El Paso Integrated Physicians Group

Size: px
Start display at page:

Download "El Paso Integrated Physicians Group"

Transcription

1 El Paso Integrated Physicians Group Policy Name Policy Number HIPAA Compliance Program OP95 Effective Date 4/1/2014 Supersedes Policy Dated 9/20/2013 References: HIPAA, 2009 Hitech Act Amendments. Decision Health HIPAA Program builder and HIPAA Answer Book. POLICY All staff, contract providers and business associates of El Paso Integrated Physicians Group, P.A. (EPIPG) are required to comply with the requirements of HIPAA and other federal and state laws concerning the protection of private health information (PHI). Violations of HIPAA and other related laws may result in very stiff penalties PROCEDURE 1. Privacy Officer: EPIPG. shall assign a Privacy Officer. A copy of that assignment shall be maintained in the records of the practice. The Privacy Officer is responsible for the development of policies and procedures related to HIPAA and other privacy requirements. The Privacy Officer shall also oversee compliance activities related to privacy issues and shall service as the contact person for handling complaints related to HIPAA 2. Security Officer: EPIPG shall assign a Security Officer. A copy of that assignment shall be maintained in the records of the practice. The Security Officer is responsible for conducting and maintaining an assessment of information systems within the practice and resolving any security weaknesses that may be identified. The Security Officer is also responsible for conducting staff training related to information security and HIPAA requirements. 3. Annual Security Risk Analysis and Management Plan: Each year the Security Officer is responsible to conduct an extensive security risk analysis and develop a management plan to address the various risks. This process shall be documents in a Security Risk Analysis and Management Plan that shall be provided to the Practice Administrator. The plan shall address physical and electronic risks to information and ensure that all information related activities are in compliance with governmental requirements. 4. Notice of Privacy Practices: Each patient is to be provided a copy of EPIPG s Notice of Privacy Practices (NPP) upon the patient s first visit to our practice. HIPAA requires that, except in emergencies, we must make a good faith effort to obtain written acknowledgement that the patient received the NPP. If a signature is unable to be obtained or the patient refuses to sign, then the staff member responsible for providing the NPP must document why he/she could not obtain the signature. It is not necessary to obtain a new written acknowledgement after making a change to the NPP. When a new NPP is issued, it shall be updated on the EPIPG website(s). It shall also replace the old notices posted in the clinic. In addition, the new NPP notices shall be made available to patients as they return to the clinic for subsequent visits. The NPP will be provided upon asking to anyone who requests it, not just patients. Copies of all versions of the NPP must be retained for a minimum of six years. 5. Minimum Necessary Standard: Reasonable efforts are required to limit use and disclosure of individually identifiable protected health information (PHI) to the minimum

2 level necessary to comply with requests and meet the needs of the patient. To that end, it is expected that each employee and associate of EPIPG access, use, and disclose only the minimum amount of information necessary to accomplish their assigned tasks. The EMR system has been designed to limit access to those functions necessary to carry out the responsibilities of a specific role within the practice. However, the ability to access information within the system does not constitute a right to access or use that information. Access is allowed only if directly relevant to a specific role and to a patient for which an individual is legitimately involved. The following shall serve as guidelines for necessary access: A. Provider Staff: Provider staff shall limit their access to patients for which they have active involvement or for which they have been requested to review records for medical or operational reasons. Providers have generally unlimited access to the records for patients that are under their care or for which a medical consult has been requested. The only exception might be a private note within the EMR that may only be accessed by the producer of that note. They are to have limited access when accessing charts for other purposes, that access being limited to only the purpose for which they must review the chart. An example may be the conduct of a quality review. B. Medical Assistants and Other Clinical Staff (including residents/students): Medical Assistants shall limit their medical record access to patients for which they have active involvement, and only at such times as they are actively addressing the patient s needs. They may only access patient records while they are on duty in their assigned clinic. They may access records for their own provider or while covering for another provider. They may not access the charts of any patients for which they are not actively involved in assisting a provider, unless they have been assigned an administrative task by a supervisor or manager that requires such access. They may not access records of a friend, relative or staff member unless they are assisting their assigned provider in the care of that individual. This does not limit the ability to enter a telephone encounter if called by a relative or friend. C. Front Office Staff: Front office staff shall limit access to those areas of the chart necessary to complete scheduling, registration, out-processing and related functions. Members of the Front Office staff should not view progress notes or other clinical areas of the patient record, unless there is a necessity to obtain information on behalf of a patient or a member of the clinical staff. Front Office staff may not access records of a friend, relative or staff member unless they are actively involved in scheduling, registering or otherwise processing that record. D. Business Office Staff: Business Office staff generally shall operate within the claims area of the EMR software and should not routinely access clinical records accept as necessary to check coding or to obtain documents required by a third party payor. Business Office staff may not access records of a friend, relative or staff member unless they are actively involved in billing/collection activities, obtaining authorizations or otherwise engaged in assigned responsibilities related to that record. E. Administrative & IT Staff: The Administrator, the IS Coordinator, the President and the technical staff at Velocity (the EMR system host) are the only personnel authorized unlimited access to the EMR system. Each of these individuals is involved and/or responsible for all aspects of EMR system operations. The IS Coordinator and Velocity staff members are not authorized to use PHI as a function

