Research Impacts of the HIPAA Omnibus Final Rule July 31, 2013

Size: px
Start display at page:

Download "Research Impacts of the HIPAA Omnibus Final Rule July 31, 2013"

Transcription

1 Research Impacts of the HIPAA Omnibus Final Rule July 31, 2013 Presented by: Fred Hamilton, JD Vice President, Ethics and Compliance at Mount Sinai Medical Center of Florida

2 About the Webinar Access webinar audio via computer speakers or telephone dial-in Please mute your audio Troubleshooting: Log out and log back in Try switching from computer audio to phone dial-in Recording and archive Q&A: via in-webinar tools and Webinar survey Certificate of attendance

3 About Schulman Associates IRB Established in 1983 US and Canadian boards fully accredited by the Association for the Accreditation of Human Research Protection Programs (AAHRPP) Superior audit history with FDA five consecutive audits with no findings 21 CFR Part 11 compliant electronic systems Compliant with FDA and OHRP requirements

4 About Schulman Associates IRB Full board meetings five days a week Dedicated daily expedited review of qualifying minimal risk protocols Phase I Board with streamlined processes tailored to Phase I timelines Oncology Review Board for all phases of oncology research Customized services for institutions and AMCs Experienced primary points of contact for sponsors, CROs, institutions and sites

5

6 About Today s Presenter Fred Hamilton, JD Vice President, Ethics and Compliance at Mount Sinai Medical Center of Florida Schulman board member (unaffiliated) since 2011 Formerly Associate General Counsel and Director, Office of Research Compliance and Regulatory Affairs, University of Cincinnati Has represented hospitals in contract and health law matters Attorney and graduate of the Salmon P. Chase College of Law of Northern Kentucky University

7 Research Impacts of the HIPAA Omnibus Final Rule July 31, 2013 Presented by: Fred Hamilton, JD Vice President, Ethics and Compliance at Mount Sinai Medical Center of Florida

8 HIPAA Fundamentals The Health Insurance Portability and Accountability Act ( HIPAA ) (1996)

9 HIPAA Fundamentals The Health Information Technology for Economic And Clinical Health Act ( HITECH ) (2009)

10 HIPAA Fundamentals Department of Health and Human Services Food and Drug Administration Office for Human Research Protections Office for Civil Rights

11 HIPAA Fundamentals Only Covered Entities are subject to HIPAA. Covered Entities include (a) healthcare providers who submit bills electronically; (b) health plans; and (c) healthcare clearinghouses. Most pharmaceutical companies, medical device companies, commercial IRBs and CROs are not Covered Entities. Research sites normally are Covered Entities, but may not be, depending on the nature of the operation.

12 HIPAA Fundamentals Penalties under the HIPAA Statute (Civil Penalties Tiered Approach) $ $ 50,000 per violation (Criminal Penalties Tiered Approach) Fines from $100 per violation to $ 250,000 Imprisonment up to Ten Years

13 HIPAA Fundamentals American Medical News June 7, 2010

14 HIPAA Fundamentals

15 HIPAA Fundamentals Certain uses and disclosures of Protected Health Information are permitted without obtaining a patient s authorization (for example, disclosures for the purposes of treatment, payment, and healthcare operations; disclosures required by law, etc.) All other uses and disclosures require a written patient authorization. Authorization Consent

16 Authorizations for Use and Disclosure of Health Information Authorizations for Use and Disclosure of Health Information Required Content (45 CFR (c)) Meaningful description of the information Who may use or disclose the information To whom the information will be disclosed All purpose(s) of the use or disclosure Expiration date or expiration event Individual s signature and date Right and method to revoke Right to refuse to sign (and consequences) Inability to condition treatment, payment, enrollment Risk of re-disclosure Plain language Copy must be given to Subject If LAR, authority to be described

17 Authorizations for Use and Disclosure of Health Information Additional Content When Appropriate (45 CFR )) Right of Access (Covered entity designated record set) Temporary Denial of Access (May override subjects wishes if integrity of the research is at stake)) Adverse Event Reporting (FDA required by law) Document Retention (Required by Law)

