Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification"

Transcription

1 Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices Notice of Privacy Practices Uses and disclosures consistent with Notice of Privacy Practices Health plans are required to develop and distribute a notice that provides a clear explanation of privacy practices and an individual s privacy rights. Use and disclosure of PHI must be in a manner that is consistent with the health plan s Notice of Privacy Practices. Uses and disclosures must be outlined in Notice of Privacy Practices. Privacy Policy for Documentation of Compliance Activity Document retention Policy and procedures for document retention should be kept for a minimum of six years. Privacy Policy for Limitation on Access Identification of firewall workforce members Workforce member training A health plan must identify (by name or classification) the persons or classes of persons within its workforce who need access to PHI to carry out their duties. The health plan must also identify individuals who can access PHI, but may not necessarily do so as part of their job functions (e.g., CFO, IT personnel). The health plan must also identify the categories of PHI to which those persons or classes of persons need access in order to fulfill their job responsibilities, and should determine whether any appropriate limitations should be applied to that access. In addition, the health plan must take steps to ensure that only those persons or classes of persons identified as firewall workforce members have access to the PHI identified. Include list in policies and procedures. A covered entity is required to train all members of its workforce on the health plan s particular policies and procedures related to PHI under HIPAA, as necessary and appropriate PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

2 according to the function of each member s position within the workforce. Develop policies, procedures, forms, and training. Minimum Necessary Uses and Disclosures of PHI Recurring or routine uses or disclosures of PHI Use and disclosure of PHI to plan sponsor The health plan and plan sponsor shall take reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose when using or disclosing PHI or seeking PHI from another covered entity. A health plan must have policies and procedures for disclosures of PHI that are routine and recurring to limit the PHI that it discloses to the minimum necessary for the intended purpose. Health plan must obtain required written certification from plan sponsor. Privacy Policies for Handling Individual Rights Confidential communications Right of individual to request restriction on use or disclosure of PHI Right of individual to access own PHI Termination of restriction on use or disclosure of PHI Right of individual to request an amendment PHI that is incomplete or incorrect Individuals may request to receive PHI communications by alternative means or at alternative locations. Develop policies, procedures, and forms. Individuals have a right to request restrictions on uses and disclosures of PHI about the individual to carry out treatment, payment, and health care operations, and disclosures made to family members or persons who are involved in the health care of the individual. Develop policies, procedures, and forms. Individuals have the right to review or obtain copies of their own PHI. Develop policies, procedures, and forms. Develop policies, procedures, and forms. Individuals have the right to amend or correct their PHI if it is incomplete or incorrect, subject to some exceptions. Health plan is not required to amend PHI, but if not amended must include information about the request to amend if the PHI is transmitted to another entity. Develop policies, procedures, and forms. Right to request an accounting of disclosures. Individuals have the right to request an accounting of disclosures that are other than PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

3 Privacy Policies and Procedures for Using and Disclosing PHI treatment, payment and health operations that are performed through an electronic health record. Develop policies, procedures, and forms. Uses and disclosures of PHI when individual is present Limitations on uses and disclosure of PHI when individual not present Determination as to whether authorization is valid Verification of individuals who request PHI Personal Representatives Uses and disclosures of PHI to family members, relatives, close personal friends, or others authorized by individual (Personal Representatives) Terminating a restriction on the use or disclosure of PHI If the individual is present, the covered entity may use or disclose PHI if the covered entity obtains the individual s consent, provides an opportunity to object, or determines there is no objection based on circumstances (e.g., with a translator). If the individual is not present, the health plan may determine whether the disclosure is in the best interests of the individual and, if so, disclose only the PHI that is directly relevant to the person's involvement with the individual's care or payment related to the individual's healthcare or needed for notification purposes (e.g., individual is incapacitated). Develop policies and procedures. Authorization is required to certain uses and disclosures of PHI. Develop policies and procedures for determining if the authorization provided is valid. Develop policies and procedures for the verification of the identity of those requesting PHI. Include policies and procedures for: employee, spouse, domestic partner, civil union partner, older children, parent seeking the PHI of a minor child, authorized personal representative, public officials, and person involved in individual s care. Personal Representative may request PHI on individual s behalf. Individual must provide written designation. Policy and procedure should exist for verification of the identity of the Personal Representative requesting the PHI. Develop policies, procedures, and forms. Uses and disclosures for underwriting and A plan that performs underwriting (including but not limited to setting a plan s premium, PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

