SELF-HELP GUIDE TO HIPAA FOR SMALL EMPLOYERS
|
|
- Sydney Stone
- 7 years ago
- Views:
Transcription
1 SELF-HELP GUIDE TO HIPAA FOR SMALL EMPLOYERS Introduction By Serena G. Simons and Peter N. Cizik HIPAA * is probably one of the most misunderstood sets of regulations facing employers today. The good news is that there is a huge amount of information available to help you comply with HIPAA. The bad news is that a fair amount of what is out there is wrong. And don t look to the federal government for help. It is still trying to sort these regulations out for the health industry and has few resources left to devote to issues related to employer group health plans. This article will attempt to tilt the balance back in your favor by providing some practical steps you can take to control your obligations under these new regulations and to minimize your compliance costs. This Doesn t Really Apply To Me, Does It? And Other Common HIPAA Misunderstandings Before discussing the steps you can take to control your obligations and minimize your compliance costs under the HIPAA regulations, we d like to discuss some common misunderstandings about HIPAA. Many employers have been told and erroneously believe -- that they are not affected by HIPAA. The results might not only be embarrassing, but also illegal and expensive. Below is a list of these misunderstandings and the real answer for each one. Misunderstanding No. 1: Small employers don t have to worry about HIPAA Wrong! There is no small employer exception. Every employer that offers a group health plan to its employees will be affected by HIPAA and will have to determine its compliance obligations, even though an insurance company does all the work administering those benefits. If you pay less than $5 million a year in premiums (or benefits if you are self-funded) your compliance date for the privacy rule is April 14, Larger group health plans had to comply last year. The ONLY real health plan exception under HIPAA is for very small, self-administered group health plans those with fewer than 50 participants AND are self-insured and selfadministered. Most small employer health plans are insured (not self-administered), and therefore are subject to the privacy rule. * HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, which, among other things, attempts to simplify the health care system by requiring standardized electronic transmissions of claims-related information. It also protects the privacy of health information. This article discusses HIPAA's privacy requirements. Group health plans are also required to comply with other HIPAA regulations, most of which have compliance dates in 2005 or later. Page 1 of 6
2 Misunderstanding No. 2: My group health plan does not transmit any information electronically, so it is exempt from HIPAA Wrong again. Group health plans are covered by the HIPAA regulations whether they transmit information electronically or not. Health care providers, such as doctors, nurses, on-site clinics, etc., are exempt from these regulations if they do not transmit electronically, but this exemption applies only to providers, not to group health plans. Misunderstanding No. 3: My insurance company is responsible for HIPAA compliance, not me. Not quite you are both covered by the rule. You the employer are the legal sponsor of the group health plan (a covered entity) and you must ensure that your group health plan complies with HIPAA. Your insurer is also a covered entity and must ensure that it complies with HIPAA in its own activities. Note that if the type of health information you receive from your insurance company is strictly limited to the type of information called summary health information (or SHI ), and you use it only in accordance with special rules set out in the HIPAA privacy rule, your compliance burden will be very small. But the burden with regard to your group health plan is still legally yours. Misunderstanding No. 4: My health flexible spending account ( FSA ) isn t subject to HIPAA. Unfortunately also wrong your health FSA is subject to HIPAA (unless, of course, it has fewer than 50 participants and is self-administered). What s more, these plans are always selfinsured and so will require the highest levels of HIPAA compliance even if you as the employer are not directly involved in the administration of the plan. Misunderstanding No. 5: My broker (or TPA) will take care of HIPAA for me. Maybe. Your broker (or TPA) may, indeed, perform this service for you. But you must understand that the legal obligation is still yours, and any penalties imposed for a failure to comply will be imposed on you and not your broker (or TPA). So it is in your interest to know something about HIPAA and to be pro-active in raising compliance issues with your broker (or TPA). Misunderstanding No. 6: I don t get any health information about my employees, so I don t have to comply with HIPAA. Unfortunately, it is not that simple. An employer with a self-insured plan is deemed to receive employee health information even if the employer has taken careful steps to ensure that it does not, for example, by using a third party administrator for all aspects of plan administration. Such an employer is relieved of some, but not all HIPAA compliance obligations. Also, an employer with a fully-insured plan may be receiving protected health information of which it is not aware. It is your obligation to determine what information you are receiving and what your compliance obligations are. Practical Steps To Minimize HIPAA Obligations and Costs This brings us to the main part of our article: What can you do as an employer to keep your HIPAA obligations and costs as small as possible? Page 2 of 6
