DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS

Size: px
Start display at page:

Download "DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS"

Transcription

1 Overview. DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS A comprehensive and consistently applied document retention policy is necessary to reduce the risk of being charged with spoliation of evidence or being accused of failure to comply with discovery obligations. Operating without any formalized document retention policy or having a policy in place, but not including electronic data is no longer acceptable practice. To avoid legal risk, it is necessary to have a consistently enforced and comprehensive document retention policy that includes electronic data. The financial cost of retaining information is high, but the failure to keep key business documents could be even more expensive. If a company can reasonably anticipate that it may be a defendant in litigation and either negligently or intentionally destroys relevant documents, the court may assume, or instruct the jury that it may assume, that the missing documents contained harmful information. A plaintiff who is found to have intentionally destroyed relevant documents may have its case dismissed outright. Either side may be subject to fines and sanctions for spoliation of evidence. Spoliation in this context includes standard business practices such as recycling backup tapes and throwing out old computers at a time when litigation is reasonably anticipated. It does not require intentional wrongdoing. A business may be exposed to unnecessary risk as a consequence of an inadequate or improperly enforced document retention policy. Documents which are retained longer than necessary may expose a company to unnecessary risks of liability should that information be produced in litigation. On the other hand, the destruction of documents and data that should have been retained can expose a company to charges of spoliation and potential sanctions. If documents and electronic data are organized in such a manner that the company

2 is aware of what information it retains and the location of that information, the retrieval and production for discovery of such information is maximized. Document Retention Policies: Goals and Purposes. A good document retention policy serves a number of legitimate goals, including: (a) preservation of valuable computer memory and physical storage space; (b) reduction of the volume of stored documents and data facilitating the retrieval of information when called; and (c) making it less likely that discovery of electronic data will reveal harmful or embarrassing information. This is particularly true in the case of stored . is the most likely data to become a liability if it is kept beyond its useful life. It is also the most likely to contain harmful or embarrassing information. The most important reasons to implement a document retention policy are: 1. Compliance with statutory and regulatory duties and requirements; 2. Avoidance of liability for spoliation of evidence; 3. To oppose or support a contention in an investigation or in litigation; 4. To avoid unnecessary expense, effort and time during discovery; 5. To maintain control in discovery and e-discovery; and 6. To keep information confidential and avoid disclosure of confidential or proprietary information to competitors and other outsiders. Special Considerations for Healthcare Organizations. Healthcare organizations are subject to multiple legal requirements to retain documents. There are currently over ten thousand federal, state and local laws and regulations addressing the manner in which records must be stored, accessed, maintained and retained. Principal among these are the following: Health Care Insurance Portability and Accountability Act. The Health Insurance Portability and Accountability Act HIPAA which affects any organization that creates, receives or maintains 2

3 healthcare information including hospitals, health maintenance organizations and healthcare insurers. Generally speaking HIPAA requires that Protected Health Information (PHI) must be kept secure and archived for at least six (6) years or two (2) years after a patient s death. This includes: (a) patient medical records, (b) billing records, (c) authorization forms from physicians, and (d) all communications between patient and physician. Medicare and Medicaid Regulations. 42 CFR ,.26 and.53 regulate the retention of medical records of hospitals that participate in Medicare. These regulations require the applicable records to be retained for at least five (5) years. Sarbanes-Oxley Act. ( SOX ) Section 802, Regulation SX, Rule 2-06 mandates the retention of documents used for financial audits and reporting and requires that documentation be centrally controlled and tested to provide management level visibility to document retention weaknesses. All audit materials must be retained for a minimum of seven (7) years. Gramm Leach-Bliley Act. Like HIPAA, the Gramm Leach-Bliley Act provides privacy protections against the disclosure of private patient information to third parties and requires institutions to have an administrative, physical and technical structure to protect the confidentiality and integrity of personal consumer information. Pennsylvania State Law. (a) Pennsylvania healthcare providers must maintain for four (4) years all medical and fiscal records that disclose the nature and extent of the services rendered to medical assistance patients. 55 Pa.Code (e)(1). 3