4 related purposes Limited data sets and data use agreements De-identification of PHI employee contributions or granting a premium reduction to an individual) may not use or disclose protected health information that is genetic information for underwriting purposes, except in the case of long term care coverage. Ensure that data use agreements cover the use and disclosure of limited data sets. Although still PHI, a covered entity may use and disclose limited data sets. Develop policies and procedures. De-identified Information is health information that does not identify an individual from which 18 specific identifiers have been removed and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual. Policies and procedures for de-identifying PHI should include an explanation of identifiers. Develop policies and procedures. Re-identification of PHI Permitted uses and disclosures Outline permitted uses and disclosures of PHI. Uses and disclosures pursuant to an authorization Deceased individuals Outline permitted uses and disclosures of PHI by the health plan allowed pursuant to an authorization. Develop policies, procedures, and forms. Plan may disclose PHI of a deceased person to family or other individuals involved in the person s care prior to their death unless doing so is inconsistent with any prior expressed preference of the deceased, if known, unless individual has been deceased for 50 or more years. Privacy Policies and Procedures for Disclosure for Legal or Public Policy Reasons Whistleblowers Disclosures by workforce members who are victims of a crime Whistleblowers are protected from disclosure of PHI to oversight authorities. Develop policies and procedures. Disclosure of PHI to law enforcement or government agencies in certain cases for victims of a crime. PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

5 Uses and disclosures of PHI for judicial and administrative proceedings Uses and disclosures of PHI when required by law (e.g., disclosure to HHS when plan audited for compliance with HIPAA) Uses and disclosures of PHI for public health activities Disclosures of PHI about victims of abuse, neglect, or domestic violence A health plan may disclose PHI for judicial and administrative proceedings with notice to the individual. Disclosures for health oversight activities Disclosures for law enforcement purposes Uses and disclosures for cadaveric organ, eye or tissue Disclosures for Armed Forces activities Disclosures for workers compensation purposes Privacy Mini-Security Policies and Procedures Reasonable safeguards to protect PHI from unintentional use or disclosure Must have reasonable safeguards to protect PHI from unintentional use or disclosure of PHI. Miscellaneous Privacy Policies and Procedures Prohibition on conditioning treatment, payment, or healthcare operations on provision of authorization Business Associate contracts Develop policies, procedures, and model agreements outlining the handling and use of PHI PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

6 by Business Associate. Obtain/update Business Associate Agreement ( BAA ) from each Business Associate. Handling complaints Sanctions for violations Mitigation of harm Refraining from intimidating or retaliatory acts Complaints should be sent to, investigated, and tracked by the Privacy Officer. Develop policies, procedures, and forms. Must have sanctions against workforce members that violate privacy policies and procedures. Develop policies, procedures, and forms. Must, to extent practicable, mitigate any known harmful effect of a use or disclosure of PHI in violation of its own policies and procedures or the HIPAA regulations by its own workforce members or a business associate. May not intimidate, threaten, coerce, discriminate against, or take any other retaliatory action against an individual who exercises a HIPAA right or participates in the filing of a complaint either under the covered entity s own policies and procedures or with HHS. Develop policies and procedures. Include in training. Security Administrative Safeguard Policies and Procedures Security Management Process: Risk Management Security Management Process: Risk Analysis Security Management Process: Sanction Policy Security Management Process: Information System Activity Review Assign Security Responsibility (Security Official) Workforce Security: Authorization and/or Implement security measures to reduce the risk of security threats to ephi. Develop procedures. Document compliance. Conduct an accurate assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ephi. Develop procedures. Document compliance. Apply appropriate sanctions against workforce members who fail to comply with the plan s Security policies and procedures. Implement procedures to regularly review information system activity records, such as audit logs, access reports, and security-incident tracking reports. Develop procedure. Appoint a security official to be responsible for development and implementation of Security policies and procedures. Document compliance. Maintain procedures to authorize and/or supervise workforce members who work with ephi or in areas where ephi might be accessed. Develop procedure or replace with reasonable, PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

