7/1/2014. Actual chart bloopers. Unintended Consequences: Liability for Electronic Health Records. Actual chart bloopers. Actual chart bloopers

Size: px
Start display at page:

Download "7/1/2014. Actual chart bloopers. Unintended Consequences: Liability for Electronic Health Records. Actual chart bloopers. Actual chart bloopers"

Transcription

1 Actual chart bloopers Unintended Consequences: Liability for Electronic Health Records Kim C. Stanger Holland & Hart LLP The patient had no history of suicides. The patient refused autopsy. [Patient] has no rigors or shaking chills, but her husband states she was very hot in bed last night. The patient has been depressed since she began seeing me in MD order: Walk in hell. Fecal heart tones heard. Large brown BM up walking in halls. Patient was in his usual state of good health until his airplane ran out of gas and crashed. Actual chart bloopers The patient is tearful and crying constantly. She also appears to be depressed. Patient had waffles for breakfast and anorexia for lunch. The skin was moist and dry. Skin: somewhat pale, but present. Patient was alert and unresponsive. Patient has two teenage children, but no other abnormalities. Patient lives at home with his mother, father, and pet turtle, who is presently enrolled in day care 3x a week. Actual chart bloopers Discharge status: Alive but without permission. Rectal exam revealed a normal size thyroid. [Patient] stated that she had been constipated for most of her life, until she got a divorce. I saw your patient today, who is still under our car for physical therapy. TheRapist in to see patient. The baby was delivered, the cord clamped and cut and handed to pediatrician, who breathed and cried immediately. Actual chart bloopers Both breasts are equal and reactive to light and accommodation. The lab test indicated abnormal lover function. The pelvic exam will be done later on the floor. While in the ER, [patient] was examined, x- rated, and sent home. Examination of genitalia was completely negative except for the right foot. Examination of genitalia reveals that he is circus sized. Preliminaries Overview Advantages of EHR Disadvantages of EHR Potential liability arising from EHR. for minimizing liabilities. 1

2 Preliminaries What are the advantages of EHR? This is an overview of some relevant laws and regulations. Laws may vary depending on your circumstances, including type of practice, jurisdiction, contract limits, etc. Check the law when applying it to your circumstances. I am a lawyer, not a techno geek. Please comment, share experiences, ask questions. Audience participation is good This presentation is for educational purposes only. This does not create an attorney-client relationship. This presentation does not constitute legal advice. Advantages of EHR Health information exchange inside and outside organization. Timely record completion. Immediate access to info. More info for decision makers. Fewer redundant tests. Searchable database. Allows research and population-based medicine. Communication with patients. More complete medical record. May provide more effective care. May increase reimbursement. May help defend against malpractice claim. Advantages of EHR Clinical decision support Evidence-based clinical guidelines. Updated medical research or data about drugs and treatment options. Alerts re dangerous drug combinations, allergies, etc. Reminders and tracking systems. Confirm receipt of reports. Follow up care or tasks. Needed tests or services. Adherence to treatment plan. Computerized provider order entry ( CPOE ) Immediate orders. Benefits of EHR Avoids transcription errors. Avoids illegible notes that cannot be read or may be misread. Benefits of EHR Estimated $44 billion to $170 billion savings to health system. Increased revenue to provider. Improved cash flow. Increased charge capture. Increased utilization of tests or procedures. Decreased billing errors. Decreased costs of storage and record-related charges and supplies. Insurance discount. Greater efficiency (eventually ) 2

3 Benefits of EHR Meaningful use payments to providers. Up to $44,000 for Medicare Up to $64,000 for Medicaid. Reduced Medicare rates of 1%, 2% and 3% if fail to demonstrate meaningful use. What are the disadvantages of EHR? Costs of EHR Liability Risks of EHR Initial purchase. Implementation. Planning. Training. Support. Maintenance. Support. Upgrades, fixes, and interfaces. Decreased productivity, at least initially. Decreased revenue, at least initially. System failures / loss of data System glitches Poor system design User error Communications with patients Data breach Fraud and abuse Other? Business interruption Dedication of resources to resolve the problem Cash flow problems Adverse action by govt agency System Failure System Failure Case Study: On July 23, 2012, dozens of hospitals across the county lost access to their info for five hours due to an outage at Cerner. How would this affect your: Ability to care for patients? Ability to bill and collect for services? Ability to continue internal operations? Unavailability of data. Power outage System failure System maintenance Loss of data. System failure Fire or other disaster Cyber attack Corruption of data. System glitch Cyber attack Human error HIPAA Security Rule requires safeguards to ensure the availability, integrity, and confidentiality of protected health info. (45 CFR et seq.) 3