4 (b) Pennsylvania hospitals are required to keep records for seven (7) years beyond the age of majority or for a period as long as records of adult patients are kept. 28 Pa.Code (c) If a Pennsylvania hospital discontinues operations, it is required to give public notice in at least two forms (legal notice and display advertisement in a newspaper of general circulation) and must maintain these records for five (5) years after closure. 28 Pa.Code (d) In Pennsylvania, the statute of limitations for medical malpractice is two (2) years. 42 Pa.C.S (e) The Pennsylvania statute of limitations for wrongful death is also two (2) years. 42 Pa.C.S False Claims Act. The False Claims Act allows claims to be brought up to seven (7) years after an incident. 31 U.S.C Federal Civil Statute of Limitations. The federal statute of limitations for civil penalties under Federal Health Care Programs is six (6) years. 42 C.F.R Other Considerations: The corollary to the issue of how long to retain documents is the issue of when and how to dispose of documents. Beyond the reasons set forth above in favor of implementing a document retention program is the need to establish a standardized disposition policy. A healthcare organization may choose to retain records of patients beyond their legally mandated time in order to maintain an exhaustive patient history or to measure the effectiveness of its medical staff. On the other hand, the healthcare organization may wish to reduce its liability by disposing of records when they can do so legally. Some healthcare administration experts believe US-based organizations should maintain copies of patient records for at least as long as the statute of limitations for medical malpractice lawsuits in a particular state. 4

5 Establishment of the Document Retention Policy To establish an adequate document retention policy, a healthcare organization should, at a minimum, do the following: 1. Develop and consistently enforce a written document retention policy which includes electronic data which complies with statutory document retention periods and preserves documents at least for the duration of statutes of limitations applicable to potential claims. 2. Impose a clear line of responsibility to enforce the policy which includes executive level management, information systems personnel and all technology users. (a) Information technology personnel charged with ensuring that the system loses no data must be made to understand the risks of keeping too much data for too long. (b) All users must be taught not to utilize business systems for personal uses. 3. All employees must be educated in electronic data management. This may be implemented by: (a) Providing a document management program which classifies electronic documents as they are stored, and (b) The automatic deletion of unless the sender or recipient affirmatively acts to store the message as a business record. 4. Establish regular intervals at which various types of records will be destroyed and ensure that the policy is consistently applied. Keep a detailed record of the type of material destroyed. 5

6 5. Conduct regular checks to ensure that the policy is being followed and if necessary, adjust it. 6. If litigation is threatened or imminent, have in place an established mechanism to preserve all possible relevant evidence and to notify all appropriate users not to delete or destroy such records. Conclusion. The courts look to the reasonableness of a document retention policy. If the policy serves the legitimate business interests of an enterprise, complies with applicable statutory and regulatory requirements, is uniformly applied and serves to preserve records which may be relevant to a claim or defense involved in threatened or pending litigation, there is little risk of court imposed sanctions. By following the common sense measures recommended above, your organization will reduce its risk of legal sanctions and will be able to promptly and properly respond to discovery in the event of litigation Mark A. Willard, Esquire* Eckert Seamans Cherin & Mellott, LLC 600 Grant Street, 44 th Floor Pittsburgh, PA *Mr. Willard is a commercial litigation partner, the Chair of the Technology Committee and the Litigation Technology Coordinator of the Litigation Division of Eckert Seamans Cherin & Mellott, LLC. Mark A. Willard,

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) David J. Chavolla, Esq. and Gary L. Kemp, Esq. Casner & Edwards, LLP 303 Congress Street Boston, MA 02210 A. Document and Record Retention Preservation

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

10 Steps to Establishing an Effective Email Retention Policy

10 Steps to Establishing an Effective Email Retention Policy WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION

More information

Electronic Discovery How can I be prepared? September 2010

Electronic Discovery How can I be prepared? September 2010 Electronic Discovery How can I be prepared? September 2010 Presented by Brian Wilkinson, Director of ediscovery & Computer Forensics brian.wilkinson@us.pwc.com 410-659-3473 Table of Contents Page 1 Electronic

More information

Selling/Closing a Medical Practice

Selling/Closing a Medical Practice Selling/Closing a Medical Practice This publication is a snapshot of South Carolina laws, regulations and best practices as of July 2009. The material presented is likely to evolve and change from year

More information

University of Louisiana System

University of Louisiana System Policy Number: M-17 University of Louisiana System Title: RECORDS RETENTION & Effective Date: OCTOBER 10, 2012 Cancellation: None Chapter: Miscellaneous Policy and Procedures Memorandum Each institution

More information

PHI Air Medical, L.L.C. Compliance Plan

PHI Air Medical, L.L.C. Compliance Plan Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation

More information

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S What is a Litigation Hold Notice? Notice from an authorized department (e.g., Attorney General s Office Torts

More information

Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI)

Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI) University of California, Merced Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI) Responsible Officials: Executive Vice Chancellor and Provost Vice Chancellor

More information

MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2

MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2 MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...