3 The key to minimizing your compliance burden is whether you see protected health information PHI -- in the course of administering your company s group health plan. Note that hiring vendors will not insulate you completely. In general, if your vendor sees PHI on your behalf, then you are deemed to have seen it as well. If you and your vendors -- do not see (i.e., receive) PHI, your compliance burden and costs will be significantly smaller. Therefore, your primary task as an employer that wishes to minimize its obligations, costs, and risks under HIPAA will be to avoid seeing (receiving) PHI about your employees and their families. So, what exactly is PHI? PHI -- protected health information -- is any information relating to an individual s health, or health benefits, from which they can be identified. The information does not need to include medical data to be protected. If, for example, a person is enrolled in the PPO option of an employer s group health plan, the person s name and choice of plan are considered protected health information. Protected health information can be on paper, in electronic media, or it can be an oral statement. For instance, if an insurance company s customer service representative tells an employer over the telephone that a particular employee has diabetes, the representative has disclosed protected health information. Other common examples of PHI are: enrollment forms, explanations of benefits ( EOBs ), and claims forms. See for more examples.] Now that you know what PHI is and that you should avoid it, what are some common practices you should review to minimize your exposure to PHI and thus your compliance burden? Enrollment. With rising healthcare costs, there s a good chance you may be shopping around for a different health plan. Many insurance company enrollment forms request all kinds of PHI from employees and their families, including specific information about medical histories. Institute a process by which enrollment forms are sent directly to the insurer and not to you! If you or your HR department insists on collecting the forms first, make sure employees seal the forms in envelopes before turning them in. If this information is sent to your broker, determine what role the broker is playing when it receives this information and whether there are contract implications for you (i.e. determine whether there needs to be a business associate agreement in place with that broker first). Claims Advocacy. An employee has filed a claim that hasn t been paid and has asked for the company s help to get the claim paid. This is almost impossible to do without getting additional PHI from the insurance company. First decide whether your broker or you will handle this for employees. Then set up a process by which your broker (or you) obtains a HIPAA compliant authorization form from your employee and provides that form to the insurance company. That form authorizes the insurance company to release additional information to your broker (or you) for purposes of resolving the claim. Make sure that your broker (or you) takes precautions to safeguard any PHI received from the insurance company. In fact, the best course might be to destroy the PHI once the claim has been resolved. Claims Reports. Many employers receive regular reports on claims experience for the preceding week, month, etc. Often these reports identify the individuals filing the claims. This information is PHI. Consider whether you need to continue to receive this identifying Page 3 of 6
4 information, or whether information with the identifiers removed would be sufficient for your plan administrative purpose. Remember that, under HIPAA, you may not use information about an individual from your group health plan to make any employment decisions! Duplicate EOBs. Some employers receive duplicate copies of the EOBs sent to health plan participants. Here again, these documents are clearly PHI, and employers should carefully consider whether the purposes for which they have been receiving this information are permitted after HIPAA and if so, whether they need to continue to receive this information. Absolute Minimums But what are the absolute minimums? If you do nothing else, what is it you should do to protect yourself under HIPAA? Be smart. As with taxes, ignorance is no defense when it comes to HIPAA. Get educated on the regulations. Even if you think it doesn t apply to you directly, chances are it will have some impact on how you run your business on a day-to-day basis. Also, while your compliance burden may be small today, your situation may change and you need to know for what to watch, so that you can increase your compliance infrastructure as required. Be pro-active. If your broker has not discussed HIPAA compliance with you, take the initiative. In particular, determine whether you will need a business associate contract with your broker. In general, the contract stipulates that your broker will do certain things to ensure the PHI it receives on your behalf remains secure and protected from unauthorized disclosures. The HIPAA regulations require such a contract in some circumstances, and in other circumstances it also might be a good idea. Also, make sure you and your insurer discuss and agree on who is responsible for what. Be good. Much of what used to be standard operating procedure for both insurance companies and employers is now prohibited under federal law, or must be structured differently. Take the time to think about the information you have been getting and whether you can properly or whether you even want to -- continue to get it at all. And be careful. Employers tend to get and use lots of PHI for no reason other than because they always have. That was then, this is now. HIPAA has changed the rules and you must be careful not to inadvertently set yourself up for a burdensome compliance program that you don t need and you certainly don t want - if you can avoid it. The chart below provides a good starting point for your HIPAA compliance program if your plan is fully insured and will still be helpful if your plan is self-insured. Even the 10-employee company needs to be concerned with HIPAA - don t be lulled into noncompliance because auditors aren t knocking on your door. These are some easy steps that will get you started. But remember - this is NOT the be all and end all list of what needs to be done. Only a thorough review of your health plan practices will give you that answer. Check out and some of the other resources listed below for additional useful information and tools to help you out. Page 4 of 6
