Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

Size: px
Start display at page:

Download "Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians"

Transcription

1 Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1

2 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security of electronic protected health information or ephi. The security of unsecured PHI and the steps that must be taken in the event of a breach of unsecured PHI. The federal agency responsible for overseeing compliance with HIPAA is the Office for Civil Rights (OCR) of the US Department of Health and Human Services. 2

3 Overview of HIPAA Sound Physicians is required to comply with HIPAA. To comply with HIPAA, Sound must: Comply with the HIPAA privacy rule Comply with the HIPAA security rule Comply with the unsecured PHI breach notification rule Adopt and implement policies and procedures that address the manner in which Sound will comply with the above rules Provide training to its workforce regarding HIPAA and its policies and procedures 3

4 Civil Penalties for HIPAA Violations Violations are categorized into 4 tiers, with each tier being assigned a penalty range: Violation Category Penalty 1 st Tier (Unknowing violation) 2 nd Tier (reasonable cause, not willful neglect) 3 rd Tier (willful neglect that s later corrected) 4 th Tier (willful neglect, not corrected) $100 per violation, not to exceed 25k $1,000 per violation, not to exceed 100k $10,000 per violation, not to exceed 250k $50,000 per violation, not to exceed $1.5m Individuals may share in penalties State Attorneys General may also bring a civil action for penalties on behalf of an individual affected by a HIPAA violation 4

5 Other Penalties for HIPAA Violations Criminal penalties Fines range from $50k - $250k Up to 10 years imprisonment Audits OCR is required to perform periodic audits to ensure persons required to comply with HIPAA are meeting its privacy and security requirements. 5

6 HIPAA Privacy Enforcement Since April 2003, OCR has received over 51,762 HIPAA Privacy Complaints. Most frequent complaints: Impermissible uses/disclosures Lack of safeguards for PHI Lack of patient access to PHI Uses or disclosures of more than the minimum necessary Lack of or invalid authorizations or notice Of the complaints received, over 16,000 have resulted in OCR investigations. Of those investigated, over 10,700 have resulted in corrective action. Examples of these corrective actions, and other information regarding HIPAA, can be found on OCR s website at Because of recent changes to the penalty provisions of HIPAA, the number of complaints will likely increase, as will the penalties associated with these complaints. 6

7 Sound s HIPAA Policies and Procedures To comply with HIPAA, Sound has adopted policies and procedures that comply with HIPAA s privacy, security and breach of unsecured PHI notification requirements. These policies designate Mr. Jim Kodjababian as Sound s Privacy Officer. In this role, Mr. Kodjababian is the primary person responsible within Sound for compliance with HIPAA s privacy rule and breach of unsecured PHI notification requirements. These policies designate Mr. Zima Hartz as Sound s Security Officer. In this role, Mr. Hartz is the primary person responsible within Sound for compliance with the HIPAA security rule. 7

8 Sound s HIPAA Policies and Procedures Sound s policies and procedures apply to Sound s workforce. Sound s workforce includes physicians, non-physician practitioners, nurses and other clinical employees, volunteers and other persons whose conduct is controlled by Sound. The policies and procedures address, in further detail, the concepts that will be discussed in today s presentation. Violation of the policies and procedures could result in disciplinary action, including, but not limited to, the following: Retraining Verbal warnings or written warnings Paid and unpaid suspensions Exclusion from the premises Loss of employee privileges and/or benefits Demotion or termination 8

9 Sound s HIPAA Policies and Procedures Violations or suspected violations or any other type of complaint relating to HIPAA privacy or relating to a breach of unsecured PHI must be reported to Sound s Privacy Officer, Mr. Jim Kodjababian. Violations or suspected violations or any other type of complaint relating to HIPAA security must be reported to Sound s Security Officer, Mr. Zima Hartz. Sound s management or other staff is prohibited from intimidating, threatening, coercing, discriminating against or taking other retaliatory action against individuals/others who assert their rights under HIPAA. 9

10 HIPAA Privacy Rule Protects confidentiality when using and disclosing an individual s protected health information ( PHI ) in any form paper, oral, or electronic. The definition of PHI is very broad. Generally, PHI is information that is held by or on behalf of Sound that may identify or be used to identify a patient. 10

11 General HIPAA Privacy Rule Sound may not use or disclose PHI unless the use or disclosure is: For Treatment, Payment, or Health Care Operations ( TPO ) To the patient As authorized by patient As otherwise allowed by HIPAA 11