4 System Failure Comply with HIPAA Security Rule, which requires: Analysis of risks to EHR system. Secure physical and electronic access to data or systems. Security audits and evaluations. Protection from malicious software. Process to protect data from improper alteration or destruction. Process to confirm whether data has been improperly altered or destroyed. Process for responding to security incidents. Contingency plans to respond to emergency. Process to backup and retrieve data. Disaster recovery plan. Procedures to enable continuation of operations in emergency mode. (45 CFR ) System Glitches System Glitches Dropped or misfiled data. Added or corrupted data. Broken or lost links. Erroneous time entries. Inability to communicate accurately with other systems. Lost data. Corrupted data. Failed transmission or display. System locks. Blue screen of death. Others? Poor System Design Data input requires too many screens or clicks. Data is hidden in multiple fields. System layout is not intuitive. Insufficient instructions, titles, or descriptions. Templates are inapplicable, insufficient, or too burdensome. Dense pull-down menus. Input boxes are too close. Others? Poor System Design Information overload Too many screens. Too much data. Alert fatigue Too many irrelevant alerts. May disregard alerts. May turn off or override function. Complacency May rely inappropriately on EHR data instead of obtaining or verifying data. * May be used against you in malpractice action. 4

5 Entering incorrect data in patient s chart. Typing error Error in data Entering or retrieving info from the wrong patient s chart. Garbage In Garbage Out Case Study: Rad tech mistakenly uploaded CT images showing tumor in Patient X s kidney into Patient Y s chart. Consequently, Patient Y was seen by multiple specialists and underwent a nephrectomy even though no tumor was noted during the surgery. Cloning or cut and paste entries. Drop down templates may default to prior entries or indicate situations are resolved. May create inaccurate record. May misstate services performed. May perpetuate any errors. May include irrelevant info. May create impression that you failed to do proper exam or evaluation. Checking the wrong box. Accidentally touching the wrong screen, e.g., where boxes are in close proximity. Misreading the screen. Case Study: Physician intended to prescribe up to five 10 mg amitripyline nightly, but mistakenly checked the box for 100 mg. The pharmacy called the physician s office to check dosage, but the nurse was busy and told the pharmacy to dispense the prescription as written. The patient overdosed. Signing records without carefully reviewing them. Case Study: Patient gave his medication list (which included prescription for 0.25 mg Xanax tablets for anxiety) to the medical assistant ( MA ) who was responsible for rooming the patient. The MA erroneously recorded 2 mg Xanax tabs prn. The physician signed the chart without reviewing the dosage. After taking the erroneous dosage, the patient fell asleep while driving and crashed into a tree. Failing to close a chart or log out. Subsequent data may be input in wrong patient s chart. Subsequent data may be input under the wrong provider s name. Unauthorized person may access under your name. Ensure patient encounters are locked when completed. 5

6 : Beware: Cut and paste or cloning notes. Autofills. Inapplicable templates. Log in/log out. Turning off or ignoring: Alerts Clinical decision tools Shadow or paper charts. Assume that whatever you write will be available and subject to discovery. Review entries before authenticating. Don t authenticate en masse. Question EHR info that does not seem right. E.g., abnormally high medication dosages; images that are inconsistent with patient s anatomy; etc. Alerts, warnings, or clinical guides. Respond promptly to errors. Don t assume someone else will fix an error. Document corrections or late entries as such. Report problems. May be able to improve system to eliminate errors. Communication with Patients Communication with Patients EHR likely saves all communications. Bad is saved along with the good. Patients may communicate electronically. May create unintended patient relationship. Patients may assume providers receive and read electronic communications immediately. Canned or delayed response may endanger or annoy patients. Data entry takes away time with patients. Data entry distracts providers. May interfere with effective examination an interaction. May alienate patients. Communication with Patients Explain the EHR benefits to the patient. Position EHR screen to allow interaction with patient, including eye contact. Use the EHR screen when interacting with patient. 6