3 of their IT responsibilities. However, due to the nature of their role, they will have frequent access to PHI. This access is only for the purpose of addressing technical system issues and is not construed to allow for review of or disclosure of PHI. The Administrator and President have the authority to access all components of the EMR system. However, their access to PHI is limited to only that information that is necessary to perform their required functions. The Administrator and President are the only individuals with the authority to determine access level permissions for the various roles. The IS coordinator is authorized to implement those permissions within the system. 6. Authorization to Release Information: Authorizations to release information are to comply with policy OP50 on the Release of Patient Information. EPIPG has engaged the services of Datafile (an external agency) to address requests for third party information release. The terms of that relationship are outlined in a contract that requires compliance with HIPAA and related laws and regulations. Other than routine document provision to third party payors for the purpose of obtaining certifications/authorizations and payment, information requests are generally to be routed through Datafile in accordance with the provisions of our agreement. Exceptions to the use of Datafile for release of information require the approval of the Clinic Manager, Administrator or President. 7. Request to Restrict PHI to Insurance: In accordance with HIPAA and related regulations, patients have the right to request restriction of their PHI to their insurance company if they, or someone else on their behalf, pays in full for the treatment or service out of their own pocket. EPIPG s requirement is that the patient completes a Request to Restrict Disclosure to Insurance form and payment is made prior to the receipt of the treatment or service. The amount of payment shall be the amount in the Self-Pay fee schedule. If the treatment or service requires a precertification, then the patient must complete the form and payment must be made prior to the time a precertification is sought. The Notice of Privacy Practices informs the patient that the form to make such a request is at the front desk. If any member of the staff is informed by the patient of such a request, he/she is responsible to inform the patient of the process. Prior to completion of the form and payment, the patient will need to be counseled by his/her provider on the possible impact of the requested restriction, to include a possible impact to future approvals/payment for treatment by the insurer. If a patient is in an HMO that does not allow the patient to pay out of pocket for items other than cost sharing, such as copayments, you may be required to inform the patient that he/she will need to visit a non-network provider to obtain the treatment/service. If the procedure is part of a bundled service, you must inform the patient of issues related to unbundling the service and its impact, or that the patient might need to pay for the entire bundle of services in order to restrict the PHI. Counseling related to this request shall be documented in the medical record. In this event, contact the Administrator for a review of the payor s contract with the practice. It will also be necessary to make the note a confidential note. within the Billing window in the progress note by clicking either the Visit Code or Procedure Code section of the note and clicking on Confidential Note. Select Do Not Send to Insurance as the note type. Also include a Global Alert in the EMR in order to warn personnel not to send records related to the applicable treatment or service to the insurance company. In addition, the visit must be classified as Non-billable immediately in order to ensure that a claim is not produced and forwarded by the business office. Front desk personnel are to notify the Clinic Manager upon a request for this restriction. The Clinic Manager is responsible for making sure that the all components of this procedure are followed and for notifying the Administrator of the request. The Clinic Manager shall also ensure that the form is scanned into the patient