7 Supervision Workforce Security: Workforce Clearance Procedure Workforce Security: Termination Procedures Information Access Management: Access Authorization Information Access Management: Access Establishment and Modification Security Awareness and Training: Protection from Malicious Software Security Awareness and Training: Log-in Monitoring Security Awareness and Training: Security Reminders appropriate, and equivalent alternative. Provide procedures to determine whether a particular workforce member s access to ephi is appropriate. Develop procedure or replace with reasonable, appropriate, and equivalent alternative. Provide procedures to terminate access to ephi when workforce member s employment terminates or change in job duties necessitates change in necessary access to ephi. Develop procedure or replace with reasonable, appropriate, and equivalent alternative. Provide policies and procedures to permit access to ephi (e.g., access to workstation, transaction, program, or process). Develop policy and procedure or replace with reasonable, appropriate, and equivalent alternative policy and procedure. Provide policies and procedures that are based upon health plan s access authorization policies to establish, document, review, and modify a user s right of access to a workstation, transaction, program, or process with PHI. Update policy and procedure or replace with reasonable, appropriate, and equivalent alternative policy and procedure. Provide procedures to guard against, detect, and report malicious software. Develop procedure or replace with reasonable, appropriate, and equivalent alternative procedure. Provide procedures to monitor log-in attempts and to report discrepancies. Develop procedure or replace with reasonable, appropriate, and equivalent alternative procedure. Provide periodic information security reminders. Document compliance or document compliance with reasonable, appropriate, and equivalent alternative. Note: While providing periodic Security reminders may be addressable, health plans are required to provide periodic training. Security Awareness and Training: Password Management Security Incident Procedures: Response and Reporting Provide procedures for creating, changing, and safeguarding passwords. Develop procedure or replace with reasonable, appropriate, and equivalent alternative procedure. Implement procedures to identify and respond to suspected or known security incidents, mitigate to the extent practicable, harmful effects of known security incidents, and document PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

8 incidents and their outcomes. Develop policy and procedure. Contingency Plan: Data Backup Plan Contingency Plan: Disaster Recovery Plan Contingency Plan: Emergency Mode Operation Contingency Plan: Testing and Revision Procedures Contingency Plan: Applications and Data Criticality Analysis Business Associates Evaluation Update and maintain procedures to create and maintain retrievable exact copies of ephi. Develop procedure. Establish (and implement, as needed) procedures to restore any loss of ephi. Develop procedure. Establish (and implement, as needed) procedures to enable continuation of critical business processes and for protection of ephi while operating in the emergency mode. Develop Procedure. Provide procedures for periodic testing and revision of contingency plans. Develop procedure or replace with reasonable, appropriate, and equivalent alternative procedure. Assess the relative criticality of specific applications and data in support of other contingency plan components. Document compliance with procedure or with reasonable, appropriate, and equivalent alternative. Establish written contracts or other arrangements with Business Associates ( BAs ) (or subcontractors) that documents satisfactory assurances that the BA will appropriately safeguard the information. Document compliance. Establish a plan for periodic technical and non-technical evaluation of the standards under this rule in response to environmental or operational changes affecting the security of ephi. Document compliance. Security Physical Safeguard Policies and Procedures Facility Access Control: Contingency Operations Facility Access Control: Facility Security Plan Provide procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. Develop procedure or replace with reasonable, appropriate, and equivalent alternative procedure. Provide policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft. Develop policy and procedure or replace PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

