Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians
|
|
- Baldwin Sparks
- 8 years ago
- Views:
Transcription
1 Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1
2 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security of electronic protected health information or ephi. The security of unsecured PHI and the steps that must be taken in the event of a breach of unsecured PHI. The federal agency responsible for overseeing compliance with HIPAA is the Office for Civil Rights (OCR) of the US Department of Health and Human Services. 2
3 Overview of HIPAA Sound Physicians is required to comply with HIPAA. To comply with HIPAA, Sound must: Comply with the HIPAA privacy rule Comply with the HIPAA security rule Comply with the unsecured PHI breach notification rule Adopt and implement policies and procedures that address the manner in which Sound will comply with the above rules Provide training to its workforce regarding HIPAA and its policies and procedures 3
4 Civil Penalties for HIPAA Violations Violations are categorized into 4 tiers, with each tier being assigned a penalty range: Violation Category Penalty 1 st Tier (Unknowing violation) 2 nd Tier (reasonable cause, not willful neglect) 3 rd Tier (willful neglect that s later corrected) 4 th Tier (willful neglect, not corrected) $100 per violation, not to exceed 25k $1,000 per violation, not to exceed 100k $10,000 per violation, not to exceed 250k $50,000 per violation, not to exceed $1.5m Individuals may share in penalties State Attorneys General may also bring a civil action for penalties on behalf of an individual affected by a HIPAA violation 4
5 Other Penalties for HIPAA Violations Criminal penalties Fines range from $50k - $250k Up to 10 years imprisonment Audits OCR is required to perform periodic audits to ensure persons required to comply with HIPAA are meeting its privacy and security requirements. 5
6 HIPAA Privacy Enforcement Since April 2003, OCR has received over 51,762 HIPAA Privacy Complaints. Most frequent complaints: Impermissible uses/disclosures Lack of safeguards for PHI Lack of patient access to PHI Uses or disclosures of more than the minimum necessary Lack of or invalid authorizations or notice Of the complaints received, over 16,000 have resulted in OCR investigations. Of those investigated, over 10,700 have resulted in corrective action. Examples of these corrective actions, and other information regarding HIPAA, can be found on OCR s website at Because of recent changes to the penalty provisions of HIPAA, the number of complaints will likely increase, as will the penalties associated with these complaints. 6
7 Sound s HIPAA Policies and Procedures To comply with HIPAA, Sound has adopted policies and procedures that comply with HIPAA s privacy, security and breach of unsecured PHI notification requirements. These policies designate Mr. Jim Kodjababian as Sound s Privacy Officer. In this role, Mr. Kodjababian is the primary person responsible within Sound for compliance with HIPAA s privacy rule and breach of unsecured PHI notification requirements. These policies designate Mr. Zima Hartz as Sound s Security Officer. In this role, Mr. Hartz is the primary person responsible within Sound for compliance with the HIPAA security rule. 7
8 Sound s HIPAA Policies and Procedures Sound s policies and procedures apply to Sound s workforce. Sound s workforce includes physicians, non-physician practitioners, nurses and other clinical employees, volunteers and other persons whose conduct is controlled by Sound. The policies and procedures address, in further detail, the concepts that will be discussed in today s presentation. Violation of the policies and procedures could result in disciplinary action, including, but not limited to, the following: Retraining Verbal warnings or written warnings Paid and unpaid suspensions Exclusion from the premises Loss of employee privileges and/or benefits Demotion or termination 8
9 Sound s HIPAA Policies and Procedures Violations or suspected violations or any other type of complaint relating to HIPAA privacy or relating to a breach of unsecured PHI must be reported to Sound s Privacy Officer, Mr. Jim Kodjababian. Violations or suspected violations or any other type of complaint relating to HIPAA security must be reported to Sound s Security Officer, Mr. Zima Hartz. Sound s management or other staff is prohibited from intimidating, threatening, coercing, discriminating against or taking other retaliatory action against individuals/others who assert their rights under HIPAA. 9
10 HIPAA Privacy Rule Protects confidentiality when using and disclosing an individual s protected health information ( PHI ) in any form paper, oral, or electronic. The definition of PHI is very broad. Generally, PHI is information that is held by or on behalf of Sound that may identify or be used to identify a patient. 10