5 COMPLIANCE CHECKLIST INITIAL COMPLIANCE STEPS 1. Get trained on HIPAA. Even executive management (or maybe, especially executive management) needs to have a working knowledge of the risks of noncompliance. 2. Contact your service providers (e.g., brokers, TPAs) to determine compliance roles and responsibilities. Establish and/or review contracts with these providers for confidentiality and/or Business Associate provisions, as applicable. 3. Contact your insurance carrier (if fully insured) to discuss compliance roles and responsibilities including responsibility for distributing Notice of Privacy Practices. 4. Establish procedures to insure you receive only Summary Health Information (SHI) and use it only for proper purposes. 5. Establish procedures to handle claims advocacy, including an authorization form. 6. Establish procedures to handle any specific request (from an employee or otherwise) (e.g., subpoenas or other court orders) that may require you to receive PHI Establish complaint procedures. Establish procedures to comply with the residual compliance obligations for fully insured plans (no retaliation, no waiver, confidential communications). 9. Document all related policies, procedures and compliance efforts (even though the rules might not require you to do so). This will be the first question asked during any kind of audit (formal or informal)! 10. Don t forget your FSA! Additional Resources Centers for Medicare & Medicaid Services General Information State preemption analysis Page 5 of 6
6 About the Authors Serena G. Simons Serena has practiced in the area of employee benefits for more than 15 years. She regularly advises employers on such matters as plan design and compliance with statutory and regulatory regimes that affect benefits plans including the Internal Revenue Code, ERISA, COBRA, FMLA, HIPAA, ADEA, and ADA. Serena has a significant amount of experience in drafting and amending health plan documents, in preparing plan-related employee communications (in both electronic and paper formats), in negotiating service-provider contracts, and in dealing with the benefits issues related to business transactions. She also has worked extensively with plan sponsors on such matters as plan administrative structure, fiduciary responsibilities, and claims review processes and procedures under ERISA. Serena speaks and writes frequently and advises employers on various issues related to HIPAA privacy compliance for group health plans and other employer-provided health services. Serena received her law degree, with high honors, from the Duke University School of Law, and her B.A. from Duke University. Peter N. Cizik Peter is a Managing Director and co-founder of HIPAA Solutions Rx ( He has over 18 years of management and consulting experience in Fortune 500 companies such as Andersen Consulting (now Accenture) and Intel Corporation as well as numerous startups. He has an Electrical Engineering degree from the University of Texas and an MBA from the Harvard Business School. Peter brings his years working in the Healthcare industry and ISO level compliance projects to the HIPAA compliance challenge, driving HIPAA Solutions Rx to provide industry leading tools to all organizations impacted by these sweeping regulations. Partnering with leading experts, HIPAA Solutions Rx provides cost effective tools that are of the highest quality. Note: This Document is intended for general informational purposes only and should not be considered legal advice or legal opinion on any specific facts or circumstances. You are urged to consult your corporate counsel or benefits attorney concerning any legal questions you may have. Copyright. Copyright 2004 by HIPAA Solutions Rx. All rights reserved. No part of this publication may be reproduced or transmitted by any means, electronic or mechanical, including photocopy, without prior written permission of the authors. Page 6 of 6
HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General
HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction HIPAA Privacy Regulations-General The final HIPAA Privacy regulation was released on December 20, 2000 and was effective for compliance on April
More informationJanuary 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules
Employer Sponsored Group Health Plans and the HIPAA Privacy Rules Employers must be prepared for their obligations under the HIPAA Privacy Rules January 2003 Bob Radecki KnowHIPAA.com HIPAA-COBRA-FMLA
More informationHIPAA Privacy Overview
May 21, 2003 HIPAA Privacy Overview Presented to the California State University Agenda Introduction HIPAA privacy regulations HIPAA privacy impact on CSU Next steps/action items Mercer Human Resource
More informationHIPAA Privacy Summary for Self-insured Employer Groups
I. Overview HIPAA Privacy Summary for Self-insured Employer Groups The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures of
More informationAlert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements
PROSKAUER ROSE LLP Client Alert HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements The U.S. Department of Health and Human Services published
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationAn Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP
An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP Important Disclaimer: Practice limited to labor and employment law on behalf of management and related litigation.