12 Examples In routine conversation, a nurse employed by Sound who works in a client hospital tells her friend that she saw a particular individual in the hospital last week. HIPAA violation? Three people are on an elevator in a client hospital. Two are Sound physicians and the other is a maintenance personnel employed by a third party not affiliated with the hospital. The physicians begin to talk the appropriate plan of care for a patient to whom they each have provided care in a manner that the third party can easily hear their conversation. HIPAA violation? 12

13 Using/Disclosing PHI for TPO Treatment: Provision, coordination, or management of health care by one or more health care providers, including consultations and referrals. Payment: Activities to obtain payment or be reimbursed for health care services. Health Care Operations: Administrative, financial, legal and quality improvement activities; business planning activities; training and teaching activities; and accreditation, credentialing, licensing, competence, and performance activities; and fraud, abuse, and compliance activities. No consent or authorization required when a use or disclosure is for treatment, payment or health care operations. 13

14 Treatment Examples A Sound hospitalist sends a copy of individual s medical record to a specialist who needs the information to perform a consultation on the individual. Permissible? Hospitalist sends a copy of a patient s health care instructions to a nursing home to which patient is transferred. Permissible? 14

15 Payment and Health Care Operations Examples A specialty medical practice wants a copy of the health information that Sound maintains on an individual for quality assurance activities the practice is conducting. Permissible? Sound s compliance officer uses the health information of a patient in reviewing a potential compliance issue. Permissible? 15

16 Disclosures That Require An Opportunity to Object The HIPAA Privacy Rule allows Sound to make the following disclosures, among others, without patient authorization so long as the patient has an opportunity to object: Sound may disclose PHI to persons involved in care or payment for care The disclosure must be directly relevant to involvement This can be used to allow a spouse or child to pick up a prescription, x-ray, etc. Sound may also disclose patient s location, general condition, or death to responsible persons. 16

17 Disclosures Without Opportunity to Object The HIPAA Privacy Rule allows Sound to make the following disclosures, among others, without either patient authorization or giving the patient an opportunity to object: Uses or disclosures required by law Uses or disclosures for public health activities Disclosures about victims of neglect, abuse or domestic violence Disclosures for health oversight activities Certain, limited disclosures to Law enforcement Disclosures in court proceedings In each of these instances, certain requirements must be met. 17

18 Example of disclosures made without an opportunity to object A Sound hospitalist determines that Joe has H1N1. Joe s best friend is Mary. Can the hospitalist tell Mary that she has been exposed to H1N1 through Joe (i.e., can the hospitalist disclose PHI to Mary to inform her of her potential exposure to an infectious disease)? 18

19 Disclosures to Business Associates HIPAA permits Sound to disclose PHI to a Business Associate ( BA ) of Sound and permits the BA to create or receive PHI on Sound s behalf if Sound has satisfactory assurances that the BA will safeguard the PHI. Satisfactory assurances must be documented through a written contract. Sound has adopted a BA Agreement and a set of BA provisions that must be used in Sound s contracts with its BAs. 19

20 Disclosures to Business Associates There are some situations where Sound can disclose PHI to a BA without entering into a BA agreement. These include: Disclosures to or requests by provider for treatment Disclosures to patient at his/her request Disclosures to HHS for oversight 20

21 Authorizations Uses and disclosures that aren t otherwise permitted under HIPAA can only be made in accordance with an individual s authorization. The authorization must satisfy certain specific requirements and contain certain specific statements. Unenforceable if unsigned, expired or combined with other documents. 21

22 Required Disclosures There are certain instances where Sound is required to make disclosures. These include: To patients To a patient s personal representatives Executor or administrator of estate Parent or guardian of minor child Generally, a parent or guardian may access an unemancipated minor s PHI, unless this is inconsistent with state law. There are three exceptions to this general rule where the parent/guardian is not permitted to access the unemancipated minor s PHI. To OCR in connection with certain investigations or compliance reviews 22

23 HIPAA Example: Minors Sara, who is 16 years old and sexually active, lives in a state where parents are not considered personal representatives for purposes of certain procedures, including the testing, treatment or care for a STD. While being admitted at the hospital, Sara has a battery of tests, which reveal that she has a STD. Sara s mother inquires about the results of the tests. The Sound hospitalist who is assigned to Sara tells Sara s mother the results of the tests, including that Sara tested positive for a STD. HIPAA violation? 23

24 Limited Data Set/Minimum Necessary Standard Sound and its BAs must limit its use or disclosure of PHI to a limited data set, to the extent practicable. If more PHI is needed, Sound must limit use or disclosure of PHI to the minimum amount necessary to accomplish the purpose of the use or disclosure. There are few exceptions to this limited data set/minimum necessary standard. These include: Treatment Disclosures to patient at his/her request OCR will issue future guidance on compliance with this minimum necessary standard. 24