11 General HIPAA Privacy Rule Sound may not use or disclose PHI unless the use or disclosure is: For Treatment, Payment, or Health Care Operations ( TPO ) To the patient As authorized by patient As otherwise allowed by HIPAA 11
12 Examples In routine conversation, a nurse employed by Sound who works in a client hospital tells her friend that she saw a particular individual in the hospital last week. HIPAA violation? Three people are on an elevator in a client hospital. Two are Sound physicians and the other is a maintenance personnel employed by a third party not affiliated with the hospital. The physicians begin to talk the appropriate plan of care for a patient to whom they each have provided care in a manner that the third party can easily hear their conversation. HIPAA violation? 12
13 Using/Disclosing PHI for TPO Treatment: Provision, coordination, or management of health care by one or more health care providers, including consultations and referrals. Payment: Activities to obtain payment or be reimbursed for health care services. Health Care Operations: Administrative, financial, legal and quality improvement activities; business planning activities; training and teaching activities; and accreditation, credentialing, licensing, competence, and performance activities; and fraud, abuse, and compliance activities. No consent or authorization required when a use or disclosure is for treatment, payment or health care operations. 13
14 Treatment Examples A Sound hospitalist sends a copy of individual s medical record to a specialist who needs the information to perform a consultation on the individual. Permissible? Hospitalist sends a copy of a patient s health care instructions to a nursing home to which patient is transferred. Permissible? 14
15 Payment and Health Care Operations Examples A specialty medical practice wants a copy of the health information that Sound maintains on an individual for quality assurance activities the practice is conducting. Permissible? Sound s compliance officer uses the health information of a patient in reviewing a potential compliance issue. Permissible? 15
16 Disclosures That Require An Opportunity to Object The HIPAA Privacy Rule allows Sound to make the following disclosures, among others, without patient authorization so long as the patient has an opportunity to object: Sound may disclose PHI to persons involved in care or payment for care The disclosure must be directly relevant to involvement This can be used to allow a spouse or child to pick up a prescription, x-ray, etc. Sound may also disclose patient s location, general condition, or death to responsible persons. 16
17 Disclosures Without Opportunity to Object The HIPAA Privacy Rule allows Sound to make the following disclosures, among others, without either patient authorization or giving the patient an opportunity to object: Uses or disclosures required by law Uses or disclosures for public health activities Disclosures about victims of neglect, abuse or domestic violence Disclosures for health oversight activities Certain, limited disclosures to Law enforcement Disclosures in court proceedings In each of these instances, certain requirements must be met. 17
18 Example of disclosures made without an opportunity to object A Sound hospitalist determines that Joe has H1N1. Joe s best friend is Mary. Can the hospitalist tell Mary that she has been exposed to H1N1 through Joe (i.e., can the hospitalist disclose PHI to Mary to inform her of her potential exposure to an infectious disease)? 18
19 Disclosures to Business Associates HIPAA permits Sound to disclose PHI to a Business Associate ( BA ) of Sound and permits the BA to create or receive PHI on Sound s behalf if Sound has satisfactory assurances that the BA will safeguard the PHI. Satisfactory assurances must be documented through a written contract. Sound has adopted a BA Agreement and a set of BA provisions that must be used in Sound s contracts with its BAs. 19
20 Disclosures to Business Associates There are some situations where Sound can disclose PHI to a BA without entering into a BA agreement. These include: Disclosures to or requests by provider for treatment Disclosures to patient at his/her request Disclosures to HHS for oversight 20
21 Authorizations Uses and disclosures that aren t otherwise permitted under HIPAA can only be made in accordance with an individual s authorization. The authorization must satisfy certain specific requirements and contain certain specific statements. Unenforceable if unsigned, expired or combined with other documents. 21