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationHIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE
Important: Conducting an assessment of your health plan(s) is the first step to determining HIPAA compliance. You will need to conduct a separate assessment for each of your health plans. (Please be aware
More informationHIPAA Privacy Summary for Fully-insured Employer Groups
HIPAA Privacy Summary for Fully-insured Employer Groups I. Overview The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures
More informationPlan Sponsor Guide HIPAA Privacy Rule
Plan Sponsor Guide HIPAA Privacy Rule Plan Sponsor s Guide to the HIPAA Privacy Rule Compliments of Aetna 00.02.108.1A (5/05) Compliments of Aetna You have likely heard a great deal about the HIPAA Privacy
More informationHIPAA Compliance Manual
HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationAmerican Bar Association. Technical Session Between the Department of Health and Human Services and the Joint Committee on Employee Benefits
American Bar Association Technical Session Between the Department of Health and Human Services and the Joint Committee on Employee Benefits May 6, 2008 The following notes are based upon the personal comments
More informationHIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.
2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes
More informationIMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY
IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY As the Plan Sponsor/Employer you must contend with yet another federal requirement on your group health plans: the "Health Insurance Portability and Accountability
More informationHIPAA NOTICE OF PRIVACY PRACTICES
HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationThe MC Academy The Employee Benefits and Executive Compensation Series. HIPAA PRIVACY AND SECURITY The New Final Regulations
The MC Academy The Employee Benefits and Executive Compensation Series HIPAA PRIVACY AND SECURITY The New Final Regulations June 18, 2013 Overview Background Recent Changes to HIPAA Identifying Business
More informationPlan Sponsor s Guide to the HIPAA Security Rule
Plan Sponsor s Guide to the HIPAA Security Rule Compliments of Aetna 00.02.117.1 (8/04) The HIPAA Security Rule We live in a world with ever increasing Internet and e-mail access, networking capabilities,
More informationCROSS, GUNTER, WITHERSPOON & GALCHUS, P.C. ATTORNEYS AT LAW LITTLE ROCK/FORT SMITH/FAYETTEVILLE
CROSS, GUNTER, WITHERSPOON & GALCHUS, P.C. ATTORNEYS AT LAW LITTLE ROCK/FORT SMITH/FAYETTEVILLE Scotty Shively sshively@cgwg.com www.cgwg.com 500 President Clinton Avenue, Suite 200 Little Rock, AR 72201
More informationHIPAA PRIVACY AND EDI RULES
The Health and Human Services (HHS) issued final HIPAA privacy regulations on August 14, 2002. These rules govern how individually identifiable medical information must be protected. HIIPAA also requires
More informationHIPAA. HIPAA and Group Health Plans
HIPAA HIPAA and Group Health Plans CareFirst BlueCross BlueShield is the business name of CareFirst of Maryland, Inc. and is an independent licensee of the Blue Cross and Blue Shield Association. Registered
More informationHIPAA Privacy at SCG...
HIPAA Privacy at SCG......What You Need to Know Click the Next arrow to view the next slide: Copyright 2003, Sarasota County Government All rights reserved Objectives: What Will I Learn? What is HIPAA?
More informationLittle-Noticed HIPAA Regulations Create New Burdens for Employers
Little-Noticed HIPAA Regulations Create New Burdens for Employers Earlier this month the federal government released new regulations which could affect an employer's health plans, if those health plans
More informationThere are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.
Introduction This course is on the federal HIPPA rule. HIPAA is the Health Insurance Portability and Accountability Act. It is the federal rule that sets standards for the protection of health information.