4 record. 8. Request to Restrict PHI Other Than to Insurance: Patients have the right to request restriction of their PHI. Except for the insurance provision outlined above, EPIPG is not required to grant the request, though it is required to accept and respond to the request. If EPIPG agrees to the request, it must honor it and not release the affected PHI unless it is needed to provide emergency medical treatment to the patient, and the practice must request that the released PHI not be used beyond that purpose. Requests to restrict PHI may not be used to prevent use or disclosure if HHS requests the PHI in order to determine compliance or the use disclosure is otherwise required by law or to protect public health. If a patient requests a restriction of their PHI, they will need to complete a Request to Restrict disclosure of Information (Other than to Insurance) form. The Notice of Privacy Practices informs the patient that the form is available at the front desk. If any member of the staff is informed by the patient of such a request, he/she is responsible to inform the patient of the process. After completion of the form by the patient, it is to be provided to the Clinic Manager for review and presentation to the patient s primary physician at EPIPG for review. The Clinic Manager shall then provide the form along with any feedback from the physician to the Administrator. Only the Administrator or President is authorized to make a decision concerning the request for restriction. That decision shall be document on the form and scanned into the patient record. 9. Request to Amend PHI: Patients have the right to request that amendments be made to their PHI. EPIPG is not required to grant the patient s request. If the request is not granted, the patient has the right to file an appeal or to complain about the denial. A request to amend PHI must be sent to the practice in writing. The Notice of Privacy Practices instructs patients to mail their request to EPIPG, Attn: Privacy Officer at P.O. Box 3157, El Paso, TX If a patient wishes to deliver his/her written request in person, any member of the practice may accept it and provide it to the Privacy Officer. Once received, the Privacy Officer shall ensure the request is scanned into the patient s record and review the request with the provider responsible for production of the original record, or if not available, the President. EPIPG has 60 days to respond to the request. If there is no objection to the requested modification by the Provider or President, the Privacy Officer will ask him/her to document the change. The modification shall be entered into the most appropriate location in the chart based upon the requested change. This might include an entry directly into a progress note, an addition of an amendment to the progress note using the EMR s addendum feature, or scanning a document into the patient s record. Where necessary, a reference should be made to the amendment if it is not in the same location as the original item that was modified. The Privacy Officer shall ensure that the patient is notified of the change and shall obtain information and permission necessary to notify people with whom the change should be shared. The Privacy Officer shall ensure that these notifications are made as well as notifying anyone the practice is aware of that has the information and that might rely on the unmodified information to the detriment of the patient. EPIPG may also deny an individuals request for modification if it determines that the information or record that is the subject of the request: A. Was not created by EPIPG or an EPIPG business Associate, unless the requester provides a reasonable basis to believe that the originator of the PHI is no longer available to amend it. B. Is not part of a designated record set. C. Would not be available for inspection under the rules for access.

5 D. Is accurate and complete. The standard is not perfectin, but general accuracy and completeness. In the event that the practice does not agree to the request for amendment, the Privacy Officer shall inform the requestor in writing of the basis for the denial and inform him/her that he/she has the right to submit a written statement disagreeing with the denial (with information on how to file the statement) or if the individual does not submit a statement of disagreement, he she may ask that the EPIPG provide the request for amendment and the denial with any future disclosures of the information at issue. The written notice shall also inform the individual that he/she may complain to EPIPG or HHS, including the title and phone number of the EPIPG contact person designated to receive the complaint. All documents produced in relationship to the request and denial must be scanned into the patient s record, including the initial request, EPIPG s denial, the written statement disagreeing with the denial and EPIPG s rebuttal, if produced. If EPIPG produces a rebuttal, it must also provide a copy to the patient. These documents shall also be provided with future disclosures of the PHI at issue if the individual submitted a statement of disagreement or requested that his/her request be sent with disclosures. 10. Request for Confidential Communication: Patients have the right to make reasonable requests to receive PHI by alternative means or to an alternative location. The request must be in writing. The Notice of Privacy Practices informs the patient that a form is available at the front desk. If any member of the staff is informed by the patient of such a request, he/she is responsible to inform the patient of the process. The form to be used is the Confidential Communications Request form. Once complete, the form is to be provided to the Clinic Manager. The Clinic Manager will ensure that the request is scanned into the patient record and that a global alert is created to notify staff members of the request. The Clinic Manager will also ensure that the contact information in the medical record is modified to reflect the patient s choice. 11. Business Associates Agreement: EPIPG may engage the support of business associates that perform various functions on behalf of the practice. HIPAA considers a business associate of EPIPG to be an individual or entity that performs, on behalf of EPIPG, a function regulated by HIPAA or that perform services that involve the use or disclosure of individually identifiable protected health information. An employee of EPIPG is not considered a business associate, but another covered entity can be considered a business associate of EPIPG. A business associate of EPIPG must sign a business associate agreement with EPIPG. EPIPG has a standard business associate agreement that is to be used whenever possible. Use of another business associate agreement is permitted only if approved by the President or Administrator. Contractors that do not use or disclose PHI are not required to sign a business associate agreement under HIPAA requirements. Incidental disclosure, such as that which may be experienced by a janitorial service, does not require the initiation of a business associate agreement. It is the responsibility of the President or Administrator upon establishing a business relationship to determine whether or not a business associate agreement is required and to ensure that any such agreement meets all required elements to comply with HIPAA and EPIPG risk guidelines. 12. General Protection of PHI: All members of EPIPG s staff and its business associates have a responsibility to protect patient health information. This information may be kept in both written and electronic format. Information that is written should remain under the control of a staff member or business associate at all times unless it is in a controlled area where the general public is not allowed. Information kept at a nursing station at the clinic