22 Required Disclosures There are certain instances where Sound is required to make disclosures. These include: To patients To a patient s personal representatives Executor or administrator of estate Parent or guardian of minor child Generally, a parent or guardian may access an unemancipated minor s PHI, unless this is inconsistent with state law. There are three exceptions to this general rule where the parent/guardian is not permitted to access the unemancipated minor s PHI. To OCR in connection with certain investigations or compliance reviews 22
23 HIPAA Example: Minors Sara, who is 16 years old and sexually active, lives in a state where parents are not considered personal representatives for purposes of certain procedures, including the testing, treatment or care for a STD. While being admitted at the hospital, Sara has a battery of tests, which reveal that she has a STD. Sara s mother inquires about the results of the tests. The Sound hospitalist who is assigned to Sara tells Sara s mother the results of the tests, including that Sara tested positive for a STD. HIPAA violation? 23
24 Limited Data Set/Minimum Necessary Standard Sound and its BAs must limit its use or disclosure of PHI to a limited data set, to the extent practicable. If more PHI is needed, Sound must limit use or disclosure of PHI to the minimum amount necessary to accomplish the purpose of the use or disclosure. There are few exceptions to this limited data set/minimum necessary standard. These include: Treatment Disclosures to patient at his/her request OCR will issue future guidance on compliance with this minimum necessary standard. 24
25 Individual s Rights under the HIPAA Privacy Rule Right to Access HIPAA generally provides an individual the right to inspect and obtain a copy of his or her PHI maintained in a designated record set. Right to request restrictions HIPAA allows individuals the right to request Sound to restrict the purposes for which the individual s PHI is disclosed. Sound generally is not required to agree to the restriction. Right to Amend HIPAA generally provides an individual the right to amend PHI maintained in a designated record set. Right to Accounting HIPAA generally provides an individual with a right to obtain an accounting of the disclosures made by Sound. This is discussed in greater detail on the following slides. 25
26 Accounting / Disclosure Log Except as noted below, Sound must keep a record of all disclosures of PHI. This record must include: Who received the information What information was disclosed When and why The following are instances where Sound does not have to keep a record of its PHI disclosures: Disclosures for TPO Disclosures to the patient Disclosures to persons involved in the patient s care 26
27 Accounting / Disclosure Log (Cont.) Disclosures for TPO Sound will, in the future, have to account for TPO disclosures made through an electronic health record (EHR) if Sound uses or maintains an EHR This accounting must include TPO disclosures made through an EHR for a period of 3 years prior to the date of the request of the accounting If a BA of Sound is disclosing for TPO, Sound must include those disclosures in the accounting or provide a list of all BAs and their contact information to the individual 27
28 Unsecured PHI Breach Notification Sound is required to make certain notifications upon discovery of a breach of unsecured PHI if, as a result of the breach, the unsecured PHI of an individual has been, or is reasonably believed to have been, accessed, acquired or disclosed. Breach Unauthorized acquisition, access, use or disclosure of unsecured PHI that compromises the security or privacy of the PHI. Breach does not include unintentional acquisition, access or use that was in good faith and within course and scope of employment/professional relationship. Unsecured PHI PHI that is not encrypted. Notice, which must contain certain items, must be provided within 60 days. In certain circumstances, the media and OCR must be notified about the breach. 28
29 Unsecured PHI Breach Notification Sound must also maintain a log of unsecured PHI breaches. This log must be submitted to OCR annually. In order to meet Sound s requirements under HIPAA s Unsecured PHI Breach Notification rule, Sound s employees must report any breaches of Unsecured PHI to Sound s privacy officer immediately upon becoming aware of the breach. 29
30 HIPAA Security Rule The HIPAA Security Rule is designed to ensure that Sound protects the integrity, confidentiality and integrity of the ephi that Sound collects, maintains and uses. It does this through imposing administrative, physical and technical safeguards. 30
31 Administrative Safeguards Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect ephi. Examples of administrative safeguards implemented through Sound s HIPAA security policies: Having a security management process. For example, Sound applies sanctions against its employees who fail to follow Sound s HIPAA securities policies and procedures Designation of a security official Managing information access. For example: Security officer provides employees access to ephi only if access is required for their job. See slide 35. Sound screens applicants backgrounds prior to hire to ensure that access is not given to an individual that poses a threat to the ephi s security. 31