25 Individual s Rights under the HIPAA Privacy Rule Right to Access HIPAA generally provides an individual the right to inspect and obtain a copy of his or her PHI maintained in a designated record set. Right to request restrictions HIPAA allows individuals the right to request Sound to restrict the purposes for which the individual s PHI is disclosed. Sound generally is not required to agree to the restriction. Right to Amend HIPAA generally provides an individual the right to amend PHI maintained in a designated record set. Right to Accounting HIPAA generally provides an individual with a right to obtain an accounting of the disclosures made by Sound. This is discussed in greater detail on the following slides. 25

26 Accounting / Disclosure Log Except as noted below, Sound must keep a record of all disclosures of PHI. This record must include: Who received the information What information was disclosed When and why The following are instances where Sound does not have to keep a record of its PHI disclosures: Disclosures for TPO Disclosures to the patient Disclosures to persons involved in the patient s care 26

27 Accounting / Disclosure Log (Cont.) Disclosures for TPO Sound will, in the future, have to account for TPO disclosures made through an electronic health record (EHR) if Sound uses or maintains an EHR This accounting must include TPO disclosures made through an EHR for a period of 3 years prior to the date of the request of the accounting If a BA of Sound is disclosing for TPO, Sound must include those disclosures in the accounting or provide a list of all BAs and their contact information to the individual 27

28 Unsecured PHI Breach Notification Sound is required to make certain notifications upon discovery of a breach of unsecured PHI if, as a result of the breach, the unsecured PHI of an individual has been, or is reasonably believed to have been, accessed, acquired or disclosed. Breach Unauthorized acquisition, access, use or disclosure of unsecured PHI that compromises the security or privacy of the PHI. Breach does not include unintentional acquisition, access or use that was in good faith and within course and scope of employment/professional relationship. Unsecured PHI PHI that is not encrypted. Notice, which must contain certain items, must be provided within 60 days. In certain circumstances, the media and OCR must be notified about the breach. 28

29 Unsecured PHI Breach Notification Sound must also maintain a log of unsecured PHI breaches. This log must be submitted to OCR annually. In order to meet Sound s requirements under HIPAA s Unsecured PHI Breach Notification rule, Sound s employees must report any breaches of Unsecured PHI to Sound s privacy officer immediately upon becoming aware of the breach. 29

30 HIPAA Security Rule The HIPAA Security Rule is designed to ensure that Sound protects the integrity, confidentiality and integrity of the ephi that Sound collects, maintains and uses. It does this through imposing administrative, physical and technical safeguards. 30

31 Administrative Safeguards Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect ephi. Examples of administrative safeguards implemented through Sound s HIPAA security policies: Having a security management process. For example, Sound applies sanctions against its employees who fail to follow Sound s HIPAA securities policies and procedures Designation of a security official Managing information access. For example: Security officer provides employees access to ephi only if access is required for their job. See slide 35. Sound screens applicants backgrounds prior to hire to ensure that access is not given to an individual that poses a threat to the ephi s security. 31

32 Administrative Safeguards (Cont.) Periodic training of employees on HIPAA security Process for raising security awareness: Periodic security reminders Processes for protecting against malicious software Log-in monitoring Sound s system locks employees out after three unsuccessful log-in attempts Password management Passwords are changed every 60 days Passwords are not to be shared and should not be written down, printed or stored in an unencrypted format Employees should not log-on the system using another s password Process for reporting security incidents A security incident is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. Security Incidents must be reported to your supervisor or the Security Officer. 32

33 Physical Safeguards Physical safeguards are those that protect IT systems and related equipment and buildings from natural and environmental hazards, and unauthorized intrusion Examples of physical safeguards implemented through Sound s HIPAA security policies: Facility access controls e.g., requiring ID badges and magnetic card readers to access Sound s facilities Workstation security e.g., user IDs and passwords are designed to prevent unauthorized access to workstations and employees are supposed to be aware of their workstation surroundings and report anything suspicious to their supervisor or Sound s security official Device and media controls e.g., Sound will remove any ephi from computers before they are reused 33

34 Technical Safeguards Technical safeguards is technology and the policy and procedures for its use that protect ephi and controls access to it. Examples of technical safeguards implemented through Sound s HIPAA security policies: Access Controls - Sound limits PHI access based on job function (see chart on following slide) Sound s employees are issued unique User IDs and passwords. Users are expected to lock or log off of workstations when left unattended and should close applications when not in use. SoundConnect - automatically converts to a blank screen after five minutes of inactivity; shuts down after an additional ten minutes of inactivity Users of the general Sound network - automatically logged off or locked after 15 minutes of inactivity. Audit Controls User activity is audited by Sound. Users are accountable for all activity and access that occurs under their logon. 34