More information

Best Practices Series Document Retention and Best Practices

Best Practices Series Document Retention and Best Practices Best Practices Series Document Retention and Best Practices 1. Sarbanes Oxley Act provides guidance to businesses Sections 802 and 1102 of SOX make it a crime to alter, cover up, falsify, or destroy any

More information

Preservation and Production of Electronic Records

Preservation and Production of Electronic Records Policy No: 3008 Title of Policy: Preservation and Production of Electronic Records Applies to (check all that apply): Faculty Staff Students Division/Department College _X Topic/Issue: This policy enforces

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

BEST PRACTICES FOR PREPARING YOUR BUSINESS FOR E-DISCOVERY

BEST PRACTICES FOR PREPARING YOUR BUSINESS FOR E-DISCOVERY BEST PRACTICES FOR PREPARING YOUR BUSINESS FOR E-DISCOVERY I. Background The Federal Rules of Civil Procedure provide for document production in the discovery process. Until recently, all types of documents

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Discovery Technology Group

Discovery Technology Group Discovery Technology Group E-mail Retention: Readiness Survey E-mail now represents the largest source of new documents and records generated within a company, and the most troublesome from a retention

More information

HIPAA & HITECH AND THE DISCOVERY PROCESS

HIPAA & HITECH AND THE DISCOVERY PROCESS HIPAA & HITECH AND THE DISCOVERY PROCESS HEATHER L. HUGHES, J.D. U.S. Legal Support, Inc. 363 North Sam Houston Parkway East, Suite 900 Houston, Texas 77060 (713) 653-7100 State Bar of Texas 8 th ANNUAL

More information

United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008

United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008 United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008 I. Introduction United Cerebral Palsy of Greater Chicago ( UCP ) recognizes that

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

VNSNY CORPORATE. DRA Policy

VNSNY CORPORATE. DRA Policy VNSNY CORPORATE DRA Policy TITLE: FEDERAL DEFICIT REDUCTION ACT OF 2005: POLICY REGARDING THE DETECTION & PREVENTION OF FRAUD, WASTE AND ABUSE AND APPLICABLE FEDERAL AND STATE LAWS APPLIES TO: VNSNY ENTITIES

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Fraud, Waste and Abuse Prevention and Education Policy

Fraud, Waste and Abuse Prevention and Education Policy Corporate Compliance Fraud, Waste and Abuse Prevention and Education Policy The Compliance Program at the Cortland Regional Medical Center (CRMC) demonstrates our commitment to uphold all federal and state

More information

E-DISCOVERY: BURDENSOME, EXPENSIVE, AND FRAUGHT WITH RISK

E-DISCOVERY: BURDENSOME, EXPENSIVE, AND FRAUGHT WITH RISK E-DISCOVERY: BURDENSOME, EXPENSIVE, AND FRAUGHT WITH RISK If your company is involved in civil litigation, the Federal Rules of Civil Procedure regarding preservation and production of electronic documents

More information

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07 INTERNATIONAL SOS Data Retention, Archiving and Destruction Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: January 2009 Revised: 2015 All copyright in these materials

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Electronic Discovery: Litigation Holds, Data Preservation and Production

Electronic Discovery: Litigation Holds, Data Preservation and Production Electronic Discovery: Litigation Holds, Data Preservation and Production April 27, 2010 Daniel Munsch, Assistant General Counsel John Lerchey, Coordinator for Incident Response 0 E-Discovery Rules Federal

More information

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY Statement of Intent This policy establishes the general responsibilities for management, retention, and disposition of SOUTHWEST VIRGINIA

More information

HIPAA Compliance in Litigation and Discovery 10 Key Concepts Click to edit Master title style

HIPAA Compliance in Litigation and Discovery 10 Key Concepts Click to edit Master title style HIPAA Compliance in Litigation and Discovery 10 Key Concepts Click to edit Master title style Presented by: Nathan A. Kottkamp, McGuireWoods LLP David J. Pivnick, McGuireWoods LLP Mary C. DeBartolo, McGuireWoods

