HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?"

Transcription

1 Chapter I HIPAA Overview HIPAA Compliance for Employers What is it? What is it supposed to do? Why should you care? Who does it apply to? What does it cover? Patricia C. Shea, Esq What is HIPAA? The Privacy Regulations Why? Health Insurance Portability and Accountability Act of Standards for Privacy of Individually Identifiable Health Information proposed 1999; final August 14, Security & Electronic Signature Standards final February 20, 2003 (physical/technological requirements to secure protected health information) 3. Electronic Transactions & Code Set Standards final (requirement for conducting designated electronic transactions involving protected health information) 1. Address inconsistent or nonexistent state laws regarding standards of privacy for patient data 2. Address inconsistent or nonexistent state laws regarding patient s rights regarding their data 3. Address the exponential increase in availability and scope of patient data 3 4 Common HIPAA Misperception The Penalties HIPAA applies only to doctors, hospitals, and insurance companies. Civil ($100 per violation, capped at $25,000 per year). Criminal (from $5,000 to $250,000 and/or 1 to 10 years in jail) Potential for Private lawsuits 5 6

2 HIPAA Applies to Health Plans include Covered Entities HMOs Indemnity insurers Health care providers (e.g., doctors) who transmit health information electronically Health care clearinghouses Health plans Group health plans, that are: - Fully insured or self insured; and - Have 50 or more participants; OR - Administered by an entity other than the employer that established and maintains the plan 7 8 Health Plans include What is Covered? An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers Any other individual or group plan, or combination of individual or group plans, that provides or pays for the cost of medical care Protected Health Information (PHI) (i) (ii) (iii) Individually identifiable health information that is (see next slide) Transmitted by electronic media; Maintained in any electronic medium; or (iv) Transmitted or stored in any other form or medium; and (v) Is not excluded What is covered? (cont) Exclusions Individually identifiable health information (i) Information created or received; (ii) Relates to past, present, or future physical/mental health condition, treatment or payment for care of the individual (iii) Identifies the individual (iv) Reasonable basis to identify the individual Individually identifiable health information in: (i) Education records covered by the Family Educational Right and Privacy Act; and (ii) Records described at 20 USC 1232(a)(4)(B)(iv) (iii) Employment records held by a covered entity in its role as an employer

3 General Rule of HIPAA Use means Covered entities may not use or disclose protected health information unless the Privacy Regulations permit or require them to do so. With respect to individually identifiable health information, the sharing, employment, application, utilization, examination or analysis of such information within an entity that maintains such information Disclosure means Goal for Employers The release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information. 1. Know when the HIPAA General Rule applies to the operations of a group health plan; 2. Know the corresponding requirements; 3. Know the boundaries of the requirements Chapter II HIPAA & Group Health Plans Step 1: Identify the plans. Step 1: Identify the applicable health plans. Step 2: Determine the employer s role(s) with respect to each plan. Step 3: Identify the key characteristic of each plan. Step 4: Determine the corresponding HIPAA requirements for each plan. Step 5: Implement the corresponding HIPAA requirements for each plan. HIPAA Privacy Rule Applies To: 1. Medical plans 2. Dental plans 3. Vision plans 4. Employee assistance plans 5. Etc

4 Step 1: Identify the plans (cont) Step 1: Identify the plans (cont) HIPAA Privacy Rule Does Not Apply To: 1. Accident or disability income insurance or any combination thereof 2. Coverage to supplement liability insurance 3. Liability insurance, including general liability insurance and auto liability insurance 4. Workers compensation insurance 5. Auto medical payment insurance 6. Coverage for on site medical clinics 7. Other similar insurance coverage, under which benefits for medical care are secondary or incidental to other insurance benefits. Flexible spending accounts??? Step 2: Determine the employer s role(s). Step 2: Determine the employer s role(s). Plan Sponsor establish plan; amend plan; terminate plan; facilitate enrollment and disenrollment; obtain premium insurance bids (i) employer when the plan is established or maintained by a single employer (ii) in the case of a plan established or maintained by two or more employers or jointly by one or more employers and one or more employee organizations, the association, committee, joint board of trustees or other similar group of representatives of the parties who establish or maintain the plan ; 42 USC 1002(16)(B) Plan Administrator performs aspects of plan operations including claims assistance; quality assurance; auditing; monitoring; management; claims processing; claims payment (i) the person specifically so designated by the terms of the instrument under which the plan is operated; (ii) if an administrator is not so designated, the plan sponsor. 42 USC 1002(16)(A) Caution: Step 3: Identify plan characteristics. It is easy to slip from a plan sponsor role into a plan administrator role. Fully insured or self funded? Who administers it? How many participants in the plan? What is the annual amount of receipts for the plan? Who receives protected health information regarding the plan? From where? How does the plan use protected health information? 23 24