6 should be face down or stored in such a manner that it is not easily viewed by others. Documents should not be left on printers or faxes in unsecured areas. Record repositories should be locked when not being accessed by authorized personnel. Staff members, other than providers or administrative staff should not be in possession of physical records outside of EPIPG offices without approval from a Manager, the Administrator or the President. Providers and Administrators should only be in physical possession of records outside of an EPIPG office when necessary for the business purpose they are conducting, such as transporting records between offices or records that are generated in the conduct of care outside of an EPIPG office. Any records that are removed from the office or produced outside of the office must be closely guarded to ensure against inadvertent disclosure. Information that is no longer required to be maintained should be shredded or placed in appropriate receptacles for confidential destruction. Staff must be cautious when discussing patient information in person or over the phones. These conversations should be kept as private as possible. 13. Computers and Portable Devices: The EMR system is the largest repository of EPIPG s protected health information. As such, access to the system must be closely guarded. EPIPG s system is hosted offsite by a third party which provides for numerous advantages. The servers on which our data resides are maintained in a highly secured facility and protected against both physical and cyber breach. The information that is being accessed in our EMR does not reside on our desktop or portable devices. This significantly reduces the risk of a physical data loss. The primary risk to EPIPG s electronic data lies in the safeguard of Usernames and Passwords to the network and the EMR program itself. EPIPG s policy OP35 provides specific instructions for the safeguard of information on computers and portable devices. All employees are required to be familiar and comply with the requirements of OP35 in order to protect this information resource. 14. Security Breach: HIPAA and the HITECH require that patients be notified by mail in the event a breach of unsecured (unencrypted) protected health information occurs, unless a risk assessment shows that there is a low probability that the protected health information has been compromised or the breach meets the exception of an unintended or inadvertent disclosure made by employees or authorized individuals at the same facility or where the PHI was disclosed to a person who would not reasonably be able to retain the disclosed information. A breach is defined as any unauthorized use or disclosure of unsecured PHI. In the event that a security breach occurs, the Administrator is to be immediately notified of the breach and any related details. The Administrator shall initiate a risk analysis of the breach to determine whether or not notification is required and who must receive notification. 15. Staff Education: All employees of EPIPG are required to receive and acknowledge that they understand training concerning HIPAA requirements and EPIPG security related policies and procedures. The Security Officer is required to provide training to all new employees within 14 days of the start of employment. The Security shall also provide continuing training as determined to be necessary based upon staff performance and knowledge. Security policies shall be retained on line and made available for staff review. 16. Violations: Violations of policies relating to private health information are very serious in nature. EPIPG is required to enforce these policies. Violations are categorized into three levels according to their severity.

