1 GENERAL INTEGRITY, COMPLIANCE, PRIVACY AND SECURITY EDUCATION For staff of Providence Clinical Service Joint Ventures
3 INTEGRITY AND COMPLIANCE Section 1
4 The services provided are governed by a variety of federal and state laws and regulations that aim to prevent fraud (being dishonest in order to be paid money or to get other benefits), waste (using health care resources when they are not necessary) and abuse (adopting bad business practices that result in being paid undue money). Violations of fraud, waste and abuse laws and regulations can be prosecuted criminally and/or enforced civilly.
5 The FCA covers fraudulent claims paid by a government program such as Medicare or Medicaid. Submitting a claim for payment that contains false or fraudulent information could trigger the FCA. Our organization should only bill for services that were provided and documented in the medical record. To avoid violating the FCA, you should not: Change a diagnosis for the purpose of getting a claim reimbursed without supporting documentation, Falsify statements in the medical record to receive payment, or Bill for services not provided. FCA Key Points Documentation must be clear and legible Documentation must be present in the medical record Documentation must identify who requested and provided the services performed Documentation must support all services billed, including laboratory tests, medications and therapy sessions
6 The AKS prohibits giving or receiving anything of value in exchange for or to induce patient referrals for services or items payable by Medicare or Medicaid, unless an exception (known as Safe Harbor ) is met. The AKS is a federal statute that applies to physicians, facilities and others who are in a position to make or influence referrals and covers activities such as: Discounts or Rebates Kickbacks Bribes Examples of AKS Violations Payments to physicians or facilities for referrals Reimbursing the cost of a physician s travel and expenses for a conference in exchange for referrals Use of free or significantly discounted office space or equipment in exchange for referrals
7 The Stark Law prohibits physicians from making referrals for specific types of services (called designated health services ) to entities with which the physician or his/her immediate family has a financial interest such as an ownership or compensation arrangement. Under the law, referrals are prohibited unless an exception is met; the intent of the parties is irrelevant. Designated Health Services Laboratory Physical, speech & occupational therapy Radiology & imaging Radiation therapy & supplies Durable medical equipment & supplies Prosthetics/devices Orthotics & supplies Home health services & supplies Outpatient prescription drugs Outpatient/inpatient hospital services
8 Conflicts of Interest (COI) occur when personal interests or activities influence or appear to influence a caregiver s actions and decisions. They also occur when we allow another interest to be more important to our decisions than the interests of our organization and those who provide services on behalf of our organization. As caregivers, we should avoid activities and relationships that may impair our independent judgment and unbiased decision-making. Recuse yourself from all decisions in which you have a COI. We do not use our position for personal gain or advantage, or to assist others, including family members, from profiting in any way at the expense of our organization. A COI happens when the impartiality of our organization caregiver is called into question because of the person s actions. These actions can include accepting gifts from patients or their family members, vendors and others; and having a close relationship with someone in a position to influence your behavior at work. CONFLICTS OF INTEREST COI
9 Caregivers should keep relationships with patients and their family members, vendors, non-employed physicians and their offices and other third parties impartial, and avoid accepting gifts or other items of value. Accepting gifts and offers of entertainment creates a risk that our judgment and decisions can be influenced. In some cases, acceptance of gifts and entertainment may be considered a violation of federal and/or state laws. Any gift, regardless or value, may not be accepted if the circumstances surrounding the giving and receipt of the gift indicate the intent to influence your behavior or decision making. GIFTS AND ENTERTAINMENT G&E
10 DISRUPTIVE BEHAVIOR Disruptive behavior is a style of interaction. It can involve staff, physicians, patients, family members and others. Disruptive behavior could interfere with patient care and our operations. We do not tolerate disruptive behavior. Our behavior should always be appropriate and promote a positive workplace environment. Examples of such behaviors include, but are not limited to: Treat everyone in a respectful manner Speak in a respectful tone Handle conflicts or disagreements in an appropriate manner and setting Provide constructive feedback
11 EFFECTIVE COMMUNICATION IS IMPORTANT Healthcare organizations are required to provide effective means of communication for patients, family members or companions and visitors wherever and whenever they are interacting with caregivers. It is the law: Americans with Disabilities Act (ADA), Title VI, Section 504 of the Rehabilitation Act of 1973: 45 CFE Part 84 It is a regulatory requirement; CMS, TJC, DNV
12 WHAT SHOULD YOU DO? Assess each patient s communication needs: At first contact When setting up an appointment Ask each patient: Do you or your family member or other companion have any hearing, vision or language communication needs? What help do you or your companion need to communicate? Ensure each patient, family member or other companion knows about and how to access services.
13 All services, assistive devices & interpretation are provided to patients and/or family members or other companions free of charge. Some examples of services are: Exchanging written notes or using a computer key board & screen to type our brief and simple conversations Helping a person with vision loss fill out paperwork, reading the patient materials out loud to the person, or taking notes for the person Providing written, large print, braille or tape recorded information Using Sign Language or oral interpreter for patients/visitors with sensory loss (deaf, deaf-blind, hard of hearing) Using Communication Boards or use of materials with graphics Using auxiliary/assistive devices for the patient/companion/visitor, such as TTYs, video remote interpreting services or telephone handset amplifiers. Always ask each person their preferred method of communication and make every effort to accommodate their request. Document in the patients chart the expressed preference and the accommodation provided to the patient, family member or other companion.