More information

HIPAA Privacy and Business Associate Agreement

HIPAA Privacy and Business Associate Agreement HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)

More information

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management Exponential

More information

Department of Veterans Affairs VA Directive 6311 VA E-DISCOVERY

Department of Veterans Affairs VA Directive 6311 VA E-DISCOVERY Department of Veterans Affairs VA Directive 6311 Washington, DC 20420 Transmittal Sheet June 15, 2012 VA E-DISCOVERY 1. REASON FOR ISSUE: To establish policy concerning the care and handling of documents

More information

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides

More information

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 12/8/15 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to

More information

The Importance of Appropriate Record Retention Policies

The Importance of Appropriate Record Retention Policies The Importance of Appropriate Record Retention Policies Copyright 2003 by Document Technologies, Inc. David Shub, Discovery and Records Management Director 1 With HIPAA, Sarbanes-Oxley, and various high-profile

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered between ("Covered Entity" or "CE") and, ("Business Associate" or "BA"), collectively the Parties, who agree as follows:

More information

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations

More information

102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare

102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare 102 ediscovery Shakedown: Lowering your Risk Long-Term Care Session HCCA Compliance Institute April 27, 2009 Las Vegas, Nevada Presented by: Diane Kissel, Manager IS Risk & Compliance Kindred Healthcare,

More information

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents WhitePaper Concise Guide to E-discovery Contents i. Overview ii. Importance of e-discovery iii. How to prepare for e-discovery? iv. Key processes & issues v. The next step vi. Conclusion Overview E-discovery

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

HACKENSACK UNIVERSITY MEDICAL CENTER Administrative Policy Manual

HACKENSACK UNIVERSITY MEDICAL CENTER Administrative Policy Manual HACKENSACK UNIVERSITY MEDICAL CENTER Administrative Policy Manual Fraud and Abuse Prevention DRA Compliance Policy #: 1521 Original Issue: December, 2007 Page 1 of 6 Policy It is the policy of Hackensack

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

Making Sure The Left Hand Knows What The Right Hand Is Doing Representing Health Care Providers In Medical Negligence Cases by: Troy J. Crotts, Esq.

Making Sure The Left Hand Knows What The Right Hand Is Doing Representing Health Care Providers In Medical Negligence Cases by: Troy J. Crotts, Esq. Making Sure The Left Hand Knows What The Right Hand Is Doing Representing Health Care Providers In Medical Negligence Cases by: Troy J. Crotts, Esq. Florida Continues as National Leader in Disciplinary

More information

TJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT

TJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT PRIVACY POLICY STATEMENT Purpose: It is the policy of this Physician Practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

SOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572

SOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572 SOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572 POLICY TITLE: Compliance with Applicable Federal and State False Claims Acts POLICY NUMBER: OF-ADM-232 DEPARTMENT: Hospital-wide CROSS-REFERENCE:

More information

FDU - Records Retention policy Final.docx

FDU - Records Retention policy Final.docx Records and Information Management Program Policy and Procedure Responsible Office Office of the General Counsel Effective Date 04/01/2012 Responsible Official General Counsel Last Revision I. Rationale

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

WHITE PAPER: CUSTOMIZE WHITE PAPER: BEST PRACTICES FOR ARCHIVING. Best Practices for Defining and Establishing Effective Archive Retention Policies

WHITE PAPER: CUSTOMIZE WHITE PAPER: BEST PRACTICES FOR ARCHIVING. Best Practices for Defining and Establishing Effective Archive Retention Policies WHITE PAPER: CUSTOMIZE WHITE PAPER: BEST PRACTICES FOR ARCHIVING Confidence in a connected world. Best Practices for Defining and Establishing Effective Archive Retention Policies Sponsored by Symantec

More information

Keeping watch over your best business interests.