9 with reasonable, appropriate, and equivalent alternative policy and procedure. Facility Access Control: Access Control and Validation Procedures Facility Access Control: Maintenance Records Workstation Use: Function and Attributes Workstation Security: Function and Attributes Device and Media Control: Disposal Device and Media Control: Media Re-Use Device and Media Control: Accountability Device and Media Control: Data Backup and Storage Provide procedures to control and validate a person s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision. Develop procedures or replace with reasonable, appropriate, and equivalent alternative procedure. Provide policies and procedures to document repairs and modifications to the physical components of a facility, which are related to security (e.g., hardware, walls, doors, and locks). Develop policy and procedure or replace with reasonable, appropriate, and equivalent alternative policy and procedure. Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access. Develop policies and procedures. Implement physical safeguards for all workstations that access ephi to restrict access to authorized users. Document compliance. Implement policies and procedures to address final disposition of ephi, and/or hardware or electronic media on which it is stored. Implement procedures for removal of ephi from electronic media with PHI before the media are available for reuse. Develop procedures. Maintain a record of the movements of hardware and electronic media and the person responsible for its movement. Document compliance or document compliance with reasonable, appropriate, and equivalent alternative. Create a retrievable, exact copy of EPHI, when needed, before movement of equipment. Document compliance or document compliance with reasonable, appropriate, and equivalent alternative. PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

10 Security Technical Safeguard Policies and Procedures Access Control: Unique User Identification Access Control: Encryption and Decryption Access Control: Emergency Access Procedure Access Control: Automatic Logoff Person or Entity Authentication Audit Controls: Activity Logs Transmission Security: Integrity Controls Transmission Security: Encryption Assign a unique name and/or number for identifying and tracking user identity. Document compliance. Provide mechanism to encrypt and decrypt ephi that is stored. Document compliance or document replacement with reasonable, appropriate, and equivalent alternative. Implement procedures for obtaining necessary ephi during an emergency. Develop procedures. Provide procedures that terminate an electronic session after a predetermined time of inactivity. Develop procedures or replace with reasonable, appropriate, and equivalent alternative procedures. Implement procedures to verify that a person or entity seeking access to ephi is the one claimed. Develop procedure. Implement Audit Controls, hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ephi. Document compliance. Provide policies and procedures to establish security measures to ensure that electronically transmitted ephi is not improperly modified without detection. Develop policies and procedures or replace with reasonable, appropriate, and equivalent alternative procedures. Provide mechanism to encrypt ephi whenever deemed appropriate. Document compliance or compliance with reasonable, appropriate, and equivalent alternative. Breach Notification Risk assessment Notice of Breach to individuals, OCR, and media (if required) Must have policies and procedures in place to determine whether a breach exists. Develop policies, procedures, and forms. Should have model forms for tracking, investigating, and providing notification of Breach. Develop model forms. PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

11 Timeliness of Notification of Breach Notification of Breach methodology Should have process to provide timely notification including appropriate timing and process to obtain information from BA if BA experiences a breach. Documents providing methods for notifying individuals and OCR (and the media if required) Develop policies and procedures, including means to notify affected individuals or personal representatives and how to follow up if contact information is insufficient. Notification Content Notices must have specific content. Develop standard templates or forms. Note: This checklist is designed for use by employers sponsoring health plans. Additional requirements apply to other types of covered entities such as healthcare providers. PAGE GALLAGHER BENEFIT SERVICES, INC. JANUARY 2016

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA Security Checklist

HIPAA Security Checklist HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich HIPAA Audit Processes Erik Hafkey Rainer Waedlich 1 Policies for all HIPAA relevant Requirements and Regulations Checklist for an internal Audit Process Documentation of the compliance as Preparation for

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES TABLE OF CONTENTS A. Overview of HIPAA Compliance Program B. General Policies 1. Glossary of Defined Terms Used in HIPAA Policies and Procedures 2. Privacy

More information

Can Your Diocese Afford to Fail a HIPAA Audit?

Can Your Diocese Afford to Fail a HIPAA Audit? Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

OCR HIPAA AUDIT PROTOCOL PUBLISHED APRIL 2016

OCR HIPAA AUDIT PROTOCOL PUBLISHED APRIL 2016 OCR HIPAA AUDIT PROTOCOL PUBLISHED APRIL 2016 Please note: This chart is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to HIPAA.

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

More information

Policies and Compliance Guide

Policies and Compliance Guide Brooklyn Community Services Policies and Compliance Guide relating to the HIPAA Security Rule June 2013 Table of Contents INTRODUCTION... 3 GUIDE TO BCS COMPLIANCE WITH THE HIPAA SECURITY REGULATION...