32 Administrative Safeguards (Cont.) Periodic training of employees on HIPAA security Process for raising security awareness: Periodic security reminders Processes for protecting against malicious software Log-in monitoring Sound s system locks employees out after three unsuccessful log-in attempts Password management Passwords are changed every 60 days Passwords are not to be shared and should not be written down, printed or stored in an unencrypted format Employees should not log-on the system using another s password Process for reporting security incidents A security incident is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. Security Incidents must be reported to your supervisor or the Security Officer. 32
33 Physical Safeguards Physical safeguards are those that protect IT systems and related equipment and buildings from natural and environmental hazards, and unauthorized intrusion Examples of physical safeguards implemented through Sound s HIPAA security policies: Facility access controls e.g., requiring ID badges and magnetic card readers to access Sound s facilities Workstation security e.g., user IDs and passwords are designed to prevent unauthorized access to workstations and employees are supposed to be aware of their workstation surroundings and report anything suspicious to their supervisor or Sound s security official Device and media controls e.g., Sound will remove any ephi from computers before they are reused 33
34 Technical Safeguards Technical safeguards is technology and the policy and procedures for its use that protect ephi and controls access to it. Examples of technical safeguards implemented through Sound s HIPAA security policies: Access Controls - Sound limits PHI access based on job function (see chart on following slide) Sound s employees are issued unique User IDs and passwords. Users are expected to lock or log off of workstations when left unattended and should close applications when not in use. SoundConnect - automatically converts to a blank screen after five minutes of inactivity; shuts down after an additional ten minutes of inactivity Users of the general Sound network - automatically logged off or locked after 15 minutes of inactivity. Audit Controls User activity is audited by Sound. Users are accountable for all activity and access that occurs under their logon. 34
35 Technical Safeguards (Cont.) Mechanisms to maintain integrity of ephi Sound uses anti-virus software to prevent malicious viruses Sound has processes that ensures hardware is appropriately secured Ensuring security during information transmission Transmissions from Sound network to an outside party or network utilize an encryption mechanism between the sending and receiving entities. Sound employees may transmit ephi within Sound s network only where absolutely necessary and only if the minimum necessary amount of ephi is used in the transmission. 35
36 PHI Access Staff Category PHI Access Justification Individuals who provide any clinical service, including but not limited to, any physician, nonphysician practitioner, nurse or other clinical personnel All records of patients being treated by an individual provider Involvement in patient care Management (including Sound s Compliance Officer) All records, to the extent relevant to an issue being addressed by an individual manager Enabling effective management, including monitoring and improving patient care, addressing complaints, and avoiding or addressing legal issues. Quality Assurance Personnel All records relevant to any billing-related issue being handled by the individual staff member Enabling accurate processing of claims for reimbursement and all inquiries and disputes related thereto. Clerical Personnel interacting with patients or their personal representatives. Records of patients as necessary to assist with services such as scheduling, etc. Enabling efficient performance of services for patients or personal representatives. 36
37 Specific Sound policies : Use must be restricted to proper business purposes and must be treated in a confidential manner (including the use of a confidential notation in the and the attachment of a Sound-approved confidentiality statement). When using , the information transmitted must be limited to minimum necessary to meet the requester s needs senders of PHI should routinely check and re-check addresses of recipients before transmission Before using to correspond with Sound patients, the patient must provide consent to receiving correspondence via . Examples of prohibited usage of Transmission of information to individuals inside or outside Sound who do not have a legitimate business need for the information. Transmission of highly confidential or sensitive information, such as HIV status, mental illness or chemical dependency Auto forwarding of 37