18 Effect of Revocation after Action in Reliance Written revocation of authorization, with withdrawal of existing research data or samples, may be denied as to data or samples as to which the investigator has taken action in reliance on the authorization (for example, sent to sponsor, reporting an adverse event). (45 CFR (b)(5)(1))

19 Common Rule HIPAA Requirements (5) A statement describing the extent, if any, to which confidentiality of records identifying the subject will be maintained [and that notes the possibility that the Food and Drug Administration may inspect the records]. Study subjects should be informed of the extent to which the institution intends to maintain confidentiality of records identifying the subjects. In addition, they should be informed that FDA may inspect study records (which include individual medical records). If any other entity, such as the sponsor of the study, may gain access to the study records, the subjects should be so informed. 21 CFR 50.25(a)(5); 45 CFR (a)(5) [This is not a HIPAA Requirement]

20 HIPAA Omnibus Final Rules Effective Date: March 26, 2013 Compliance Date: September 23, 2013

21 HIPAA Omnibus Final Rules HIPAA Omnibus Rules Breach Notification Standard Pre-Final Rule, Breach: acquisition, access, use, or disclosure of unsecured PHI, in a manner not permitted [by HIPAA], which poses a significant risk of financial, reputational, or other harm to the affected individual[.] 45 CFR Final Rule, Breach: acquisition, access, use or disclosure of protected health information in a manner not permitted [by HIPAA] which compromises the security or privacy of the protected health information.

22 HIPAA Omnibus Final Rules HIPAA Omnibus Rules Prohibition on Sale of PHI Expansion of Prohibition on Marketing

23 HIPAA Omnibus Final Rules Other Features HIPAA Omnibus Rules Business Associate Expansions - direct liability - subcontractor liability - conduit rule Mandatory Changes to BA Agreements Disclosures of PHI for fundraising Covered Entity vicarious liability Expanded disclosures - Family Requirement for providing EHR Changes - Notice of Privacy Practices Decedents PHI

24 Compound Authorizations for Research

25 Compound Authorizations (3) Compound authorizations. An authorization for use or disclosure of protected health information may not be combined with any other document to create a compound authorization, except as follows: (i) An authorization for the use or disclosure of protected health information for a research study may be combined with any other type of written permission for the same research study, including another authorization for the use or disclosure of protected health information for such research or a consent to participate in such research[.] [Old] 45 CFR (c)(3)(i) (emphasis added)

26 Compound Authorizations When an Authorization is obtained for research purposes, the Privacy Rule requires that it pertain only to a specific research study, not to nonspecific research or to future, unspecified projects. The Privacy Rule considers the creation and maintenance of a research repository or database as a specific research activity, but the subsequent use or disclosure by a covered entity of information from the database for a specific research study will require separate Authorization [.] NIH: Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule (April 14, 2003) (emphasis added)

27 Compound Authorizations (3) Compound authorizations. An authorization for use or disclosure of protected health information may not be combined with any other document to create a compound authorization, except as follows: (i) An authorization for the use or disclosure of protected health information for a research study may be combined with any other type of written permission for the same or another research study. This exception includes combining an authorization for the use or disclosure of protected health information for a research study with another authorization for the same research study, with an authorization for the creation or maintenance of a research database or repository, or with a consent to participate in research [.] [New] 45 CFR (c)(3)(i) (emphasis added)

28 Compound Authorizations Where a covered health care provider has conditioned the provision of research-related treatment on provision of one of the authorizations any compound authorization created under this paragraph must clearly differentiate between the conditioned and unconditioned components and provide the individual with an opportunity to opt in to the research activities described in the unconditioned authorization. [New] 45 CFR (c)(3)(iii)

29 Compound Authorizations Notes 1. The new expansion is not limited to combining authorization for a research study with an authorization for a research database or repository; the expansion applies to combinations of authorizations for any types of research studies.