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) HUMAN RESOURCES Index No. VI-35 PROCEDURES MEMORANDUMS TO: FROM: SUBJECT: MCC Personnel Office of the President Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance

More information

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook Introduction Per UCSC's HIPAA Security Rule Compliance Policy 1, all UCSC entities subject to the HIPAA Security Rule ( HIPAA entities ) must implement the UCSC Practices for HIPAA Security Rule Compliance

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

HIPAA Security and HITECH Compliance Checklist

HIPAA Security and HITECH Compliance Checklist HIPAA Security and HITECH Compliance Checklist A Compliance Self-Assessment Tool HIPAA SECURITY AND HITECH CHECKLIST The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires physicians

More information

DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES

DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES POLICIES AND PROCEDURES Subject: ADMINISTRATION OF HIPAA Effective Date: 12/15/03 Review Date: 6/8/06 Revision Date: 11/21/06 (All legal citations

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity

More information

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION HILLSDALE COLLEGE HEALTH AND WELLNESS CENTER Policy Preamble This privacy policy ( Policy ) is designed to address the Use and Disclosure

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA/HITECH: A Guide for IT Service Providers HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing

More information

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA Security Series

HIPAA Security Series 7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule

More information

Checklist for HIPAA Privacy Policy

Checklist for HIPAA Privacy Policy Checklist for HIPAA Privacy Verification of the Identity and Authority of the Client Requesting Disclosure of PHI There are a number of situations in which members of the workforce of the organization

More information

HIPAA: In Plain English

HIPAA: In Plain English HIPAA: In Plain English Material derived from a presentation by Kris K. Hughes, Esq. Posted with permission from the author. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub.

More information

Meaningful Use and Core Requirement 15

Meaningful Use and Core Requirement 15 Meaningful Use and Core Requirement 15 How can I comply the lack of time and staff... www.compliancygroup.com 1 Meaningful Use and Core Requirement 15 Meaningful Use Protection of Protected Health Information

More information

HIPAA Privacy Policy & Notice of Privacy Practices

HIPAA Privacy Policy & Notice of Privacy Practices HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the

More information

HIPAA PRIVACY POLICIES AND PROCEDURES

HIPAA PRIVACY POLICIES AND PROCEDURES HIPAA PRIVACY POLICIES AND PROCEDURES FOR MOTT COMMUNITY COLLEGE NOVEMBER 18, 2004 PREPARED BY: KUSHNER & COMPANY 2427 WEST CENTRE AVENUE PORTAGE, MICHIGAN 49024 (269) 342-1700 WWW.KUSHNERCO.COM EMPLOYEE

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

The Practical Guide to HIPAA Privacy and Security Compliance

The Practical Guide to HIPAA Privacy and Security Compliance The Practical Guide to HIPAA Privacy and Security Compliance By Kevin Beaver and Rebecca Herold Published by Auerbach Publications in December 2003 TABLE OF CONTENTS SECTION 1 HIPAA ESSENTIALS 1 Introduction

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Joseph Suchocki HIPAA Compliance 2015

Joseph Suchocki HIPAA Compliance 2015 Joseph Suchocki HIPAA Compliance 2015 Sponsored by Eagle Associates, Inc. Eagle Associates provides compliance services for over 1,200 practices nation wide. Services provided by Eagle Associates address

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Presented by: Gina L. Campanella, JD, MHA Rules that Control Privacy A collection of laws and regulations including:

More information

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures to protect and secure a covered entity s electronic information

More information

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 City of Pittsburgh Operating Policies Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 PURPOSE: To establish internal policies and procedures to ensure compliance

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

C.T. Hellmuth & Associates, Inc.

C.T. Hellmuth & Associates, Inc. Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.