More informationHIPAA - - Basic Concepts and Implementation Roadmap
HIPAA - - Basic Concepts and Implementation Roadmap Prepared by: David Weiner dweiner@seyfarth.com Fredric Singerman fsingerman@dc.seyfarth.com Today s Agenda n Introduction of HIPAA Privacy and Electronic
More informationEmployer Sponsored Group Health Plans and HIPAA. Trudy Millard Krause, DrPH Mark L. Stember, Esq. Linda R. Mendel, Esq. David Ermer, Esq.
Health Plans and HIPAA Trudy Millard Krause, DrPH Mark L. Stember, Esq. Linda R. Mendel, Esq. David Ermer, Esq. Employers and HIPAA Employers are not covered entities Guidance 5391 Fed Reg. Vol 67, #157,
More informationPopulation Health Management Program Notice of Privacy Practices
Population Health Management Program Notice of Privacy Practices Premier Health provides population health management services to its health plan members. Services include wellness program tools and technology,
More informationHIPAA Compliance for Payor Organizations
HIPAA Compliance for Payor Organizations Key Issues For Health Plans Under HIPAA Privacy Regulations HCAA 2002 Annual Compliance Institute April 21, 2002 Wendy L. Krasner McDermott, Will & Emery Washington,
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationSchindler Elevator Corporation
-4539 Telephone: (973) 397-6500 Mail Address: P.O. Box 1935 Morristown, NJ 07962-1935 NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
More informationHIPAA In The Workplace. What Every Employee Should Know and Remember
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More informationAm I a Business Associate?
Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have
More informationHIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996
HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title
More informationUniversity of California Policy
University of California Policy HIPAA Uses and Disclosures for UC Group Health Plans Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance
More informationHIPAA Privacy Rule Primer for the College or University Administrator
HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule
More informationThe HIPAA Privacy Rule: Overview and Impact
The HIPAA Privacy Rule: Overview and Impact DISCLAIMER: This information is provided as is without any express or implied warranty. It is provided for educational purposes only and does not constitute
More informationTrustees of the College of the Holy Cross
DRAFT Summary of Benefit Description Trustees of the College of the Holy Cross Medical Expense Reimbursement Plan Effective as of January 1, 2015 TABLE OF CONTENTS Benefit Summary.............2 Introduction........3
More informationMember s Name First M.I. Last Dependent s Name (if enrolling in Medicare) First M.I. Last
Oklahoma State and Education Employees Group Insurance Board A Division of the Office of State Finance APPLICATION FOR MEDICARE SUPPLEMENT WITH PART D Member ID # *MCENRL* Phone ( ) Member s Name First
More informationEffective Date: March 23, 2016
AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA FOR HUMAN RESOURCE EXECUTIVES. Stuart Miller, Esq. Gerry Hinkley, Esq. Davis Wright Tremaine LLP
HIPAA FOR HUMAN RESOURCE EXECUTIVES Stuart Miller, Esq. Gerry Hinkley, Esq. Davis Wright Tremaine LLP 1 COVERED ENTITY ANALYSIS Determine if employer is a Covered Entity (health care provider, health plan
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationPersonal Information - Protecting And Balancing It At Hulse QM
Hulse/QM Healthcare Advocacy Program Notice of Privacy Practices THIS NOTICE DESCRIBES HOW PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE
More informationHIPAA Privacy For our Group Customers and Business Partners
HIPAA Privacy For our Group Customers and Business Partners AmeriHealth HMO, Inc. AmeriHealth Insurance Company of New Jersey QCC Insurance Company, d/b/a AmeriHealth Insurance Company HIPAA, The Health
More information2015 Health Law Update
2015 Health Law Update 1 1 Brad Roehrenbeck General Counsel and Vice President of Legal Services and Compliance Agenda HIPAA & HITECH Act Enforcement Affordable Care Act Developments Tax on High-Cost Health
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationHealth Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
More informationWebinar: Privacy Conundrums
Webinar: Privacy Conundrums Iris Tilley Barran Liebman LLP HIPAA Myth: Health care providers can share personal health information with employers. HIPAA Truth: Employers can t receive personal health information
More informationNOTICE OF PRIVACY PRACTICES FOR PURDUE UNIVERSITY HEALTH PLANS
NOTICE OF PRIVACY PRACTICES FOR PURDUE UNIVERSITY HEALTH PLANS This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please
More informationHHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI
January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative
More informationWhitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA
Whitefish School District R PERSONNEL 5510 page 1 of 5 HIPAA Note: (1) Any school district offering a group health care plan for its employees is affected by HIPAA. School districts offering health plans
More informationBROWN RUDNICK BERLACK ISRAELS LLP. Group Health Plan Compliance with HIPAA and ERISA: NAVIGATING THE LEGAL AND
B R B I BROWN RUDNICK BERLACK ISRAELS LLP Group Health Plan Compliance with HIPAA and ERISA: NAVIGATING THE LEGAL AND ADMINISTRATIVE MAZE Q&A 2003 QUESTION AND ANSWER RESOURCE GUIDE Group Health Plan Compliance
More informationPopulation Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.
Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc. Piedmont WellStar HealthPlans, Inc. (PWHP) provides population health management services to its
More informationThe privacy rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) have been
As Appeared in Benefits Law Journal Vol. 17, No. 1, Spring 2004 HIPAA Privacy Compliance: It s Time to Take It Seriously By Russell E. Greenblatt and Jeffrey J. Bakker, Katten Muchin Zavis Rosenman 2004
More informationDISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015
DISCLAIMER Direct Medical Imaging LLC (DMI) dba Pembina High Field MRI provides scanning and services, including an interpretation of the scan by a board certified radiologist. DMI cannot and does not
More informationPopulation Health Management Program Notice of Privacy Practices from Evolent Health
Population Health Management Program Notice of Privacy Practices from Evolent Health MedStar Health, Inc., a Maryland not-for-profit corporation, has contracted with Evolent Health, Inc., a Delaware corporation
More informationPrivacy Space. Public Place. How to Protect PHI and be HIPAA Compliant
Privacy Space. Public Place. How to Protect PHI and be HIPAA Compliant Event Type Live Online ACPE Expiration Date 12/11/2016 Credits 1 Contact Hour Target Audience Pharmacy Technicians Program Overview
More informationBUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]
BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain
More informationHIPAA RULES AND REGULATIONS
HIPAA RULES AND REGULATIONS INTRODUCTION Everyone who works in or around health care has heard about the HIPAA, the Health Insurance Portability and Accountability Act. And certainly, everyone who is in
More information2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S. 2012 Revised
2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S 2012 Revised 1 Introduction CMS Requirements As of January 1, 2011, Federal Regulations require that Medicare Advantage Organizations (MAOs) and
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationOnline Banking, Bill Pay, and E-Statements
Online Banking, Bill Pay, and E-Statements ERROR RESOLUTION NOTICE In case of errors or questions about your electronic transfers, call or write us at the telephone number or address listed in this brochure,
More informationFrequently Asked Questions About the Privacy Rule Under HIPAA
Q-1: What is HIPAA? Frequently Asked Questions About the Privacy Rule Under HIPAA A: HIPAA is the Health Insurance Portability and Accountability Act (passed by Congress in 1996). The Privacy Rule was
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationHIPAA Agreements Overview, Guidelines, Samples
HIPAA Agreements Overview, Guidelines, Samples I. Purpose The purpose of this document is to provide an overview of the regulatory requirements related to HIPAA trading partner agreements, business associate
More informationCompliance Program and HIPAA Training For First Tier, Downstream and Related Entities
Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationHITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers
HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers Disclaimer: The following questions and answers are not legal advice or opinion. They
More informationEntities Covered by the HIPAA Privacy Rule
Entities Covered by the HIPAA Privacy Rule Who Is A Covered Entity? HIPAA standards apply only to: Health care providers who transmit any health information electronically in connection with certain transactions
More informationHIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP
HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationThe HIPAA Standard Transaction Requirements: How do Health Plans Comply?
The HIPAA Standard Transaction Requirements: How do Health Plans Comply? April 17, 2014 As most employers are aware, the federal government has released a good deal of guidance related to various provisions
More information23RD NATIONAL HIPAA SUMMIT
23RD NATIONAL HIPAA SUMMIT OMNI SHOREHAM HOTEL WASHINGTON, D.C. MARCH 16 18, 2015 The HIPAA Privacy and Security Rules from the Employer s/group Health Plan Sponsor s Perspective Prepared by Alden J. Bianchi,
More informationLegal Advocacy for Women with Breast Cancer Insurance and Benefits Issues
American Bar Association Health Law Section, Gilda s Club Louisville, Health Enterprises Network, James Graham Brown Cancer Center, Louisville Bar Association, Nucleus, University of Louisville Present...