5 Step 3: Identify plan characteristics (cont). Step 3: Identify plan characteristics (cont). Beware of Protected Health Information: 1. Plan Administrators use or disclose protected health information to perform the plan administration functions. 2. Plan Sponsors may receive protected health information that they do not use or need. (i) Do you really need the information? (ii) Can summary health information work? Start thinking about Firewalls. Means of safeguarding the protected health information (operationally and physically) Identifying the employees or classes of employees who will have access to protected health information; Restricting access solely to the employees identified and only for the functions performed on behalf of the Plan. (See Administrative Requirements Checklist) The Two Key Variables: 1. What role does the employer play with respect to the health plan? 2. What information must the employer use and disclose in carrying out these roles? See Plan Sponsor Checklist. 1. Comply with HIPAA administrative requirements. 2. Amend Plan documents. 3. Provide Plan certification that Plan documents have been amended. 4. Prepare and/or provide Notice of Privacy Practices. 5. Enter into agreements with business associates HIPAA Administrative Requirements Designate privacy officer Establish other policies Train workforce Establish documentation policy Establish safeguards Establish non-waiver of rights Establish complaint process policy Establish sanctions policy Establish mitigation policy Establish non-retaliation policy See Administrative Requirements Checklist (i) (ii) (iii) Amend Plan Documents Not to use or further disclose other than as permitted by plan or required by law; Ensure that agents, etc., that plan provides PHI regarding the plan agree to the same restrictions that apply to the sponsor Not use PHI for employment-related actions or in connection with any other benefit or employee benefit plan of the plan sponsor

6 Amend the Plan Documents (iv) Report inconsistent uses and disclosures to the plan of which the sponsor may become aware (v) Provide individuals with access to their PHI (vi) Provide the information necessary to provide an accounting (vii) Make internal practices, books, records and policies and procedures available to the Secretary of the HHS to determine plan s compliance with HIPAA requirements Amend the Plan Documents (viii) If feasible, return or destroy all PHI received from the group health plan and retain no copies (ix) Ensure that there is adequate separate between the group health plan and the plan sponsor (f)(2)(ii) Certify the Fact of the Amendments To the Plan Prepare Notice of Privacy Practices 1. Understand how the Plan will use and disclose protected health information before preparing the notice. 2. Include the specified items identified in the regulations. See Notice of Privacy Practices Requirements Checklist Think About the Notice of Privacy Practices 1. The Plan will probably have to create policies and procedures in addition to the administrative requirements policies to address the information that must be included in the Notice. 2. Examples: Individual s right for an accounting Individual s right to inspect Individual s right to amend, etc. Business Associates 1. Identify them. 2. Execute agreements with them. 3. Monitor them

7 perform or assist a covered entity (e.g., the Plan) in performing a function or activity involving the use or disclosure of individually identifiable health information Business Associates must provide satisfactory assurances that they will safeguard the information, by: Using the information only for the intended purpose (e.g., health care operations) Safeguard the information Assist with providing individuals with access to the protected health information Step 5: Implementation. Time is Running Out 1. Draft the necessary policies and procedures. 2. Train personnel. 3. Amend plan documents and provide certification, as necessary. 4. Prepare and/or provide the Notice of Privacy Practices. 5. Create the physical firewalls. 6. Document everything. Compliance Date = April 2003 Small Plans = April

HIPAA PRIVACY AND EDI RULES

HIPAA PRIVACY AND EDI RULES The Health and Human Services (HHS) issued final HIPAA privacy regulations on August 14, 2002. These rules govern how individually identifiable medical information must be protected. HIIPAA also requires

More information

HIPAA Privacy Summary for Fully-insured Employer Groups

HIPAA Privacy Summary for Fully-insured Employer Groups HIPAA Privacy Summary for Fully-insured Employer Groups I. Overview The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

HIPAA. HIPAA and Group Health Plans

HIPAA. HIPAA and Group Health Plans HIPAA HIPAA and Group Health Plans CareFirst BlueCross BlueShield is the business name of CareFirst of Maryland, Inc. and is an independent licensee of the Blue Cross and Blue Shield Association. Registered

More information

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES SCHOOL DISTRICT OF BLACK RIVER FALLS 523.5 Exhibit NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how

More information

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements PROSKAUER ROSE LLP Client Alert HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements The U.S. Department of Health and Human Services published

More information

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP Important Disclaimer: Practice limited to labor and employment law on behalf of management and related litigation.