Keeping watch over your best business interests. Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation

More information

E-Discovery: The New Federal Rules of Civil Procedure A Practical Approach for Employers

E-Discovery: The New Federal Rules of Civil Procedure A Practical Approach for Employers MARCH 7, 2007 E-Discovery: The New Federal Rules of Civil Procedure A Practical Approach for Employers By Tara Daub and Christopher Gegwich News of the recent amendments to the Federal Rules of Civil Procedure

More information

Information Governance: How to Assess Your Status

Information Governance: How to Assess Your Status Information Governance: How to Assess Your Status Jay Yelton, III and Mark Oudersluys December 3, 2015 WNJ.com Agenda What is Information Governance? Why is IG Increasingly Important? Strategic Focus:

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

Code of Conduct. 3. SCOPE: All PHI Air Medical Personnel

Code of Conduct. 3. SCOPE: All PHI Air Medical Personnel Page No. 1 of 8 1. POLICY: This policy defines the commitment that PHI Air Medical, L.L.C (PHI Air Medical) has to conducting our activities in full compliance with all federal, state and local laws. Our

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

ALLINA HOSPITALS & CLINICS System-wide Policy

ALLINA HOSPITALS & CLINICS System-wide Policy ALLINA HOSPITALS & CLINICS System-wide Policy Department: Allina Hospitals & Clinics Corporate Compliance Privacy & Security Compliance Page: 1 of 6 Approved by: Ethics & Compliance Oversight Committee

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services EnCase Enterprise/ ediscovery Strategic Consulting EnCase customers now have a trusted expert advisor to meet their discovery goals. NightOwl Discovery offers complete support for the EnCase Enterprise

More information

E-mail Management: A Guide For Harvard Administrators

E-mail Management: A Guide For Harvard Administrators E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered

More information

Solving Key Management Problems in Lotus Notes/Domino Environments

Solving Key Management Problems in Lotus Notes/Domino Environments Solving Key Management Problems in Lotus Notes/Domino Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington

More information

0 HealthAlliance. of the ~udsoti vallevtm J / YOUR PARTNERS IN HEALTH

0 HealthAlliance. of the ~udsoti vallevtm J / YOUR PARTNERS IN HEALTH 0 HealthAlliance of the ~udsoti vallevtm J / YOUR PARTNERS IN HEALTH Policy: Compliance with Applicable Federal and State False Claims Acts Initiated: January 1,2010 Reviewed: Revised: Reference: Responsible

More information

CHAPTER 2011-233. Committee Substitute for Committee Substitute for Committee Substitute for Committee Substitute for House Bill No.

CHAPTER 2011-233. Committee Substitute for Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. CHAPTER 2011-233 Committee Substitute for Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 479 An act relating to medical malpractice; creating ss. 458.3175, 459.0066,

More information

MONTEFIORE HEALTH SYSTEM ADMINISTRATIVE POLICY AND PROCEDURE SUBJECT: SUMMARY OF FEDERAL AND STATE NUMBER: JC31.1 FALSE CLAIMS LAWS

MONTEFIORE HEALTH SYSTEM ADMINISTRATIVE POLICY AND PROCEDURE SUBJECT: SUMMARY OF FEDERAL AND STATE NUMBER: JC31.1 FALSE CLAIMS LAWS MONTEFIORE HEALTH SYSTEM ADMINISTRATIVE POLICY AND PROCEDURE SUBJECT: SUMMARY OF FEDERAL AND STATE NUMBER: JC31.1 FALSE CLAIMS LAWS OWNER: DEPARTMENT OF COMPLIANCE EFFECTIVE: REVIEW/REVISED: SUPERCEDES:

More information

IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY

IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY Purpose The purpose of this policy is to provide the IFRS Foundation with a framework to govern management decisions on whether particular documents

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

New Jersey Health Care Quality Institute Policy for Accounting Practices, and Records and Document Retention

New Jersey Health Care Quality Institute Policy for Accounting Practices, and Records and Document Retention New Jersey Health Care Quality Institute Policy for Accounting Practices, and Records and Document Retention Honest and accurate recording and reporting of information is critical to the Quality Institute

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

FEDERAL & NEW YORK STATUTES RELATING TO FILING FALSE CLAIMS. 1) Federal False Claims Act (31 USC 3729-3733)

FEDERAL & NEW YORK STATUTES RELATING TO FILING FALSE CLAIMS. 1) Federal False Claims Act (31 USC 3729-3733) FEDERAL & NEW YORK STATUTES RELATING TO FILING FALSE CLAIMS I. FEDERAL LAWS 1) Federal False Claims Act (31 USC 3729-3733) II. NEW YORK STATE LAWS A. CIVIL AND ADMINISTRATIVE LAWS 1) New York False Claims

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.

