheet, Consent Form, UC HIPAA Policies

36 Report Privacy & Security Breaches All breaches must be reported immediately: Health System Information Security Health Sciences Privacy Office University of California Hot Line (or internally: 3-HELP) Callers may be confidential or ask to remain anonymous. Hot Line is staffed 24/7. 36

37 Summary State and Federal privacy laws require that personally identifiable information including protected health information (PHI) must be protected. As a University of California workforce member, you are responsible to protect the privacy and security of information entrusted to you. Follow safeguards to prevent unauthorized viewing of PHI, or the loss or theft of information. Understand and respect patient privacy rights. Call the Privacy Office if you have questions. Understand your responsibility to promptly report incidents. There are consequences for violations and non-compliance. 37

38 Questions? Kimberly Gillespie, Esq., Chief Compliance / Privacy Officer kgillespie@ucsd.edu or Ken Wottge, Information Security Officer, kwottge@ucsd.edu

39 Confidentiality Statement Web-link The protection to UCSD Health of health Sciences and Confidentiality other confidential Agreement, information is a right protected by law and enforced by fines, criminal penalties as well as UCSD policy. Safeguarding confidential information is a fundamental obligation for all employees, clinical faculty, house staff, students and volunteers. I understand and acknowledge that: 1. I shall protect the privacy and security of confidential information at all times, both during and after my employment with the University of California has terminated. 2. I agree to (a) access, use, or view confidential information to the minimum extent necessary for my assigned duties; and (b) disclose such information only to persons authorized to receive it. 3. I understand that UCSD tracks all user IDs used to access electronic records. Those IDs enable discovery of inappropriate access to EITHER patient records or employee records. 4. Inappropriate access and unauthorized release of protected information will result in disciplinary action, up to and including termination of employment, and will result in a report to authorities charged with professional licensing, enforcement of privacy laws and prosecution of criminal acts. The Office of Health Information Integrity (OHII) may levy penalties to individuals or providers of healthcare of $2,500 - $25,000 per violation. 5. User IDs and passwords cannot be shared. Inappropriate use of my ID (whether by me or anyone else) is my responsibility and exposes me to severe consequences. 39 Print Name: / Date:

40 Certification of Training I have read the UCSD Privacy / Security training materials and confidentiality statement and agree to abide by UCSD policy and Federal / State privacy and information security laws. Print name: Department name: / UCSD Employee number: <if known> Non-UCSD workforce member ID: Indicate the 2-digit birth month (MM) and last 4 letters of your last name. 40

HIPAA Privacy & Security Rules

HIPAA Privacy & Security Rules HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014 HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors

More information

By the end of this course you will demonstrate:

By the end of this course you will demonstrate: 1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

NC DPH: Computer Security Basic Awareness Training

NC DPH: Computer Security Basic Awareness Training NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain

More information

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

HIPAA In The Workplace. What Every Employee Should Know and Remember

HIPAA In The Workplace. What Every Employee Should Know and Remember HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete

More information

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices HIPAA Notice of Privacy Practices Date of Last Revision: 09/20/2013 Effective Date: Immediately THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

HIPAA Privacy Policy & Notice of Privacy Practices

HIPAA Privacy Policy & Notice of Privacy Practices HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the

More information

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity

More information

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared; Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

A Privacy and Information Security Guide for UCLA Workforce. HIPAA and California Privacy Laws

A Privacy and Information Security Guide for UCLA Workforce. HIPAA and California Privacy Laws A Privacy and Information Security Guide for UCLA Workforce HIPAA and California Privacy Laws A Privacy and Information Security Guide for UCLA Workforce HIPAA and California Privacy Laws Table of Contents

More information

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT

More information

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014 UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

HIPAA Training for Staff and Volunteers

HIPAA Training for Staff and Volunteers HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable NOTICE OF PRIVACY PRACTICES TEMPLATE Sections highlighted in yellow are optional sections, depending on if applicable Original Date: ##/##/#### Revised per HIPAA Omnibus Rule ##/##/#### Revised Date Implementation:

More information

HIPAA Training Study Guide July 2015 June 2016

HIPAA Training Study Guide July 2015 June 2016 Contents HIPAA Overview... 2 Who must comply?... 2 Privacy Standard... 3 Protected Health Information (PHI)... 3 Minimum Necessary Rule... 4 Requests for PHI... 5 Acceptable PHI Releases... 5 Special Circumstances...

More information

HIPAA Privacy & Security Training for Clinicians

HIPAA Privacy & Security Training for Clinicians HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM DATE: CHART#: GUARANTOR INFORMATION LAST NAME: FIRST NAME: MI: ADDRESS: HOME PHONE: ADDRESS: CITY/STATE: ZIP CODE: **************************************************************************************

More information

DALLAS ALLERGY & ASTHMA CENTER

DALLAS ALLERGY & ASTHMA CENTER DALLAS ALLERGY & ASTHMA CENTER Gary N. Gross, MD Michael E. Ruff, MD 5499 Glen Lakes Dr., Suite 100 Dallas, TX 75231 Dania A. Wierzbicki, MD Phone: (214) 691-1330 Jane Zepeda, PA-C FAX: (214) 691-6405

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

Information with a person who is involved in your medical care or payment for your care, such as your family or a

Information with a person who is involved in your medical care or payment for your care, such as your family or a Notice of Privacy Practices Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