7 A. Level I: A Level I Violation is accidental or because of a lack of privacy and security education. Examples include: Failing to sign off a computer terminal when leaving it unattended Accessing one s own record Requesting another employee to access one s own record Sharing passwords Corrective action for Level I Violations may include the following sanctions: Verbal counseling and training Written warning and training, dependent upon the severity of the violation B. Level II: A Level II Violation is a purposeful disregard of organizational policy or a repeated Level I Violation. Examples include: Accessing the record of a client without a legitimate reason Using another employee s access code without the employee s authorization Releasing patient data inappropriately Corrective action can include the following sanctions: Written warning and training Final warning and training, dependent upon the severity of the violation C. Level III: A Level III Violation is a malicious disregard of organization policies. Examples include: Releasing data for personal gain Destroying or altering data intentionally Releasing data with the intent to harm an individual or the organization Repeat Level II Violation Corrective action generally would result in termination of employment. Approval of the President is required prior to termination. DATE REVIEW/APPROVAL SIGNATURE

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

8.03 Health Insurance Portability and Accountability Act (HIPAA)

8.03 Health Insurance Portability and Accountability Act (HIPAA) Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of

More information

Whitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA

Whitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA Whitefish School District R PERSONNEL 5510 page 1 of 5 HIPAA Note: (1) Any school district offering a group health care plan for its employees is affected by HIPAA. School districts offering health plans

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY PLEASE READ THIS WEBSITE PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE, OR SUBMITTING ANY PROTECTED HEALTH INFORMATION OR PERSONALLY IDENTIFIABLE

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

HIPAA Training for Staff and Volunteers

HIPAA Training for Staff and Volunteers HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

HIPAA Employee Training Guide. Revision Date: April 11, 2015

HIPAA Employee Training Guide. Revision Date: April 11, 2015 HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address

More information

HIPAA Privacy Policy & Notice of Privacy Practices

HIPAA Privacy Policy & Notice of Privacy Practices HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the

More information

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

1. Privacy Officer shall mean the superintendent or the superintendent s designee.

1. Privacy Officer shall mean the superintendent or the superintendent s designee. POLICY TITLE: HIPAA Privacy Rule Compliance ABERDEEN SCHOOL DISTRICT #58 POLICY NO: 864 PAGE 1 of 4 PRIVACY RULE COMPLIANCE The federal Privacy Rule of the Health Insurance Portability and Accountability

More information

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain

More information

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective

More information

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc.

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc. Notice of Health Information Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE

More information

Right to Request Access to Designated Record Set

Right to Request Access to Designated Record Set HIPAA Procedure 5002B Right to Request Access and Amendment to Designated Record Effective Date: April 14, 2003 Revised Date: September 16, 2013 Right to Request Access to Designated Record... 1 Denial

More information

Annual Compliance Training. HITECH/HIPAA Refresher

Annual Compliance Training. HITECH/HIPAA Refresher Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance

More information

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule. Introduction This course is on the federal HIPPA rule. HIPAA is the Health Insurance Portability and Accountability Act. It is the federal rule that sets standards for the protection of health information.

More information

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable NOTICE OF PRIVACY PRACTICES TEMPLATE Sections highlighted in yellow are optional sections, depending on if applicable Original Date: ##/##/#### Revised per HIPAA Omnibus Rule ##/##/#### Revised Date Implementation:

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

UNIVERSITY OF WYOMING HIPAA POLICY 4.2 REQUEST FOR AMENDMENT OF PROTECTED HEALTH INFORMATION

UNIVERSITY OF WYOMING HIPAA POLICY 4.2 REQUEST FOR AMENDMENT OF PROTECTED HEALTH INFORMATION UNIVERSITY OF WYOMING HIPAA POLICY 4.2 REQUEST FOR AMENDMENT OF PROTECTED HEALTH INFORMATION I. PURPOSE: Patients may request amendments to their medical records, i.e. protected health information ( PHI

More information

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. THE PRIVACY OF YOUR MEDICAL INFORMATION IS

More information

Privacy and Security of Health Information Information in New York State

Privacy and Security of Health Information Information in New York State Privacy and Security of Health Information Information in New York State 2015 Privacy and Security of Health Information in New York State Welcome Hello, my name is Roger, and I'm here to talk with you

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Talksoft is BA with Covered Entity BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is made this day of, and entered into between, ( Covered Entity ) having its principal place of

More information

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy & Security - Sanctions 10210

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy & Security - Sanctions 10210 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy & Security - Sanctions 10210 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy Title:

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

HIPAA Security Manual Administrative Security/Omnibus Rule

HIPAA Security Manual Administrative Security/Omnibus Rule Notice of Privacy Policies Form ***This notice describes how medical information about you may be used and disclosed and how you can get access to this information. PLEASE READ IT CAREFULLY!*** The tells