7 Communication with Patients Consider using scribes, medical assistants, or others to enter most data. Benefits. Some studies suggest that use of scribes can enable provider to see additional patients each day. May help create more thorough or accurate notes. May help improve coding and capture more revenue. May help remind physician or catch errors. Additional revenue may help cover cost of scribe. Disadvantages. Some providers believe additional person may inhibit patient s willingness to communicate. Communication with Patients If communicate with patient electronically: Beware what you write; it will likely be saved. Beware offering advice or prescribing without examination. Beware communicating across state lines. Advise patient that s may not be reviewed immediately through auto reply or other means. Patients should not rely on communications. For urgent matters, contact the provider by telephone or call 911. Include appropriate disclaimers on website. Patient relationship not created until appointment. E-communications may not be reviewed immediately. Check inbox regularly. Communication with Patients Comply with HIPAA. Open networks are generally not secure. Text messaging To patients To others (staff, providers, payors, business associates, etc.) HIPAA generally requires encryption unless: If communication to patient, Provider warns patient of security risks, and Patient requests . If communication to others, comply with Security Rule. (45 CFR ; 78 FR 5634) Duty Breach of the duty Causation Damages Litigating malpractice cases Discovery Evidence Defenses Cost EHR may significantly impact malpractice litigation Duty Arises from provider-patient relationship. EHR has potential to create unintended relationships. communications with potential patients, including responding to questions over internet. Web communications with potential patients, including allowing patients to schedule appointments without direct contact. Consulting providers who appear in EHR. Beware any contacts with existing or potential patients unless you want to assume responsibility. 7

8 This image cannot currently be displayed. Duty Provider must exercise applicable standard of care. EHR may modify the standard of care. Standard of care may require use of EHR Standard of care may require providers to: Review and act on info in EHR. Review and act on info maintained in health info exchanges or other external databanks. Protocols and clinical decision making tools in EHR may evidence the standard of care. National standard of care. We will have to see how this law develops. Breach of Duty EHR contains more info that may be used to show compliance with or breach of standard of care. Info re diagnosis, treatment or lack of thereof. Past medical history or condition. Communications with patients, providers or others. Alerts, clinical guidelines, and use or disregard of same. Metadata, including: Record changes or modifications. Time stamps. Disabling or overriding alerts or clinical decision support tools. Causation EHR provides more data that may help confirm or defend against causation. Provider entries. Electronic monitoring. Test and diagnostic images. Time stamps. Litigation Volume of records and evidence. Discovery of electronic records, including metadata. Needed experts. Allegations of altered records. Disputes over timing of actions. Disputes over parties involved. Other? May tend to: Complicate case. Increase cost of litigation. Reduce chance of summary judgment. Confuse jury. Increase settlement value. Info mistakenly disclosed to the wrong persons. Staff accessing info they had no authority to access. Hacking. Theft of computers or mobile devices. Loss of unencrypted data. Exposure of data on internet or otherwise due to failure of appropriate firewalls. Other? 8

9 Privacy tort Invasion of privacy Disclosure of private facts Infliction of emotional distress Negligence or malpractice Negligence per se Breach of contract Business associate agreement Other? Privacy statute violation May involve more than health info HIPAA violation No private lawsuits May reflect standard of care Case Study: In October 2011, thieves broke in and stole laptops containing unencrypted health info of 4,000,000+ patients of Sutter Health in Sacramento, California. Patients filed a class action alleging violations of California s Confidentiality of Medical Information Act. HIPAA Criminal Penalties Criminal Penalties: applies if employees or others obtain or disclose protected health info from covered entity without authorization. Conduct Knowingly obtain info in violation of the law Committed under false pretenses Intent to sell, transfer, or use for commercial gain, personal gain, or maliciousharm (42 USC 1320d 6(a)) Penalty $50,000 fine 1 year in prison 100,000 fine 5 years in prison $250,000 fine 10 years in prison Conduct HIPAA Civil Penalties Did not know and should not have known of violation Violation due to reasonable cause Willful neglect, but correct w/in 30 days Willful neglect, but do not correct w/in 30 days Penalty $100 to $50,000 per violation Up to $1.5 million per type per year No penalty if correct w/in 30 days OCR may waive or reduce penalty $1000 to $50,000 per violation Up to $1.5 million per type per year No penalty if correct w/in 30 days OCR may waive or reduce penalty $10,000 to $50,000 per violation Up to $1.5 million per type per year Penalty is mandatory At least $50,000 per violation Up to $1.5 million per type per year Penalty is mandatory HIPAA Civil Penalties New York & Presbyterian Hosp and Columbia University pay $4,800,000 ephi of 6,800 patients exposed to searches on internet. Concentra Health pays $1,725,220 Stolen unencrypted laptop. QCA Health Plan pays $250,000 Stolen unencrypted laptop. Skagit County, Washington pays $215,000 ephi of1,500 individuals was accessible on unsecured server. Adult & Pediatric Dermatology pays $150,000 Stolen USB containing ephi of 2200 patients. Affinity Health Plan pays $1,215,780 Failed to erase copiers before returning to leasing company. Wellpoint pays $1,700,000 Web based application left e-phi exposed on internet. Hospice of North Idaho pays $50,000 Stolen unencrypted laptop containing ephi of 441 patients. Security Rule Violations Insufficient safeguards Insufficient policies Insufficient risk analysis (45 CFR ) HIPAA Civil Penalties Penalties can add up quickly. Loss of each patient s info = violation E.g., loss of laptop containing 2000 patient names = 2000 violations. Failure to implement required policy or safeguard = violation for each day requirement was not implemented. E.g., Failure to implement security rule requirement = 3,348 violations and counting. Under HITECH Act, affected individuals will receive a portion of any fines and penalties. Watch for new regulations. Must self-report breach of unsecured protected health info. HIPAA Under breach notification rule, must report breach of unsecured protected health info to: Affected individuals Report within 60 days. HHS If breach involves less than 500 persons, must report within 60 days after the end of the calendar year. If breach involves 500 or more persons, must report immediately. Added to wall of shame. Media, if breach involves more than 500 persons in a state. Report within 60 days. (45 CFR et seq.) 9