35 Technical Safeguards (Cont.) Mechanisms to maintain integrity of ephi Sound uses anti-virus software to prevent malicious viruses Sound has processes that ensures hardware is appropriately secured Ensuring security during information transmission Transmissions from Sound network to an outside party or network utilize an encryption mechanism between the sending and receiving entities. Sound employees may transmit ephi within Sound s network only where absolutely necessary and only if the minimum necessary amount of ephi is used in the transmission. 35

36 PHI Access Staff Category PHI Access Justification Individuals who provide any clinical service, including but not limited to, any physician, nonphysician practitioner, nurse or other clinical personnel All records of patients being treated by an individual provider Involvement in patient care Management (including Sound s Compliance Officer) All records, to the extent relevant to an issue being addressed by an individual manager Enabling effective management, including monitoring and improving patient care, addressing complaints, and avoiding or addressing legal issues. Quality Assurance Personnel All records relevant to any billing-related issue being handled by the individual staff member Enabling accurate processing of claims for reimbursement and all inquiries and disputes related thereto. Clerical Personnel interacting with patients or their personal representatives. Records of patients as necessary to assist with services such as scheduling, etc. Enabling efficient performance of services for patients or personal representatives. 36

37 Specific Sound policies : Use must be restricted to proper business purposes and must be treated in a confidential manner (including the use of a confidential notation in the and the attachment of a Sound-approved confidentiality statement). When using , the information transmitted must be limited to minimum necessary to meet the requester s needs senders of PHI should routinely check and re-check addresses of recipients before transmission Before using to correspond with Sound patients, the patient must provide consent to receiving correspondence via . Examples of prohibited usage of Transmission of information to individuals inside or outside Sound who do not have a legitimate business need for the information. Transmission of highly confidential or sensitive information, such as HIV status, mental illness or chemical dependency Auto forwarding of 37

38 Specific Sound policies: Facsimiles Faxes are only to be used when another method of transmission is not feasible. Sensitive PHI (e.g., HIV status, mental health status, drug or alcohol dependency) should only be faxed in emergencies. Procedures relating to location and monitoring of faxes: Fax machines are to be located in low traffic areas Fax machines should be checked frequently (e.g., once an hour) Fax messages should be sorted so that employees do not have to rummage through the messages to find the fax pertaining to them. Fax procedures: Cover sheets should be used and confirmation pages should be attached to the faxed material. Confirm recipient s fax number if used infrequently; program frequently used numbers into fax machine If a fax containing PHI has been misrouted, contact unintended recipient and request return or destruction of the faxed document. Request that the recipient destroy the faxed material after use, unless the material is incorporated into a medical record or other record that is required to be maintained by law. 38

39 Specific Sound policies: Telephone Use Employees may disclose PHI through telephones in the same manner as they do in person Telephone calls that involve the discussion of PHI should be done in a manner that maintains privacy to the greatest extent possible (e.g., use as low of voice as possible) Telephone callers should verify identity of patient prior to disclosing PHI. Information included in a voic message for a patient should be limited to: Name of person for whom the message is left A request that the person return the call Name and number of person making the call 39

40 QUESTIONS AND CONTACT INFORMATION Questions? Contact Information for Privacy Officer: Mr. Jim Kodjababian Phone: (253) Contact Information for Security Officer: Mr. Zima Hartz Phone: (253)

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please

More information

HIPAA Compliance. 2013 Annual Mandatory Education

HIPAA Compliance. 2013 Annual Mandatory Education HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

Annual Compliance Training. HITECH/HIPAA Refresher

Annual Compliance Training. HITECH/HIPAA Refresher Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

HIPAA Privacy & Security Training for Clinicians

HIPAA Privacy & Security Training for Clinicians HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10 HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Privacy Policy & Notice of Privacy Practices

HIPAA Privacy Policy & Notice of Privacy Practices HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the

More information

HIPAA Privacy & Security Rules

HIPAA Privacy & Security Rules HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to

More information

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) HUMAN RESOURCES Index No. VI-35 PROCEDURES MEMORANDUMS TO: FROM: SUBJECT: MCC Personnel Office of the President Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance

More information

Guilford Medical Associates, P.A.