More information

HIPAA Privacy Summary for Self-insured Employer Groups

HIPAA Privacy Summary for Self-insured Employer Groups I. Overview HIPAA Privacy Summary for Self-insured Employer Groups The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures of

More information

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA Privacy Rule Primer for the College or University Administrator HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule

More information

Plan Sponsor Guide HIPAA Privacy Rule

Plan Sponsor Guide HIPAA Privacy Rule Plan Sponsor Guide HIPAA Privacy Rule Plan Sponsor s Guide to the HIPAA Privacy Rule Compliments of Aetna 00.02.108.1A (5/05) Compliments of Aetna You have likely heard a great deal about the HIPAA Privacy

More information

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY Purpose: The following privacy policy is adopted to ensure that the Sarasota County Government Employee Medical Benefit Plan

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction HIPAA Privacy Regulations-General The final HIPAA Privacy regulation was released on December 20, 2000 and was effective for compliance on April

More information

Entities Covered by the HIPAA Privacy Rule

Entities Covered by the HIPAA Privacy Rule Entities Covered by the HIPAA Privacy Rule Who Is A Covered Entity? HIPAA standards apply only to: Health care providers who transmit any health information electronically in connection with certain transactions

More information

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc. 2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes

More information

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) HUMAN RESOURCES Index No. VI-35 PROCEDURES MEMORANDUMS TO: FROM: SUBJECT: MCC Personnel Office of the President Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and Provided by Benefits By Choice HIPAA Rules: Privacy, Security and Electronic Data Interchange The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad federal law regarding health

More information

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996 HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title

More information

HIPAA - - Basic Concepts and Implementation Roadmap

HIPAA - - Basic Concepts and Implementation Roadmap HIPAA - - Basic Concepts and Implementation Roadmap Prepared by: David Weiner dweiner@seyfarth.com Fredric Singerman fsingerman@dc.seyfarth.com Today s Agenda n Introduction of HIPAA Privacy and Electronic

More information

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS Dear Group Dental and/or Vision Customer : This letter relates to privacy requirements contained in federal regulations under

More information

HIPAA Privacy For our Group Customers and Business Partners

HIPAA Privacy For our Group Customers and Business Partners HIPAA Privacy For our Group Customers and Business Partners AmeriHealth HMO, Inc. AmeriHealth Insurance Company of New Jersey QCC Insurance Company, d/b/a AmeriHealth Insurance Company HIPAA, The Health

More information

HIPAA Privacy Overview

HIPAA Privacy Overview May 21, 2003 HIPAA Privacy Overview Presented to the California State University Agenda Introduction HIPAA privacy regulations HIPAA privacy impact on CSU Next steps/action items Mercer Human Resource

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

State of Florida Employees' Group Health Insurance Privacy Notice

State of Florida Employees' Group Health Insurance Privacy Notice This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The Health Insurance Portability and Accountability

More information

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity

More information

-1- PERSONNEL CERTIFIED / NON-CERTIFIED 4112.61/4212.61

-1- PERSONNEL CERTIFIED / NON-CERTIFIED 4112.61/4212.61 -1- HIPAA Privacy Policies The Wallingford Board of Education ("the Board" or the "Plan Sponsor") sponsors a group health plan that provides medical and dental benefits (the "Plan"). These Privacy Policies

More information

THIRD PARTIES HAVING ACCESS TO PHI

THIRD PARTIES HAVING ACCESS TO PHI Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates I. OVERVIEW The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that

More information

Employer Sponsored Group Health Plans and HIPAA. Trudy Millard Krause, DrPH Mark L. Stember, Esq. Linda R. Mendel, Esq. David Ermer, Esq.