10 This image cannot currently be displayed. HIPAA Under HIPAA, the unauthorized access, use or disclosure of protected health info in violation of the privacy rule is presumed to be a reportable breach unless the provider can demonstrate a low probability that the data has been compromised based on an assessment of: The entity who received the info. The nature of the info. Whether the info was actually accessed or disclosed. Actions taken to mitigate an improper access, use or disclosure. Exceptions Certain inadvertent internal disclosures, or Person receiving info would not be able to retain the info. Comply with HIPAA. Implement safeguards required by the HIPAA privacy and security rules. Administrative safeguards Technical safeguards Physical safeguards Timely respond to a potential breach. Mitigate Investigate Sanction workforce members Correct situation Report breach, if required. Preventive Medicine: 1. Minimizes chances of breach. 2. May allow you to avoid penalties if there is a breach. May avoid HIPAA penalties if: 1. Do not act with willful neglect. 2. Correct the situation within 30 days. (45 CFR ) Administrative safeguards Appoint a security officer. Conduct and document risk analysis. Sanction employees for violations. Procedures for regularly reviewing system activity, e.g., audit logs, access reports, security incident tracking. Workforce access processes. Info access processes. Plan for responding to security incident. Data backup and disaster recovery plan. Emergency mode operation plan. Train workforce about security. Execute business associate agreements. (45 CFR ) Physical safeguards Physical access controls. Facility security plan. Access control and validation procedures. Maintenance records concerning physical components. Workstation use. Workstation security. Device and media controls. Disposal plans. Media reuse processes. Track movement of media and responsible persons. Data backup and storage before movement. (45 CFR ) Technical safeguards Policies and procedures to ensure only appropriate persons access ephi. Unique user identification to track users. Emergency access procedures. Automatic logoff. Encryption and decryption. Audit and tracking functions. Processes to authenticate ephi and detect deficiencies. Processes to authenticate users, e.g., passwords. Processes to protect data during transmission, e.g., encryption. Timely respond to a potential breach. Act immediately to mitigate the breach. Retrieve, remove, or destroy the info. Confirm recipients have not and will not further disclose info. May enable you to avoid breach report. Investigate and document investigation. Scope of problem. Disclosures and redisclosures. Sanction workforce members. Punishment should fit the crime. Correct situation within 30 days. May avoid penalties if no willful neglect and correct within 30 days. Report breach, if required. (45 CFR ) 10