38 Specific Sound policies: Facsimiles Faxes are only to be used when another method of transmission is not feasible. Sensitive PHI (e.g., HIV status, mental health status, drug or alcohol dependency) should only be faxed in emergencies. Procedures relating to location and monitoring of faxes: Fax machines are to be located in low traffic areas Fax machines should be checked frequently (e.g., once an hour) Fax messages should be sorted so that employees do not have to rummage through the messages to find the fax pertaining to them. Fax procedures: Cover sheets should be used and confirmation pages should be attached to the faxed material. Confirm recipient s fax number if used infrequently; program frequently used numbers into fax machine If a fax containing PHI has been misrouted, contact unintended recipient and request return or destruction of the faxed document. Request that the recipient destroy the faxed material after use, unless the material is incorporated into a medical record or other record that is required to be maintained by law. 38
39 Specific Sound policies: Telephone Use Employees may disclose PHI through telephones in the same manner as they do in person Telephone calls that involve the discussion of PHI should be done in a manner that maintains privacy to the greatest extent possible (e.g., use as low of voice as possible) Telephone callers should verify identity of patient prior to disclosing PHI. Information included in a voic message for a patient should be limited to: Name of person for whom the message is left A request that the person return the call Name and number of person making the call 39
40 QUESTIONS AND CONTACT INFORMATION Questions? Contact Information for Privacy Officer: Mr. Jim Kodjababian Phone: (253) Contact Information for Security Officer: Mr. Zima Hartz Phone: (253)
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationPacific Medical Centers HIPAA Training for Residents, Fellows and Others
Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationREPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.
REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationGaston County HIPAA Manual
Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.
More informationAnnual Compliance Training. HITECH/HIPAA Refresher
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationSarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995
Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationHIPAA Orientation. Health Insurance Portability and Accountability Act
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
More informationJOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System
JOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System EFFECTIVE: September 23, 2013 THIS JOINT NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationHIPAA Privacy Policy & Notice of Privacy Practices
HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationGuilford Medical Associates, P.A.
Page 1 Guilford Medical Associates, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationNORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES
NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationHealth Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationTEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003
TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003 UPDATED EFFECTIVE SEPTEMBER 1, 2012 Any questions about the following policies and
More informationGuidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HUMAN RESOURCES Index No. VI-35 PROCEDURES MEMORANDUMS TO: FROM: SUBJECT: MCC Personnel Office of the President Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance
More informationCARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES
Original effective date: 2003 Effective date of last Revision: July 17, 2013 CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Caring Hospice Services of Connecticut Caring Hospice Services of New York
More informationSOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of
More informationNotice of Privacy Practices
Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of
More informationTHE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL
THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL What is HIPAA? Comprehensive federal legislation regarding health insurance which is comprised of four key areas:
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationHIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?