HIPAA Notice of Privacy Practices Effective Date: 09/23/13

HIPAA Notice of Privacy Practices Effective Date: 09/23/13 HIPAA Notice of Privacy Practices Effective Date: 09/23/13 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC. HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Department of Health and Human Services Policy ADMN 004, Attachment A

Department of Health and Human Services Policy ADMN 004, Attachment A WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON

More information

Annual Compliance Training. HITECH/HIPAA Refresher

Annual Compliance Training. HITECH/HIPAA Refresher Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance

More information

Guadalupe Regional Medical Center

Guadalupe Regional Medical Center Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES The Pain Treatment Center, Inc. d/b/a Stone Road Surgery Center THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES

SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised September 23, 2013 This notice describes how medical information about you may be used

More information

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER: NOTICE OF PRIVACY PRACTICES COMPLETE EYE CARE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPPA Goes HITECH. Data Protection for Agents

HIPPA Goes HITECH. Data Protection for Agents HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able

More information

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices Pueblo Radiology Medical Group, Inc. Pueblo Radiology Associates, Inc. Central Coast Radiology Associates, Inc. Santa Barbara Women s Imaging Center Effective Date: September

More information

HIPAA Compliance. 2013 Annual Mandatory Education

HIPAA Compliance. 2013 Annual Mandatory Education HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health

More information

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc.

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc. Notice of Health Information Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE

More information

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. OUR PLEDGE

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

HIPAA Privacy. September 21, 2013

HIPAA Privacy. September 21, 2013 HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,

More information

OUR LADY OF THE LAKE, HOSPITAL INC. AND OUR LADY OF THE LAKE PHYSICIAN GROUP, LLC NOTICE OF PRIVACY PRACTICES

OUR LADY OF THE LAKE, HOSPITAL INC. AND OUR LADY OF THE LAKE PHYSICIAN GROUP, LLC NOTICE OF PRIVACY PRACTICES OUR LADY OF THE LAKE, HOSPITAL INC. AND OUR LADY OF THE LAKE PHYSICIAN GROUP, LLC NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU

More information

Privacy & Security Standards to Protect Patient Information

Privacy & Security Standards to Protect Patient Information Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine

More information

Health Insurance Portability and Accountability Act HIPAA Privacy Standards

Health Insurance Portability and Accountability Act HIPAA Privacy Standards Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate

More information

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts

More information

HIPAA Education Level One For Volunteers & Observers

HIPAA Education Level One For Volunteers & Observers UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

8.03 Health Insurance Portability and Accountability Act (HIPAA)

8.03 Health Insurance Portability and Accountability Act (HIPAA) Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of

More information

NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER

NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA APPENDIX PR 12-A FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section

More information

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

HIPAA Privacy & Security Health Insurance Portability and Accountability Act HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would

More information

MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013

MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013 MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU

More information

Policy & Procedure AUTUMN RIDGE RESIDENTIAL CARE. March, 2013

Policy & Procedure AUTUMN RIDGE RESIDENTIAL CARE. March, 2013 AUTUMN RIDGE RESIDENTIAL CARE Policy & Procedure HIPAA / PRIVACY NOTICE OF PRIVACY PRACTICES FUNCTION NUMBER PRIOR ISSUE EFFECTIVE DATE March, 2013 PURPOSE To ensure that a Notice of Privacy Practices

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

How To Protect Your Privacy At A Clinic

How To Protect Your Privacy At A Clinic NOTICE OF PRIVACY PRACTICES University HealthCare Alliance Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED. PLEASE REVIEW IT CAREFULLY.

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

BERKELEY COLLEGE DATA SECURITY POLICY

BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data

More information

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health

More information

Effective Date: March 23, 2016

Effective Date: March 23, 2016 AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Hereinafter "Agreement") dated as of, 2013, is made by and between (Hereinafter Covered Entity ) and (Hereinafter Business Associate ). ARTICLE

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

HIPAA PRIVACY OVERVIEW

HIPAA PRIVACY OVERVIEW HIPAA PRIVACY OVERVIEW OBJECTIVES At the completion of this course, the learner will be able to: Define the Purpose of HIPAA Define Business Associate Identify Patients Rights Understand the Consequences

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN)

HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN) HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN) Effective Date: 04/14/15 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

Harris County - Texas HIPAA Notice of Privacy Practices

Harris County - Texas HIPAA Notice of Privacy Practices Harris County - Texas HIPAA Notice of Privacy Practices Effective Date: September 23, 2013. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Original effective date: 2003 Effective date of last Revision: July 17, 2013 CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Caring Hospice Services of Connecticut Caring Hospice Services of New York

More information

LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois. NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013

LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois. NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013 LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU WILL BE USED AND

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

New Privacy Laws Impacting the Health Care Work Place

New Privacy Laws Impacting the Health Care Work Place New Privacy Laws Impacting the Health Care Work Place Presented by Thomas E. Jeffry, Jr., Esq. Arent Fox LLP Washington, DC New York, NY Los Angeles, CA November 12 & 19, 2009 Overview 1. Overview of California

More information

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT H I P AA B U S I N E S S AS S O C I ATE AGREEMENT This HIPAA BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into by and between Opticare of Utah, Inc. ( Covered Entity ), and,( Business Associate ).

More information

NCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup

NCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NCHICA HITECH Act Breach Notification Risk Assessment Tool Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NORTH CAROLINA HEALTHCARE INFORMATION AND COMMUNICATIONS ALLIANCE, INC August

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revision Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. About this notice

More information