30 Compound Authorizations Notes 2. The new expansion does not change the pre-existing rule regarding separate authorization for the use or disclosure of psychotherapy notes; an authorization for the use or disclosure of psychotherapy notes may only be combined with another authorization for the use or disclosure of psychotherapy notes.

31 Compound Authorizations Notes 3. A combined authorization which permits an individual only to opt out of an unconditioned research activity is not permitted. We decline to permit a combined authorization that only allows the individual to opt out of the unconditioned research activities (e.g. Check here if you do NOT want your data provided to the biospecimen bank ) because an opt-out option does not provide individuals with a clear ability to authorize the optional research activity, and may be viewed as coercive by individuals. 78 Fed. Reg (January 25, 2013)

32 Approvability of Compound Authorizations for Future Research In order to satisfy the requirement that an authorization include a description of each purpose of the requested use or disclosure, an authorization for uses and disclosures of protected health information for future research purposes must adequately describe such purposes such that it would be reasonable for the individual to expect that his or her protected health information could be used or disclosed for such future research.

33 Approvability of Compound Authorizations for Future Research However, we do not prescribe specific statements in the Rule. We agree with commenters that this approach best harmonizes with practice under the Common Rule regarding informed consent for future research, and allows covered entities, researchers and Institutional Review Boards to have flexibility in determining what adequately describes a future research purpose depending on the circumstances.

34 Compound Authorizations for Future Research Retroactive Effect Covered entities and researchers may rely on an Institutional Review Boardapproved consent obtained prior to the effective date of this final rule that reasonably informed individuals of the future research, provided the informed consent was combined with a HIPAA authorization (even though the authorization itself was specific to the original study or creation and maintenance of a repository)

35 Compound Authorizations for Future Research Extrinsic Documents [Covered entities may use] a combined consent/authorization form for a clinical trial and optional banking component, with a check box for the individual to have the choice to opt in to the banking component, and one signature, but with the detailed information about the banking component presented in a separate brochure or information sheet that is referenced directly in the consent/authorization form, [provided that]

36 Compound Authorizations for Future Research Extrinsic Documents if the brochure or information sheet includes required elements of the authorization (or informed consent) then the brochure or information sheet must be made available to potential research participants before they are asked to sign the consent/authorization document. Finally, in such cases, a covered entity must keep not only the signed authorization/consent form, but also a copy of the brochure or information sheet, in order to be in compliance with the documentation requirements at [45 CFR] (j).

37 Practical Tips Opt-In and Opt-Out The changes under the Omnibus Rule as regards opting in and opting out of research uses and disclosures had two purposes. The first purpose was to ensure that subjects understand the difference between the mandatory components of a research project, and the optional components. The second purpose was to ensure that subjects were not subject to coercion or undue pressure to participate in optional (unconditioned) activities.

38 Practical Tips Opt-In and Opt-Out Reviewing the language, it is clear that the opt-in requirement only applies if two things are true. First, the research under consideration must involve both a mandatory and an optional component. Second, the researcher must be seeking authorization for uses and disclosures of health information for both the mandatory and optional components in the same document (a compound authorization ).

39 Practical Tips Opt-In and Opt-Out Identifying Mandatory and Optional Components If these two conditions are satisfied, then the Rule requires, first, that the compound authorization make clear to subjects that there are mandatory and optional component(s) to the research. No particular language is required for this, and it is likely that the regulators would provide wide latitude in determining whether this requirement is satisfied.

40 Practical Tips Opt-In and Opt-Out Providing an Opt-In Opportunity for Optional Components Second, the Rule requires that subject be given the opportunity to opt-in to the optional research. This is the most frequent source of confusion surrounding this Rule, but the commentary makes clear that, if a subject is only provided an opportunity to opt out, he or she may be subject to undue pressure to agree to the optional research uses and disclosures.