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

What You Need to Know About the New HIPAA Breach Notification Rule 1

What You Need to Know About the New HIPAA Breach Notification Rule 1 What You Need to Know About the New HIPAA Breach Notification Rule 1 New regulations effective September 23, 2009 require all physicians who are covered by HIPAA to notify patients if there are breaches

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Audit Report. University Medical Center HIPAA Compliance. June 2013. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT

Audit Report. University Medical Center HIPAA Compliance. June 2013. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT Audit Report AUDIT DEPARTMENT University Medical Center HIPAA Compliance June 2013 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani

More information

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 Effective Date: 5/18/15 NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate? HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc. Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc. Piedmont WellStar HealthPlans, Inc. (PWHP) provides population health management services to its

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

University of California Policy

University of California Policy University of California Policy HIPAA Patients Rights Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective Date:

More information

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name) HIPAA COMPLIANCE PLAN For CHARLES RETINA INSTITUTE (Practice Name) Date of Adoption 1/02/2003 Review/Update 10/25/2012 Review/Update 4/01/2014 I. COMPLIANCE PLAN A. Introduction This HIPAA Compliance Plan

More information

Merit Dental. HIPAA Privacy Rule Policies and Procedures For Indiana

Merit Dental. HIPAA Privacy Rule Policies and Procedures For Indiana Merit Dental HIPAA Privacy Rule Policies and Procedures For Indiana Effective September 23, 2013 These policies are designed to provide covered entities with an outline for how to handle HIPAA-related

More information

SDC-League Health Fund

SDC-League Health Fund SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES The Pain Treatment Center, Inc. d/b/a Stone Road Surgery Center THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Notice Of

More information

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY

More information

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031 The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this

More information

This is a "preview " of the BAA agreement. You'll be able to sign the BAA electronically after you upgrade to the Powerhouse Player plan.

This is a preview  of the BAA agreement. You'll be able to sign the BAA electronically after you upgrade to the Powerhouse Player plan. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into as of (the Effective Date ), by and between ("Covered Entity") and Acuity Scheduling, Inc. ("Business Associate").

More information

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES DISCLAIMER This web site is provided for information and education purposes only. No doctor/patient relationship is established by your use of this site. No diagnosis or treatment is being provided. The

More information

Can Your Diocese Afford to Fail a HIPAA Audit?

Can Your Diocese Afford to Fail a HIPAA Audit? Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous

More information

EXAMPLES of HIPAA violations

EXAMPLES of HIPAA violations EXAMPLES of HIPAA violations Minimum Necessary Policies Hospital Implements New Minimum Necessary Polices for Telephone Messages Covered Entity: General Hospital Issue: Minimum Necessary; Confidential

More information

HIPAA Auditing Tool. Department: Site Location: Visit Date:

HIPAA Auditing Tool. Department: Site Location: Visit Date: HIPAA Auditing Tool Department: Site Location: Visit Date: Auditor: Staff Interviewed: Notice of Privacy Practice 164.520(c) A covered entity must make the notice required by this section available on

More information

Schindler Elevator Corporation

Schindler Elevator Corporation -4539 Telephone: (973) 397-6500 Mail Address: P.O. Box 1935 Morristown, NJ 07962-1935 NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU

More information

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter Agreement ) is between COVERED ENTITY NAME (hereinafter Covered Entity ) and BUSINESS ASSOCIATE NAME (hereinafter Business

More information

Notice of Privacy Practices for Protected Health Information (PHI)

Notice of Privacy Practices for Protected Health Information (PHI) Notice of Privacy Practices for Protected Health Information (PHI) Arapahoe Sports Medicine and Rehabilitation THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

AMENDMENT TO IMPLEMENT HIPAA BUSINESS ASSOCIATE REQUIREMENTS (UPB=COVERED ENTITY) CONTRACT NO(S).:

AMENDMENT TO IMPLEMENT HIPAA BUSINESS ASSOCIATE REQUIREMENTS (UPB=COVERED ENTITY) CONTRACT NO(S).: AMENDMENT TO IMPLEMENT HIPAA BUSINESS ASSOCIATE REQUIREMENTS (UPB=COVERED ENTITY) CONTRACT NO(S).: THIS AMENDMENT is made as by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC. located at 450 Clarkson

More information

Information Security Handbook for Employees

Information Security Handbook for Employees Information Security Handbook for Employees Providing our patients with excellence in healthcare includes protecting their information This handbook was prepared by Tom Walsh Consulting, LLC for the Kansas