More information

Harris County - Texas HIPAA Notice of Privacy Practices

Harris County - Texas HIPAA Notice of Privacy Practices Harris County - Texas HIPAA Notice of Privacy Practices Effective Date: September 23, 2013. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031 The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this

More information

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES SCHOOL DISTRICT OF BLACK RIVER FALLS 523.5 Exhibit NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 1 Policy Title: Information Privacy and Security Management Process IDENT INFOSEC1 Type of Document:

More information

An Effective MSP Approach Towards HIPAA Compliance

An Effective MSP Approach Towards HIPAA Compliance MAX Insight Whitepaper An Effective MSP Approach Towards HIPAA Compliance An independent review of HIPAA requirements, detailed recommendations and vital resources to aid in achieving compliance. Table

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Visa Inc. HIPAA Privacy and Security Policies and Procedures

Visa Inc. HIPAA Privacy and Security Policies and Procedures Visa Inc. HIPAA Privacy and Security Policies and Procedures Originally Effective April 14, 2003 (HIPAA Privacy) And April 21, 2005 (HIPAA Security) Further Amended Effective February 17, 2010, Unless

More information

Security Framework Information Security Management System

Security Framework Information Security Management System NJ Department of Human Services Security Framework - Information Security Management System Building Technology Solutions that Support the Care, Protection and Empowerment of our Clients JAMES M. DAVY

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

NOTICE OF HEALTH INFORMATION PRACTICES

NOTICE OF HEALTH INFORMATION PRACTICES NOTICE OF HEALTH INFORMATION PRACTICES Effective Date: April 14, 2003 Date Amended: 9/5/13 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO

More information

Krengel Technology HIPAA Policies and Documentation

Krengel Technology HIPAA Policies and Documentation Krengel Technology HIPAA Policies and Documentation Purpose and Scope What is Protected Health Information (PHI) and What is Not What is PHI? What is not PHI? The List of 18 Protected Health Information

More information

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013 HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com

More information

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515 Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 HIPAA NOTICE OF PRIVACY PRACTICES PLEASE REVIEW THIS NOTICE CAREFULLY. IT DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices Pueblo Radiology Medical Group, Inc. Pueblo Radiology Associates, Inc. Central Coast Radiology Associates, Inc. Santa Barbara Women s Imaging Center Effective Date: September

More information

State HIPAA Security Policy State of Connecticut

State HIPAA Security Policy State of Connecticut Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

HIPAA Security Matrix

HIPAA Security Matrix HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software

More information

Effective Date: March 23, 2016

Effective Date: March 23, 2016 AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

Healthcare Management Service Organization Accreditation Program (MSOAP)

Healthcare Management Service Organization Accreditation Program (MSOAP) ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC) Healthcare Management Service Organization Accreditation Program (MSOAP) For The HEALTHCARE INDUSTRY Version 1.0 Released: January 2011 Lee

More information

ITS HIPAA Security Compliance Recommendations

ITS HIPAA Security Compliance Recommendations ITS HIPAA Security Compliance Recommendations October 24, 2005 Updated May 31, 2010 http://its.uncg.edu/hipaa/security/ Table of Contents Introduction...1 Purpose of this Document...1 Important Terms...1

More information

HIPAA Policies and Procedures

HIPAA Policies and Procedures HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Original effective date: 2003 Effective date of last Revision: July 17, 2013 CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Caring Hospice Services of Connecticut Caring Hospice Services of New York

More information

Connecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement

Connecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement Connecticut Pipe Trades Health Fund Privacy Notice 2013 Restatement Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

The HIPAA Audit Program

The HIPAA Audit Program The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

HIPAA Notice of Privacy Practices Effective Date: 09/23/13

HIPAA Notice of Privacy Practices Effective Date: 09/23/13 HIPAA Notice of Privacy Practices Effective Date: 09/23/13 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

UAB MY HEALTH REWARDS BIOMETRIC SCREENING PROGRAM NOTICE OF HEALTH INFORMATION PRACTICES

UAB MY HEALTH REWARDS BIOMETRIC SCREENING PROGRAM NOTICE OF HEALTH INFORMATION PRACTICES UAB MY HEALTH REWARDS BIOMETRIC SCREENING PROGRAM NOTICE OF HEALTH INFORMATION PRACTICES 1 Effective Date: January 26, 2015 THIS NOTICE APPLIES TO THE UAB MY HEALTH REWARDS BIOMETRIC SCREENING PROGRAM

More information

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

The HIPAA Security Rule Primer Compliance Date: April 20, 2005 AMERICAN PSYCHOLOGICAL ASSOCIATION PRACTICE ORGANIZATION Practice Working for You The HIPAA Security Rule Primer Compliance Date: April 20, 2005 Printer-friendly PDF 1 Contents Click on any title below

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information