11 played. Fraud and Abuse False Claims Act Cannot knowingly submit a false claim for payment to govt. Claims for services that were not provided or different than claimed. Failure to comply with conditions of payment. Failure to comply with quality of care. Must report and repay overpayments within 60 days. Overpayment = money received to which you were not entitled. Penalties Repayment plus interest $5,500 to $11,000 per claim Civil monetary penalties of: $10,000 3x damages Exclusion from Medicare/Medicaid Qui tam lawsuit Case Study: 2012 NY Times investigation found surge in Medicare spending by those hospitals that implemented EHR. Fraud and Abuse Loss of data needed to support claims. Documenting services improperly, including documenting services that were never performed. Cut and paste or cloning notes. Inappropriate templates or system functions. Data entry errors. Case Study: ED physician conducts exam from the patient s doorway without physical exam. Using check boxes in EHR, the EHR represented that actual examination had occurred. (18 USC 1347; 42 USC 1320a-7k(d)) ) Minimizing Liability Minimizing Liability Ensure you have the appropriate EHR system. Research your options. Evaluate several EHR options through site visits at other providers who are using the system. Involve clinical staff and other users. Customize the EHR to your operations. Confirm compatibility with other relevant systems. Confirm that it is meaningful use certified. Ensure that it has functionality for anticipated HIPAA rules. 11

12 Minimizing Liability Minimizing Liability Carefully review software contracts. Ensure they obligate the vendor to: Appropriate customization. Training. Ongoing support. Warranties and uptime guarantees. Updates to comply with regulations. Beware clauses designed to protect the vendors. Nondisclosure agreements. Hold harmless or indemnification clauses. Liability caps. Be careful during implementation. * Most problems occur during implementation! Talk to other providers who have implemented the system. Test the system. Ensure old records are transitioned accurately. Train personnel appropriately. Caution: physicians don t like to ask for help. Expect and plan for glitches. Build in redundancies and safeguards. Monitor data and functions carefully during initial stages. Report and correct system problems. Remember Be patient and willing to learn Additional Resources 12

13 Questions Kim C. Stanger

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014 HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding

More information

HIPAA for Business Associates

HIPAA for Business Associates HIPAA for Business Associates February 11, 2015 Teresa D. Locke This presentation is similar to any other legal education materials designed to provide general information on pertinent legal topics. The

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Outline. Outline. What is HIPAA? I. HIPAA Compliance II. Why Should You Care? III. What Should You Do Now?

Outline. Outline. What is HIPAA? I. HIPAA Compliance II. Why Should You Care? III. What Should You Do Now? Outline MOR-OF Education and Medical Expo August 23, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. HIPAA Compliance II. Why Should You Care? A. Market Pressure

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653

Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653 Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653 rusty@husemanhealthlaw.com use e Health care law firm fighting

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation WHY YOU NEED TO COMPLY. HIPAA UPDATE 2014: WHY AND HOW YOU MUS T C OMPL Y 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its longawaited Omnibus Rule 2 implementing regulations

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

HIPAA Compliance. 2013 Annual Mandatory Education

HIPAA Compliance. 2013 Annual Mandatory Education HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Tatiana Melnik Tampa, FL 734.358.4201 www.melniklegal.com

Tatiana Melnik Tampa, FL 734.358.4201 www.melniklegal.com 1 Outline HCDA General Membership Meeting September 23, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. What is HIPAA? II. Why Should You Care? A. B. Regulatory

More information

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C. HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results

More information

HIPAA in an Omnibus World. Presented by

HIPAA in an Omnibus World. Presented by HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Disclaimer 8/8/2014. Current Developments in Privacy and Security Rule Enforcement

Disclaimer 8/8/2014. Current Developments in Privacy and Security Rule Enforcement Office of the Secretary Office for Civil Rights () Current Developments in Privacy and Security Rule Enforcement Michigan Medical Billers Association Andrew C. Kruley, J.D. Equal Opportunity Specialist

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

Presented By: OHA Insurance Solutions, Inc.

Presented By: OHA Insurance Solutions, Inc. Presented By: OHA Insurance Solutions, Inc. GOAL This course is designed to promote awareness of the importance of appropriate electronic medical record (EMR) and non-electronic charting to both professional

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA/HITECH: A Guide for IT Service Providers HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

Industry leading Education Todays Webinar

Industry leading Education Todays Webinar Compliance Simplified Achieve, Illustrate, Maintain Industry leading Education Todays Webinar Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Certified Partner

More information

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013 Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative

More information

What s New with HIPAA? Policy and Enforcement Update

What s New with HIPAA? Policy and Enforcement Update What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

Proofpoint HIPAA Breach Report:

Proofpoint HIPAA Breach Report: Proofpoint HIPAA Breach Report: An Analysis of HITECH Breach Notifications and Settlements, Q1 2013 Healthcare Industry Update threat protection compliance archiving & governance secure communication Contents