Guilford Medical Associates, P.A. Page 1 Guilford Medical Associates, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL What is HIPAA? Comprehensive federal legislation regarding health insurance which is comprised of four key areas:

More information

JOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System

JOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System JOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System EFFECTIVE: September 23, 2013 THIS JOINT NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT

More information

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Original effective date: 2003 Effective date of last Revision: July 17, 2013 CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Caring Hospice Services of Connecticut Caring Hospice Services of New York

More information

HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA NOTICE OF PRIVACY PRACTICES HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Protected

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA POLICY PROCEDURE GUIDE

HIPAA POLICY PROCEDURE GUIDE HIPAA POLICY & PROCEDURE GUIDE FRONT END AREAS Office of Compliance & Audit Services - 1 - Table of Contents I. Notice of Privacy Practices: Page 3 II. Disclosing Downstate Directory Information: Page

More information

Department of Health and Human Services Policy ADMN 004, Attachment A

Department of Health and Human Services Policy ADMN 004, Attachment A WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Health Insurance Portability and Accountability Act of 1996 (HIPAA) HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.

More information

HIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?

HIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do? HIPAA Privacy FAQ s 1. What is the HIPAA privacy regulation? Until Congress passed HIPAA in 1996, personal health information (PHI) was protected by a patchwork of federal and state laws. Patients health

More information

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,

More information

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003

TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003 TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003 UPDATED EFFECTIVE SEPTEMBER 1, 2012 Any questions about the following policies and

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

APPENDIX 1: Frequently Asked Questions

APPENDIX 1: Frequently Asked Questions APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).

More information

HIPAA Privacy Keys to Success Updated January 2010

HIPAA Privacy Keys to Success Updated January 2010 HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts

More information

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System

More information

NOTICE OF PRIVACY PRACTICES (NPP)

NOTICE OF PRIVACY PRACTICES (NPP) NOTICE OF PRIVACY PRACTICES (NPP) This Notice contains information about how your medical information may be used and/or disclosed and how you can get access to this information. Please read this Notice

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

Responding to HIPAA Breaches

Responding to HIPAA Breaches Responding to HIPAA Breaches 11/06/2015 by Kim Stanger HIPAA privacy and security breaches can result in fines of $100 to $50,000 to covered entities (including healthcare providers and health plans) and

More information

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

8.03 Health Insurance Portability and Accountability Act (HIPAA)

8.03 Health Insurance Portability and Accountability Act (HIPAA) Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE OF PRIVACY PRACTICES

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. OUR PLEDGE

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

OCR HIPAA AUDIT PROTOCOL PUBLISHED APRIL 2016

OCR HIPAA AUDIT PROTOCOL PUBLISHED APRIL 2016 OCR HIPAA AUDIT PROTOCOL PUBLISHED APRIL 2016 Please note: This chart is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to HIPAA.

More information

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

HIPAA In The Workplace. What Every Employee Should Know and Remember

HIPAA In The Workplace. What Every Employee Should Know and Remember HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

More information

HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA NOTICE OF PRIVACY PRACTICES HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

SDC-League Health Fund

SDC-League Health Fund SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION

More information

Joseph Suchocki HIPAA Compliance 2015

Joseph Suchocki HIPAA Compliance 2015 Joseph Suchocki HIPAA Compliance 2015 Sponsored by Eagle Associates, Inc. Eagle Associates provides compliance services for over 1,200 practices nation wide. Services provided by Eagle Associates address

More information

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain

More information

Checklist for HIPAA Privacy Policy

Checklist for HIPAA Privacy Policy Checklist for HIPAA Privacy Verification of the Identity and Authority of the Client Requesting Disclosure of PHI There are a number of situations in which members of the workforce of the organization

More information

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

More information

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc.

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc. Notice of Health Information Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Important Notice

More information

HIPAA POLICY PROCEDURE GUIDE

HIPAA POLICY PROCEDURE GUIDE HIPAA POLICY & PROCEDURE GUIDE HEALTH INFORMATION MANAGEMENT DEPARTMENT Office of Compliance & Audit Services - 1 - Table of Contents I. Patient Requests for Medical Records: Page 3 II. Other Requests

More information

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared; Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014

More information

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity

More information

HIPAA Security Education. Updated May 2016

HIPAA Security Education. Updated May 2016 HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 4 Policy Title: Information Security Incident Response January 26, 2016 IDENT INFOSEC4 Type of Document:

More information

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 Orchard Creek Health Care is required by law to maintain the privacy of protected health information (PHI) of our residents. If you feel

More information

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES Effective Date: Immediately This information is made available to all patients THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU

More information

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

What Virginia s Free Clinics Need to Know About HIPAA and HITECH What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics

More information

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the

More information

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information