Employer Sponsored Group Health Plans and HIPAA. Trudy Millard Krause, DrPH Mark L. Stember, Esq. Linda R. Mendel, Esq. David Ermer, Esq. Health Plans and HIPAA Trudy Millard Krause, DrPH Mark L. Stember, Esq. Linda R. Mendel, Esq. David Ermer, Esq. Employers and HIPAA Employers are not covered entities Guidance 5391 Fed Reg. Vol 67, #157,

More information

Frequently Asked Questions About the Privacy Rule Under HIPAA

Frequently Asked Questions About the Privacy Rule Under HIPAA Q-1: What is HIPAA? Frequently Asked Questions About the Privacy Rule Under HIPAA A: HIPAA is the Health Insurance Portability and Accountability Act (passed by Congress in 1996). The Privacy Rule was

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3 INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

HIPAA Enforcement Training for State Attorneys General

HIPAA Enforcement Training for State Attorneys General : State Attorneys General Enforcement of Federal Health Privacy Law HIPAA Enforcement Training for State Attorneys General Module Introduction : Introduction This module of the HIPAA Enforcement Training

More information

Whitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA

Whitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA Whitefish School District R PERSONNEL 5510 page 1 of 5 HIPAA Note: (1) Any school district offering a group health care plan for its employees is affected by HIPAA. School districts offering health plans

More information

Executive Memorandum No. 27

Executive Memorandum No. 27 OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy

More information

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain

More information

The California State University

The California State University The California State University HR 2004-22 PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how you can access this information. Please review it carefully.

More information

The HIPAA Privacy Rule: Information for Private Independent Schools 1 By Gerald Woods 2 Kilpatrick Stockton LLP January 2003

The HIPAA Privacy Rule: Information for Private Independent Schools 1 By Gerald Woods 2 Kilpatrick Stockton LLP January 2003 The HIPAA Privacy Rule: Information for Private Independent Schools 1 By Gerald Woods 2 Kilpatrick Stockton LLP January 2003 Protecting the privacy of medical information was primarily the responsibility

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY 1 School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is made and entered into as of the day of, 20, by and between Delta Dental of California (the Covered Entity ) and (the Business

More information

Hybrid Entities Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Hybrid Entities Health Insurance Portability and Accountability Act of 1996 (HIPAA) Hybrid Entities Health Insurance Portability and Accountability Act of 1996 (HIPAA) 160.102 APPLICABILITY U.S. Department of Health and Human Services Office of the Secretary THE PRIVACY RULE Related Excerpts

More information

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices Notice of Privacy Practices Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

NOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC.

NOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC. NOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

The HIPAA Privacy Rule: Overview and Impact

The HIPAA Privacy Rule: Overview and Impact The HIPAA Privacy Rule: Overview and Impact DISCLAIMER: This information is provided as is without any express or implied warranty. It is provided for educational purposes only and does not constitute

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap

More information

MYTHS AND FACTS ABOUT THE HIPAA PRIVACY RULE PART 1

MYTHS AND FACTS ABOUT THE HIPAA PRIVACY RULE PART 1 CIRCA 2004 MYTHS AND FACTS ABOUT THE HIPAA PRIVACY RULE PART 1 Since April 14, 2003, health care providers, health plans, and health care clearinghouses have been required to be in compliance with the

More information

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] OR HIPAA Privacy BUSINESS ASSOIATES [45 FR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses,

More information

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL What is HIPAA? Comprehensive federal legislation regarding health insurance which is comprised of four key areas:

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

HIPAA BUSINESS ASSOCIATE ADDENDUM

HIPAA BUSINESS ASSOCIATE ADDENDUM HIPAA BUSINESS ASSOCIATE ADDENDUM This Addendum, dated as of, 2007 ( Addendum ), supplements and is made a part of the Services Agreement (as defined below) by and between ( Covered Entity ) and FUJIFILM

More information

Sun Life Financial. Producer Business Associate Policy

Sun Life Financial. Producer Business Associate Policy Sun Life Financial Producer Business Associate Policy Pursuant to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations at 45 C.F.R Parts 160-164 (collectively

More information

Schindler Elevator Corporation

Schindler Elevator Corporation -4539 Telephone: (973) 397-6500 Mail Address: P.O. Box 1935 Morristown, NJ 07962-1935 NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU

More information

BAC to the Basics: Business Associate Contracts Made Easy

BAC to the Basics: Business Associate Contracts Made Easy BAC to the Basics: Business Associate Contracts Made Easy Prepared by Jen C. Salyers BAC to the Basics: Business Associate Contracts Made Easy Table of Contents Page I. Approaches to Creating a Business