41 Practical Tips Opt-In and Opt-Out Placement of Opt-In Language in a Compound Authorization The Omnibus Rule provides no guidance on where, exactly, an opt-in box (or other documentation of an opt-in election) relating to uses and disclosures of health information for optional research should appear. However, in keeping with the general regulatory principle that research-related documentation should avoid confusing subjects and should be kept to the minimum amount necessary for a full and clear explanation, it is probably reasonable for the opt-in box to appear in the body of the informed consent portion of the document, along with the explanation of the purposes, risks, benefits, etc. of the optional research. However, for clarity, there should be an explanation in the authorization (e.g. If you have elected to participate in the optional biomarker study as described above, your health information [may be used for/disclosed to etc.]

42 Compound Authorizations for Future Research I hereby authorize the use and disclosure of my protected health information for the following purposes: Future biomedical research Future research into my disease or condition Future research as described in the brochure Pharmacogenomics and You (

43 Compound Authorizations for Future Research By signing this form, you also authorize the use and disclosure of your protected health information for vital future biomedical research. If you do not wish to participate in this optional future research, please place your initials here:.

44 The Future HHS Advance Notice of Proposed Rulemaking: Enhanced Protections for Research Subjects and Reducing Burden, Delay and Ambiguity for Investigators 76 Fed. Reg (July 26, 2011)

45 The Future This ANPRM describes potential refinements to the current review framework intended to ensure that protections are commensurate with the level of risk of the research study. Five of the most significant changes being considered are summarized below, followed by a more detailed explanation of the proposals: HHS Advance Notice of Proposed Rulemaking: Enhanced Protections for Research Subjects and Reducing Burden, Delay and Ambiguity for Investigators 76 Fed. Reg (July 26, 2011)

46 The Future 1. Establishing mandatory data security and information protection standards for identifiable information and rules protecting against the inappropriate reidentification of de-identified information that is collected or generated as part of a research study to minimize informational risks and thereby eliminate the need for IRBs to review informational risks of the research. For purposes of the Common Rule, we are considering adopting the HIPAA standards regarding what constitutes individually identifiable information, a limited data set, and de-identified information, in order to harmonize these definitions and concepts. HHS Advance Notice of Proposed Rulemaking: Enhanced Protections for Research Subjects and Reducing Burden, Delay and Ambiguity for Investigators 76 Fed. Reg (July 26, 2011)

47 The Future A strong majority was opposed to the use of the HIPAA standards for purposes of defining the identifiability of research data Persons who were in support of the HIPAA standards tended to be persons based in medical organizations that were already following the HIPAA requirements. OHRP: Summary of Comments on ANPRM 02/24/2012

48 Questions - Comments

49 Thank You! We hope you found today s webinar informative and useful. Please complete our survey to provide feedback on this session. In the survey, you can also request a certificate of attendance for this event. Stay tuned for more information on our next webinar.

50 Research Impacts of the HIPAA Omnibus Final Rule July 31, 2013 Presented by: Fred Hamilton, JD Vice President, Ethics and Compliance at Mount Sinai Medical Center of Florida

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

New Rules on Privacy, Security, Breach Reporting and Enforcement: Not Just for HIPAA-chondriacs

New Rules on Privacy, Security, Breach Reporting and Enforcement: Not Just for HIPAA-chondriacs New Rules on Privacy, Security, Breach Reporting and Enforcement: Not Just for HIPAA-chondriacs Executive Summary After years of waiting for all of the anxious HIPAA-chondriacs out there, the HHS Office

More information

Winthrop-University Hospital

Winthrop-University Hospital Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance

More information

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal

More information

NEW HIPAA PRIVACY RULES ALTER OPTIONS FOR HEALTH CARE MARKETING AND RESEARCH

NEW HIPAA PRIVACY RULES ALTER OPTIONS FOR HEALTH CARE MARKETING AND RESEARCH A DV I S O RY January 2013 NEW HIPAA PRIVACY RULES ALTER OPTIONS FOR HEALTH CARE MARKETING AND RESEARCH In a notice published in the Federal Register on Jan. 25, 2013, 1 the Department of Health and Human

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

OCR Issues Final Modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to Implement the HITECH Act

OCR Issues Final Modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to Implement the HITECH Act OCR Issues Final Modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to Implement the HITECH Act February 20, 2013 Boston Brussels Chicago Düsseldorf Frankfurt Houston

More information

Am I a Business Associate?