More informationAgent Instruction Sheet for PriorityHRA Plan Document
Agent Instruction Sheet for PriorityHRA Plan Document Thank you for choosing PriorityHRA! Here are some instructions as to what to do with each PriorityHRA document. Required Documents: HRA Application
More informationVisa Inc. HIPAA Privacy and Security Policies and Procedures
Visa Inc. HIPAA Privacy and Security Policies and Procedures Originally Effective April 14, 2003 (HIPAA Privacy) And April 21, 2005 (HIPAA Security) Further Amended Effective February 17, 2010, Unless
More informationQuestions to Consider When Choosing a Health Insurance Plan
Chapter 14: Insurance Coverage for PKU Treatment Insurance Overview Medical foods (formula and foods modified to be low in protein) are a medical necessity for people with PKU. However, many adults and
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationIntroduction to HIPAA Privacy
Introduction to HIPAA Privacy is published by HCPro, Inc. Copyright 2003 HCPro, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, in any
More informationOrbograph HIPAA/HITECH Compliance, Resiliency and Security
Orbograph HIPAA/HITECH Compliance, Resiliency and Security Version 1.0 August 2013 Legal Notice This document is delivered subject to the following conditions and restrictions: The document contains proprietary
More informationDelta Dental Insurance Company. VIVA Medicare Plus Extra Care Dental Program. Evidence of Dental Coverage
Delta Dental Insurance Company VIVA Medicare Plus Extra Care Dental Program Evidence of Dental Coverage January 1, 2008 to December 31, 2008 If you have questions about your dental benefits, you may contact
More informationHarris County - Texas HIPAA Notice of Privacy Practices
Harris County - Texas HIPAA Notice of Privacy Practices Effective Date: September 23, 2013. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationBenefits Administration: Should You Outsource or Manage In-House? As companies consider options, Health Care Reform may impact decisions
Benefits Administration: Should You Outsource or Manage In-House? As companies consider options, Health Care Reform may impact decisions Contents Introduction 3 Findings 5 Which Areas of Benefits Administration
More informationHIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS
HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS Dear Group Dental and/or Vision Customer : This letter relates to privacy requirements contained in federal regulations under
More informationAdvisors, Inc. Q 6. An Employee Benefits Capabilities Presentation. Q 6 Advisors, Inc.
Q 6 Advisors, Inc. An Employee Benefits Capabilities Presentation Q 6 Advisors, Inc. Q 6 Advisors, Inc. Strategic Guidance for Intelligent Decisions 333 Earle Ovington Blvd., Suite 402 Uniondale, NY 11553
More informationOCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA
Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act
More informationHIPAA SELF STUDY TRAINING GUIDE
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may
More informationVoluntary Benefits Webinar Q&A the following questions were asked
Voluntary Benefits Webinar Q&A the following questions were asked during the two webinar sessions in November 2014 Q: We offer a group dental plan (employer and employee share premium cost). Will these
More informationNotice of Privacy Practices
Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of
More informationNote to Users: Page 1 of 5
Note to Users: The subsequent pages contain a Sample Business Associate Agreement that may be used by healthcare facilities. Be advised that this is strictly a sample and any formal Business Associate
More informationHIPAA and Network Security Curriculum
HIPAA and Network Security Curriculum This curriculum consists of an overview/syllabus and 11 lesson plans Week 1 Developed by NORTH SEATTLE COMMUNITY COLLEGE for the IT for Healthcare Short Certificate
More informationNOTICE OF PRIVACY PRACTICES. for Sony Pictures Entertainment Inc.
NOTICE OF PRIVACY PRACTICES for Sony Pictures Entertainment Inc. [Para recibir esta notificación en español por favor llamar al número proviso en este documento.] This notice describes how medical information
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationHIPAA for Business Associates
HIPAA for Business Associates February 11, 2015 Teresa D. Locke This presentation is similar to any other legal education materials designed to provide general information on pertinent legal topics. The
More informationHIPAA Privacy and Business Associate Agreement
HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationTJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT
PRIVACY POLICY STATEMENT Purpose: It is the policy of this Physician Practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California
More informationThe Doctor-Patient Relationship
The Doctor-Patient Relationship It s important to feel at ease with your doctor. How well you are able to talk with your doctor is a key part of getting the care that s best for you. It s also important
More information