More information

University of California Policy

University of California Policy University of California Policy HIPAA Uses and Disclosures for UC Group Health Plans Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance

More information

CBIA Service Corporation Privacy and Security Notice

CBIA Service Corporation Privacy and Security Notice July 1, 2012 CBIA Service Corporation Privacy and Security Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

Privacy Notice. The Plan s duties with respect to health information about you

Privacy Notice. The Plan s duties with respect to health information about you Privacy Notice Please carefully review this notice. It describes how medical information about you may be used and disclosed and how you can get access to this information. The Health Insurance Portability

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, LLC. (hereinafter known as Business Associate ), and

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by and between the Administrators of the Tulane Educational Fund acting

More information

IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY

IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY As the Plan Sponsor/Employer you must contend with yet another federal requirement on your group health plans: the "Health Insurance Portability and Accountability

More information

APPENDIX 1: Frequently Asked Questions

APPENDIX 1: Frequently Asked Questions APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

Member s Name First M.I. Last Dependent s Name (if enrolling in Medicare) First M.I. Last

Member s Name First M.I. Last Dependent s Name (if enrolling in Medicare) First M.I. Last Oklahoma State and Education Employees Group Insurance Board A Division of the Office of State Finance APPLICATION FOR MEDICARE SUPPLEMENT WITH PART D Member ID # *MCENRL* Phone ( ) Member s Name First

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

Effective April 14, 2003

Effective April 14, 2003 Effective April 14, 2003 THE BOEING COMPANY GROUP HEALTH PLANS NOTICE OF PRIVACY PRACTICES This notice describes how health plan medical information about you may be used and disclosed and how you can

More information

HIPAA Privacy Rule Policies

HIPAA Privacy Rule Policies DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment

More information

DHHS POLICIES AND PROCEDURES

DHHS POLICIES AND PROCEDURES DHHS POLICIES AND PROCEDURES Section VIII: Privacy and Security Revision History: 8/21/13; 5/1/05 Original Effective Date: 4/14/03 Purpose To ensure that all individuals or organizations that perform specific

More information

January 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules

January 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules Employer Sponsored Group Health Plans and the HIPAA Privacy Rules Employers must be prepared for their obligations under the HIPAA Privacy Rules January 2003 Bob Radecki KnowHIPAA.com HIPAA-COBRA-FMLA

More information

HIPAA PLAN & PROCEDURES

HIPAA PLAN & PROCEDURES HIPAA PLAN & PROCEDURES TOWN OF STONINGTON/ STONINGTON BOARD OF EDUCATION HEALTH PLAN Definitions. Whenever used the following terms shall have the respective meanings set forth below. 1. Health Plan means

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

INTERMEDIARY AND PRODUCER COMPENSATION NOTICE

INTERMEDIARY AND PRODUCER COMPENSATION NOTICE INTERMEDIARY AND PRODUCER COMPENSATION NOTICE MetLife enters into arrangements concerning the sale, servicing and/or renewal of MetLife group insurance and certain other group-related products ( Products

More information

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors Page 1 of 5 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: October 19, 2006 Contact for More Information: Chief Privacy Officer 1303 A West Campus

More information

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between The Board of Trustees of the University of Alabama, on behalf of INTERMACS Registry ( Business Associate

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why

More information

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule. Introduction This course is on the federal HIPPA rule. HIPAA is the Health Insurance Portability and Accountability Act. It is the federal rule that sets standards for the protection of health information.

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits State of Nevada for the Requirements for PEBP Health Benefits Plan Year 2016 July 1, 2015 June 30, 2016 www.pebp.state.nv.us (775) 684-7000 Or (800) 326-5496 Amendments Amendment Log Any amendments, changes

More information

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2015 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

Covered Entity Charts

Covered Entity Charts Covered Entity Charts Guidance on how to determine whether an organization or individual is a covered entity under the Administrative Simplification provisions of HIPAA 2 Background: The Administrative

More information

General HIPAA Implementation FAQ

General HIPAA Implementation FAQ General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,

More information

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 City of Pittsburgh Operating Policies Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 PURPOSE: To establish internal policies and procedures to ensure compliance

More information

The Plan s duties with respect to health information about you

The Plan s duties with respect to health information about you Privacy Notice This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The Health Insurance Portability

More information