Am I a Business Associate? Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

Introduction to HIPAA Privacy

Introduction to HIPAA Privacy Introduction to HIPAA Privacy is published by HCPro, Inc. Copyright 2003 HCPro, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, in any

More information

Medical Research Law & Policy Report

Medical Research Law & Policy Report Medical Research Law & Policy Report Reproduced with permission from Medical Research Law & Policy Report, 12 MRLR 98, 02/06/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033)

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT TERMS BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Children's Hospital, Boston (Draft Edition)

Children's Hospital, Boston (Draft Edition) Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available

More information

HIPAA Basics for Clinical Research

HIPAA Basics for Clinical Research HIPAA Basics for Clinical Research Audio options: Built-in audio on your computer OR Separate audio dial-in: 415-930-5229 Toll-free: 1-877-309-2074 Access Code: 960-353-248 Audio PIN: Shown after joining

More information

HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers

HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers Disclaimer: The following questions and answers are not legal advice or opinion. They

More information

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within

More information

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031 The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this

More information

University of Mississippi Medical Center Office of Integrity and Compliance

University of Mississippi Medical Center Office of Integrity and Compliance Office of Integrity and Effective Date: 2005 By: Committee 1.0 PURPOSE The purpose of this policy is to guide (UMMC) employees, who are involved with research, in obtaining an authorization for the use

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

The HIPAA Final Rule: What You Need To Do Now

The HIPAA Final Rule: What You Need To Do Now The HIPAA Final Rule: What You Need To Do Now Guidance and Privacy Notice Updates for Psychologists July 2013 Introduction In January 2013, the U.S. Department of Health and Human Services (HHS) issued

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable NOTICE OF PRIVACY PRACTICES TEMPLATE Sections highlighted in yellow are optional sections, depending on if applicable Original Date: ##/##/#### Revised per HIPAA Omnibus Rule ##/##/#### Revised Date Implementation:

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

Privacy Space. Public Place. How to Protect PHI and be HIPAA Compliant

Privacy Space. Public Place. How to Protect PHI and be HIPAA Compliant Privacy Space. Public Place. How to Protect PHI and be HIPAA Compliant Event Type Live Online ACPE Expiration Date 12/11/2016 Credits 1 Contact Hour Target Audience Pharmacy Technicians Program Overview

More information

HIPAA Privacy and Security and Research

HIPAA Privacy and Security and Research ICTS Brown Bag Seminar Successful Completion: Participants must complete an evaluation form to receive a certificate of completion Contact Hours: 1 contact hours is available to those who meet the successful

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

Releasing Information

Releasing Information Releasing Information There are 3 kinds of release situations now: our original Release of Information and it s uses under Colorado Law and Professional Ethical Standards; HPAA s Consent to release information

More information

Legislative & Regulatory Information

Legislative & Regulatory Information Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living. Notice of Privacy Practices

Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living. Notice of Privacy Practices Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA Privacy Rule Primer for the College or University Administrator HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) THIS AGREEMENT is entered into and made effective the day of, 2012 (the Effective Date ), by and between (a)

More information

Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual.

Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. HIPAA/HITECH Policies and Procedures Please read this in its entirety. Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. Give a copy of this to all staff to read and ask

More information

HIPAA-P01 Uses and Disclosures of Protected Health Information Policy

HIPAA-P01 Uses and Disclosures of Protected Health Information Policy HIPAA-P01 Uses and Disclosures of Protected Health Information Policy FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions Sanctions ADDITIONAL DETAILS Additional Contacts Web Address

More information

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health

More information

Reliance Agreement for Institutions Utilizing Stony Brook University s Institutional Review Board(s)

Reliance Agreement for Institutions Utilizing Stony Brook University s Institutional Review Board(s) Name of Organization Providing IRB Review: Stony Brook University ( SBU IRB ) Name of Institution Relying on the SBU IRB ( Institution ): Latest AAHRPP Accreditation Date (if applicable) OHRP Federal Wide

More information

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515 Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 HIPAA NOTICE OF PRIVACY PRACTICES PLEASE REVIEW THIS NOTICE CAREFULLY. IT DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW

More information

HIPAA Security Manual Administrative Security/Omnibus Rule

HIPAA Security Manual Administrative Security/Omnibus Rule Notice of Privacy Policies Form ***This notice describes how medical information about you may be used and disclosed and how you can get access to this information. PLEASE READ IT CAREFULLY!*** The tells

More information

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into as of ( Effective Date ) by and between ( Covered Entity ) and American Academy of Sleep Medicine ( Business Associate

More information

Authorization for Release of Information

Authorization for Release of Information Authorization for Release of Information Section I. Date: Student Name: Date of Birth: / / (mm/dd/yy) ID: Grade: School: Section II: Name: authorizes District # to release the specific information identified

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 2014 (the Effective Date ), by and between (a) GI Quality Improvement Consortuim,

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 20 (the Effective Date ), by and between (a) THE SOCIETY OF GYNECOLOGIC

More information

Overview of HITECH ACT Changes to HIPAA Privacy Rules

Overview of HITECH ACT Changes to HIPAA Privacy Rules Overview of HITECH ACT Changes to HIPAA Privacy Rules January 4, 2010 Presentation by Jennifer L. Cox, Esq. Timeline and Sources of Law HIPAA was passed by Congress in 1996, and regulations were required

More information

Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and HITECH Act Breach Notification Rules, 78 Fed. Reg. 5566 (Jan.

Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and HITECH Act Breach Notification Rules, 78 Fed. Reg. 5566 (Jan. AIS Special Report 1 AIS Special Report Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and HITECH Act Breach Notification Rules, 78 Fed. Reg. 5566 (Jan. 25, 2013) By Francie Fernald,

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION HILLSDALE COLLEGE HEALTH AND WELLNESS CENTER Policy Preamble This privacy policy ( Policy ) is designed to address the Use and Disclosure

More information

HIPAA Policies and Procedures

HIPAA Policies and Procedures HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

What is Covered under the Privacy Rule? Protected Health Information (PHI)

What is Covered under the Privacy Rule? Protected Health Information (PHI) HIPAA & RESEARCH What is Covered under the Privacy Rule? Protected Health Information (PHI) Health information + Identifier = PHI Transmitted or maintained in any form (paper, electronic, forms, web-based,

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) Use and Disclosure of PHI: Protected Health Information ( PHI ) may not be used or disclosed in violation of the Health Insurance

More information

Principal Investigator Responsibilities for Education and Social/Behavioral Researchers

Principal Investigator Responsibilities for Education and Social/Behavioral Researchers Principal Investigator Responsibilities for Education and Social/Behavioral Researchers Introduction The purpose of this module is to provide a basic understanding of the responsibilities of the principal

More information

Definitions. Catch-all definition:

Definitions. Catch-all definition: BUSINESS ASSOCIATE AGREEMENT THESE PROVISIONS MAY STAND ALONE AS A BUSINESS ASSOCIATE AGREEMENT, OR MAY BE INCORPORATED INTO A LARGER, MORE COMPREHENSIVE CONTRACT WITH THE BUSINESS ASSOCIATE TO COVER OTHER

More information

Appendix : Business Associate Agreement

Appendix : Business Associate Agreement I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,

More information

Business Associates: HITECH Changes You Need to Know

Business Associates: HITECH Changes You Need to Know Business Associates: HITECH Changes You Need to Know Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 Who Is a Business Associate? A