More information

Electronic Records Management Guidelines

Electronic Records Management Guidelines Electronic Records Management Guidelines I. Objectives The employees of the Fort Bend Independent School District (the District ) routinely create, use, and manage information electronically in their daily

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BA Agreement ) is entered into by Medtep Inc., a Delaware corporation ( Business Associate ) and the covered entity ( Covered Entity

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate

More information

HOWARD UNIVERSITY POLICY

HOWARD UNIVERSITY POLICY HOWARD UNIVERSITY POLICY Policy Number: 400-003 Policy Title: RECORD RETENTION AND DESTRUCTION POLICY Responsible Officer: General Counsel Responsible Office: Office of the General Counsel Effective Date:

More information

Alliance for Better Health Care, LLC

Alliance for Better Health Care, LLC Alliance for Better Health Care, LLC ORGANIZATIONAL POLICY FALSE CLAIMS ACT AND WHISTLEBLOWER PROVISIONS Page 1 of 5 EFFECTIVE DATE: NUMBER: March 2015 ORIGINATOR: Corporate Compliance Officer CONCURRENCE:

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006) CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006) WHAT IS THE PURPOSE OF RECORDS MANAGEMENT? 1. To implement a cost-effective Department-wide program that provides for adequate and proper documentation

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE A Guide for University Faculty, Staff, and Others What is a Litigation Hold Notice? Notice from an authorized UW department (Attorney General s Office,

More information

ADMINISTRATIVE POLICY MANUAL

ADMINISTRATIVE POLICY MANUAL SUPERSEDES: New PAGE: 838.00 POLICY: 1. It is the policy of Onondaga County hereinafter referred to as the County, to comply with all applicable federal, state and local laws and regulations, both civil

More information

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention State of Michigan Records Management Services Frequently Asked Questions About E mail Retention It is essential that government agencies manage their electronic mail (e mail) appropriately. Like all other

More information

E-Discovery in Practice: A Roadmap for Financial Institutions

E-Discovery in Practice: A Roadmap for Financial Institutions E-Discovery in Practice: A Roadmap for Financial Institutions Martha R. Mora Martha R. Mora, Esq. ARHM&F Avila Rodriguez Hernandez Mena & Ferri LLP 2525 Ponce de Leon Blvd., Suite 1225, Coral Gables, Florida

More information

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

7Seven Things You Need to Know About Long-Term Document Storage and Compliance 7Seven Things You Need to Know About Long-Term Document Storage and Compliance Who Is Westbrook? Westbrook Technologies, based in Branford on the Connecticut coastline, is an innovative software company

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT Please complete the following and return signed via Fax: 919-785-1205 via Mail: Aesthetic & Reconstructive Plastic Surgery, PLLC 2304 Wesvill Court Suite 360 Raleigh, NC 27607

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Products Liability: Putting a Product on the U.S. Market. Natalia R. Medley Crowell & Moring LLP 14 November 2012

Products Liability: Putting a Product on the U.S. Market. Natalia R. Medley Crowell & Moring LLP 14 November 2012 Products Liability: Putting a Product on the U.S. Market Natalia R. Medley Crowell & Moring LLP 14 November 2012 Overview Regulation of Products» Federal agencies» State laws Product Liability Lawsuits»

More information

Title: Preventing and Reporting Fraud, Waste and Abuse in Federal Health Care Programs. Area Manual: Corporate Compliance Page: Page 1 of 10

Title: Preventing and Reporting Fraud, Waste and Abuse in Federal Health Care Programs. Area Manual: Corporate Compliance Page: Page 1 of 10 Title: Preventing and Reporting Fraud, Waste and Abuse in Federal Health Care Programs Area Manual: Corporate Compliance Page: Page 1 of 10 Reference Number: I-70 Effective Date: 10/02 Contact Person:

More information

ediscovery: The New Information Management Battleground Developments in the Law and Best Practices

ediscovery: The New Information Management Battleground Developments in the Law and Best Practices Sponsored by ediscovery: The New Information Management Battleground Developments in the Law and Best Practices Kahn Consulting Inc. (847) 266-0722 info@kahnconsultinginc.com Introduction The following

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee

Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies Privacy Committee Web 2.0/Cloud Computing Subcommittee August 2010 Introduction Good privacy practices are a key

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Hereinafter "Agreement") dated as of, 2013, is made by and between (Hereinafter Covered Entity ) and (Hereinafter Business Associate ). ARTICLE

More information