HIPAA Privacy FAQ s 1. What is the HIPAA privacy regulation? Until Congress passed HIPAA in 1996, personal health information (PHI) was protected by a patchwork of federal and state laws. Patients health
More informationDepartment of Health and Human Services Policy ADMN 004, Attachment A
WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON
More informationHIPAA POLICY PROCEDURE GUIDE
HIPAA POLICY & PROCEDURE GUIDE HEALTH INFORMATION MANAGEMENT DEPARTMENT Office of Compliance & Audit Services - 1 - Table of Contents I. Patient Requests for Medical Records: Page 3 II. Other Requests
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationHIPAA NOTICE OF PRIVACY PRACTICES
HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Protected
More informationHIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the
More informationGONZABA MEDICAL GROUP PATIENT REGISTRATION FORM
GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM DATE: CHART#: GUARANTOR INFORMATION LAST NAME: FIRST NAME: MI: ADDRESS: HOME PHONE: ADDRESS: CITY/STATE: ZIP CODE: **************************************************************************************
More informationSDC-League Health Fund
SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION
More informationNOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)
NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationAPPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES
APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationHIPAA POLICY PROCEDURE GUIDE
HIPAA POLICY & PROCEDURE GUIDE FRONT END AREAS Office of Compliance & Audit Services - 1 - Table of Contents I. Notice of Privacy Practices: Page 3 II. Disclosing Downstate Directory Information: Page
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationNOTICE OF PRIVACY PRACTICES (NPP)
NOTICE OF PRIVACY PRACTICES (NPP) This Notice contains information about how your medical information may be used and/or disclosed and how you can get access to this information. Please read this Notice
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS
HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS 1. HIPAA Privacy Policies & Procedures Overview (Policy & Procedure) 2. HIPAA Privacy Officer (Policy & Procedure) 3. Notice of Privacy
More informationNOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationJoseph Suchocki HIPAA Compliance 2015
Joseph Suchocki HIPAA Compliance 2015 Sponsored by Eagle Associates, Inc. Eagle Associates provides compliance services for over 1,200 practices nation wide. Services provided by Eagle Associates address
More informationUse or Disclosure of PHI
BRICKLAYERS AND ALLIED CRAFTWORKERS LOCAL 1 OF PA/DE HEALTH AND WELFARE FUND NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION (Effective September 23, 2013) THIS NOTICE DESCRIBES HOW MEDICAL
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Important Notice
More informationPrivacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA
Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationHIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN)
HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN) Effective Date: 04/14/15 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationHIPAA In The Workplace. What Every Employee Should Know and Remember
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
More informationACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES
ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective
More informationWhen HHS Calls, Will Your Plan Be HIPAA Compliant?
When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this
More informationHIPAA NOTICE OF PRIVACY PRACTICES
HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationThe HIPAA Security Rule Primer A Guide For Mental Health Practitioners
The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationThe Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
More informationAPPENDIX 1: Frequently Asked Questions
APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationA A E S C. Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES
A A E S C Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationHIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act
HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE OF PRIVACY PRACTICES
More informationConnecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement
Connecticut Pipe Trades Health Fund Privacy Notice 2013 Restatement Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationNOTICE OF PRIVACY PRACTICES. The University of North Carolina at Chapel Hill. UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates
NOTICE OF PRIVACY PRACTICES The University of North Carolina at Chapel Hill UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
More informationM E M O R A N D U M. Definitions
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationSAMPLE TEMPLATE. Massachusetts Written Information Security Plan
SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationPolk Medical Center Notice of Privacy Practices
Polk Medical Center Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationSECURITY RISK ASSESSMENT SUMMARY
Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationNorthern Illinois Health Insurance Program HIPAA NOTICE OF PRIVACY PRACTICES PLEASE READ CAREFULLY
Northern Illinois Health Insurance Program HIPAA NOTICE OF PRIVACY PRACTICES PLEASE READ CAREFULLY This notice describes how medical information about you may be used and disclosed and how you can get
More informationPRIVACY HIPAA NOTICE OF PRACTICE
PRIVACY HIPAA NOTICE OF PRACTICE Bux-Mont Allergy & Asthma, L.L.C. NOTICE OF PRIVACY PRACTICES Effective date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
More informationHIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals
HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI
More informationSalt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Date: June 1, 2014 Salt Lake Community College
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: Immediately This information is made available to all patients THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA Training Study Guide July 2015 June 2016
Contents HIPAA Overview... 2 Who must comply?... 2 Privacy Standard... 3 Protected Health Information (PHI)... 3 Minimum Necessary Rule... 4 Requests for PHI... 5 Acceptable PHI Releases... 5 Special Circumstances...
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More information