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013 HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

HIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer

HIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer HIPAA LIAISON MEETING PRESENTAITON August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer Current State of HIPAA Enforcement Content Contributor Abby Bonjean, Investigator Office for

More information

LMHS COMPLIANCE ORIENTATION Physicians and Midlevel Providers. Avoiding Medicare and Medicaid Fraud & Abuse

LMHS COMPLIANCE ORIENTATION Physicians and Midlevel Providers. Avoiding Medicare and Medicaid Fraud & Abuse LMHS COMPLIANCE ORIENTATION Physicians and Midlevel Providers Avoiding Medicare and Medicaid Fraud & Abuse Revised 06/03/2014 LMHS COMPLIANCE PROGRAM 6/30/2014 2 Chief Compliance Officer Catherine A. Kahle,

More information

New Privacy Laws Impacting the Health Care Work Place

New Privacy Laws Impacting the Health Care Work Place New Privacy Laws Impacting the Health Care Work Place Presented by Thomas E. Jeffry, Jr., Esq. Arent Fox LLP Washington, DC New York, NY Los Angeles, CA November 12 & 19, 2009 Overview 1. Overview of California

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected

More information

Security Compliance, Vendor Questions, a Word on Encryption

Security Compliance, Vendor Questions, a Word on Encryption Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org

More information

HIPAA Update Focus on Breach Prevention

HIPAA Update Focus on Breach Prevention HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

Outline. Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 7/10/2014

Outline. Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 7/10/2014 LeadingAge Florida s 50 th Annual Convention and Exposition Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 James Robnett Special Agent in Charge

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

Violation Become a Privacy Breach? Agenda

Violation Become a Privacy Breach? Agenda How Does a HIPAA Violation Become a Privacy Breach? Karen Voiles, MBA, CHC, CHPC, CHRC Senior Managing Consultant, Compliance Agenda Differentiating between HIPAA violation and reportable breach Best practices

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

THE HIGH PRICE OF MEDICAL RECORD PRIVACY BREACHES

THE HIGH PRICE OF MEDICAL RECORD PRIVACY BREACHES THE HIGH PRICE OF MEDICAL RECORD PRIVACY BREACHES Melissa D. Berry The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position

More information

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37. Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and

More information

HIPAA WEBINAR HANDOUT

HIPAA WEBINAR HANDOUT HIPAA WEBINAR HANDOUT OCR Enforcement Tools Voluntary corrective action Resolution Agreement and Payment CMPs Referral to DOJ for criminal investigation Resolution Agreements Contract signed by HHS and

More information

C.T. Hellmuth & Associates, Inc.

C.T. Hellmuth & Associates, Inc. Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.

More information

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

More information

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

HIPAA Security Checklist

HIPAA Security Checklist HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300

More information

The MC Academy The Employee Benefits and Executive Compensation Series. HIPAA PRIVACY AND SECURITY The New Final Regulations

The MC Academy The Employee Benefits and Executive Compensation Series. HIPAA PRIVACY AND SECURITY The New Final Regulations The MC Academy The Employee Benefits and Executive Compensation Series HIPAA PRIVACY AND SECURITY The New Final Regulations June 18, 2013 Overview Background Recent Changes to HIPAA Identifying Business

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

HIPAA & HITECH AND THE DISCOVERY PROCESS

HIPAA & HITECH AND THE DISCOVERY PROCESS HIPAA & HITECH AND THE DISCOVERY PROCESS HEATHER L. HUGHES, J.D. U.S. Legal Support, Inc. 363 North Sam Houston Parkway East, Suite 900 Houston, Texas 77060 (713) 653-7100 State Bar of Texas 8 th ANNUAL

More information

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE THIS AGREEMENT, effective, 2011, is between ( Provider Organization ), on behalf of itself and its participating providers ( Providers

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014 HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014 Introduction The HIPAA Privacy Rule establishes the conditions under which Covered Entities

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2

More information

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

New privacy and security requirements increase potential legal liability and jeopardize brand reputation.

New privacy and security requirements increase potential legal liability and jeopardize brand reputation. New privacy and security requirements increase potential legal liability and jeopardize brand reputation. Protect personal health information in motion, in use and at rest with HP access, authentication,

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Presented by: Gina L. Campanella, JD, MHA Rules that Control Privacy A collection of laws and regulations including:

More information

HIPAA Security Series

HIPAA Security Series 7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information