More information

Central Maine Healthcare

Central Maine Healthcare Central Maine Healthcare Administrative Policy No. HC-HI-5004(R2) HIPAA SUBJECT: Disclosures of Protected Health Information Policy Statement/Purpose: This policy sets forth the circumstances in which

More information

HIPAA-ACKNOWLEDGEMENT OF RECEIPT Notice of Privacy Practices

HIPAA-ACKNOWLEDGEMENT OF RECEIPT Notice of Privacy Practices PEDIATRIC ENDOCRINE ASSOCIATES, P.C. 8200 E. Belleview Avenue, Suite 510E Greenwood Village, CO 80111 303-783-3883 HIPAA-ACKNOWLEDGEMENT OF RECEIPT Notice of Privacy Practices Printed Patient Name: Patient

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate

More information

Authorization/Informed Consent for Use and Disclosure of Health Care Information Grid Wisconsin Statutes and the Federal Privacy Law

Authorization/Informed Consent for Use and Disclosure of Health Care Information Grid Wisconsin Statutes and the Federal Privacy Law Disclaimer: This Document is. It may be freely redistributed in its entirety provided that this copyright notice is not removed. It may August 27, 2010 Grid updated to correct the omission of "general"

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

Understanding Your Health Record Information

Understanding Your Health Record Information Associated Retina Consultant s, Ltd. Notice of Information Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Addendum is made part of the agreement between Boston Medical Center ("Covered Entity ) and ( Business Associate"), dated [the Underlying Agreement ]. In connection with

More information

POLICY AND PROCEDURE MANUAL

POLICY AND PROCEDURE MANUAL Pennington Biomedical POLICY NO. 412.22 POLICY AND PROCEDURE MANUAL Origin Date: 02/04/2013 Impacts: ALL PERSONNEL Effective Date: 03/17/2014 Subject: HIPAA BREACH NOTIFICATION Last Revised: Source: LEGAL

More information

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS HSHS BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement, ( Agreement ) is entered into on the date(s) set forth below by and between Hospital Sisters Health System on its own behalf and

More information

HIPAA Compliance Issues and Mobile App Design

HIPAA Compliance Issues and Mobile App Design HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies

More information

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations. 1 PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Privacy Notice is being

More information

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY PLEASE READ THIS WEBSITE PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE, OR SUBMITTING ANY PROTECTED HEALTH INFORMATION OR PERSONALLY IDENTIFIABLE

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their

More information

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

HIPAA COMPLIANCE INFORMATION. HIPAA Policy HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas

More information

Attachment B HIPAA-P03 Instructions for Completing IU s Authorization for Research Purposes

Attachment B HIPAA-P03 Instructions for Completing IU s Authorization for Research Purposes Attachment B HIPAA-P03 Instructions for Completing IU s Authorization for Research Purposes The HIPAA Privacy Rule generally prohibits health care providers from using or releasing protected health information

More information

Dear New Lilly Associate and Spouse or Domestic Partner:

Dear New Lilly Associate and Spouse or Domestic Partner: Eli Lilly and Company Lilly Corporate Center Indianapolis, Indiana 46285 U.S.A. +1.317.276.2000 www.lilly.com Dear New Lilly Associate and Spouse or Domestic Partner: Eli Lilly and Company is required

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

PLLC NOTICE OF PRIVACY PRACTICES

PLLC NOTICE OF PRIVACY PRACTICES PLLC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY. NOTICE OF PRIVACY PRACTICES The following

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum; BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties

More information

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities : Texas HB 300 HB 300: Background Texas House Research Organizational Bill Analysis for HB 300 shows state legislators believed HIPAA did not provide enough protection for private health information (PHI)

More information

RE: HIPAA Privacy Rule Accounting for Disclosures, RIN 0991-AB62

RE: HIPAA Privacy Rule Accounting for Disclosures, RIN 0991-AB62 Submitted electronically at www.regulations.gov Ms. Susan McAndrew Deputy Director for Health Information Privacy Office for Civil Rights U.S. Department of Health and Human Services Hubert H. Humphrey

More information