More information

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System

More information

Neera Agarwal-Antal, M.D. HIPAA Policies and Procedures

Neera Agarwal-Antal, M.D. HIPAA Policies and Procedures Neera Agarwal-Antal, M.D. HIPAA Policies and Procedures HIPAA POLICIES & PROCEDURES This packet includes the following HIPAA policies, procedures and model forms: HIPAA General Operating Policy...1 Authorization

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

Privacy & Security Standards to Protect Patient Information

Privacy & Security Standards to Protect Patient Information Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine

More information

PROTECTED HEALTH INFORMATION

PROTECTED HEALTH INFORMATION SUBJECT: PROTECTED HEALTH INFORMATION POLICY: Department of Origin: Compliance Department Responsible Position: Vice President, Compliance and Audit Date(s) of Review and Revision: 12/13; 05/14; 12/14

More information

SCDA and SCDA Member Benefits Group

SCDA and SCDA Member Benefits Group SCDA and SCDA Member Benefits Group HIPAA Privacy Policy 1. PURPOSE The purpose of this policy is to protect personal health information (PHI) and other personally identifiable information for all individuals

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October

More information

APPENDIX 1: Frequently Asked Questions

APPENDIX 1: Frequently Asked Questions APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).

More information

PRIVACY AND SECURITY SURVIVAL TRAINING

PRIVACY AND SECURITY SURVIVAL TRAINING PRIVACY AND SECURITY SURVIVAL TRAINING 1.Typeorcutandpastethislinkintothe addressbar: http://hrwebdev.dhs.lacounty.gov/attestation/ 2.Clickthe downarrow 3.Select 2013Privacyand SecuritySurvivalHandbook

More information

Clinical Solutions. 2 Hour CEU

Clinical Solutions. 2 Hour CEU 1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected

More information

PLLC NOTICE OF PRIVACY PRACTICES

PLLC NOTICE OF PRIVACY PRACTICES PLLC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY. NOTICE OF PRIVACY PRACTICES The following

More information

HIPAA/HITECH Omnibus Final Rule - January 23, 2013

HIPAA/HITECH Omnibus Final Rule - January 23, 2013 HIPAA Omnibus Rule Please note: these slides are intended to provide an overview of general information, not an exhaustive review. No legal advice is being offered or intended. Do not rely on this information

More information

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities : Texas HB 300 HB 300: Background Texas House Research Organizational Bill Analysis for HB 300 shows state legislators believed HIPAA did not provide enough protection for private health information (PHI)

More information

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules Page 2 Index Privacy 101 and Intermediate Privacy Self-Learning Module 2012 HIPAA Education 3 Instructions Index

More information

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER: NOTICE OF PRIVACY PRACTICES COMPLETE EYE CARE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

PHI Air Medical, L.L.C. Compliance Plan

PHI Air Medical, L.L.C. Compliance Plan Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation

More information

Preferred Professional Insurance Company Subcontractor Business Associate Agreement

Preferred Professional Insurance Company Subcontractor Business Associate Agreement Preferred Professional Insurance Company Subcontractor Business Associate Agreement THIS SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT ( Agreement ) amends and is made a part of all Services Agreements (as

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE OF PRIVACY PRACTICES

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

Policy & Procedure HIPAA / PRIVACY AMENDMENT OF PHI

Policy & Procedure HIPAA / PRIVACY AMENDMENT OF PHI WEBER HUMAN SERVICES Policy & Procedure HIPAA / PRIVACY AMENDMENT OF PHI NUMBER 06 APPROVED 2/21/2014 REVIEWED REVISED PURPOSE This Policy is to provide a process for responding to a client s request for

More information

POLICY NAME: NOTICE OF PRIVACY BREACHES

POLICY NAME: NOTICE OF PRIVACY BREACHES NOTE: This sample policy is drafted to comply with the HIPAA breach notification rules as amended January 2013. The user should review applicable laws and regulations and modify this sample policy as appropriate

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

HIPAA: Privacy/Info Security

HIPAA: Privacy/Info Security HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT Please complete the following and return signed via Fax: 919-785-1205 via Mail: Aesthetic & Reconstructive Plastic Surgery, PLLC 2304 Wesvill Court Suite 360 Raleigh, NC 27607

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. OUR PLEDGE

More information