14 To comply with important regulatory and legal requirements, our organizations expects caregivers to prepare and maintain accurate records. Records include financial records, claims for payment, patient records, caregiver records, student records, and expense records. Caregivers are prohibited from altering and destroying records or information that can be relevant to a government investigation. Our organization is committed to an effective records management system that preserves records essential to documenting the business transactions and legal obligations of our organization. RECORDS Accuracy and Retention
15 Federal law protects caregivers from retaliation even if the claim turns out to be unfounded, as long as it was made in good faith. Retaliation is any negative action that adversely impacts a caregiver because of the caregiver s good faith report of concerns about misconduct or for assisting in the investigation of a concern. NON RETALIATION Reporting a Concern
16 If contacted by a government investigator, you should respond appropriately to the request and use caution to ensure you do not interfere with a government inquiry. If you are contacted for information, you should take the following actions: 1) Identify and document the investigator s information: I. In person contact- Request to view identification and note the name, title, and office location of the investigator II. Other contact All the above and return phone number of the caller 2) Contact your supervisor immediately. You are not required to follow this procedure before participating in a government investigation concerning the terms and conditions of your employment consistent with state and federal laws. If you are asked to participate in a government interview, you are free to do so, but are not required to without a subpoena. If you choose to grant an interview, you should be aware that what you say could be used against you, even if you have not been provided your Miranda warnings. If you would like to grant the interview but would like to have legal counsel present, contact your supervisor for assistance. GOVERNMENT INVESTIGATORS Use Caution **Our organization is committed to investigating all alleged violations of laws, policies, standards or procedures. Any corrective action will be based on the facts and circumstances of the violation. Violations may result in disciplinary action up to and including termination of employment and could result in fines, civil and/or criminal penalties.
17 PRIVACY AND SECURITY Section 2
18 PRIVACY VS INFORMATION SECURITY To get started, we must first understand the difference between privacy and information security. Keeping a patient record confidential? Limiting access to human resource records? Think Privacy. Privacy restricts the use and disclosure of confidential patient, client, caregiver and business information with which we work each day. Traveling with a laptop? Worried about a phishing ? Think Information Security. Security practices and technology protect confidential information and keep our computer system secure.
19 Privacy and security requirements must be enforced for Protected Health Information (PHI), Personally Identifiable Information (PII), and Confidential Information (CI), which include internal documents, patient medical records or data which, if lost or stolen, could compromise the privacy of our patients and caregivers, or seriously damage our business or our reputation. Protecting this information through strong privacy and security practices is everyone s responsibility. PHI: Any information, including demographic information, that is created or received by the covered entity and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; the past, present, or future payment for the provision of health care to an individual; and that identifies the individual or for which there is a reasonable basis to believe the information can be used to identify the individual. PHI includes information concerning persons living or deceased (less than 50 years) and may be written, oral or electronic. PII: Information that uniquely identifies an individual (e.g., name plus one of the following: social security number, driver s license or ID card number, date of birth, financial information such as credit card number). Most states have laws requiring that individuals be notified in certain circumstances if their PII has been compromised. CI: Any information, regardless of format, about patients, caregivers, students, residents, or business operations that the organization deems should not be available without specific authorization. Loss or inappropriate access to this kind of data could harm patients and the organization s ability to do business. Confidential information includes but is not limited to PHI, ephi, PII, card holder data (PCI), caregiver information, and financial information.
20 UNAUTHORIZED ACCESS No one has a right to access or use patient information for reasons other than the performance of his or her duties. This protects the privacy of the patient. Remember to access and use only the information you need to do your job. Do not look up your spouse s, children s or family members medical records Do not look up medical records of a fellow employee Do not look up the records of a celebrity or VIP Do not share information about patient care with anyone who doesn t have a need to know
21 PRACTICES THAT PROTECT INFORMATION To protect information, all of the organization s caregivers have a responsibility to keep computers, network systems, laptops and other mobile devices secure. Here is a list of actions you can take to secure such information: Protect your unique IDs and passwords Use only your own ID and password to access systems Use different passwords for work and personal accounts Access only the minimum necessary to perform your job duties Lock your screen or close your application when you are away from your workstation Do not open any links or attachments in s from people you do not know
22 When traveling, there are additional steps you should take to protect information on mobile devices: Keep any mobile device in a secure location when it is not in use (e.g., behind locked doors and drawers) or keep it in your possession Do not leave mobile devices or confidential information in an unattended vehicle without taking additional security measures Turn your laptop off if you must travel between sites to ensure any encryption is enabled Rather than bringing confidential information off-site, if possible use a secure remote connection to access your work. Refer to local policies for more information. PRACTICES THAT PROTECT INFORMATION Traveling
23 CI, Confidential Information, (including Protected Health Information and Personally Identifiable Information) can only be transmitted via text in an emergency. Prior to texting CI you must first attempt to relay the information over the telephone. If no other option exists the following guidelines must be followed when texting: Only provide the minimum amount of information needed to convey the message. Never text financial information. Direct messages only to individuals authorized to view the data. Update addresses in your device regularly to ensure messages are received by those intended. Do not store confidential information on the device. Messages should not be stored on the device and must be promptly deleted from the in-box and the deleted items. Do not use the auto forwarding feature. Texting is NOT encrypted! TEXTING AND PATIENT PRIVACY CI, PHI, PII
24 PHOTOGRAPHY Photos may be required as part of a medical record. If the photograph is necessary as part of the medical record or for treatment of the patient follow all approved processes. Approved processes should also be followed to securely transmit and store the photo within the medical record. If the picture is being taken where other patient s are present, take care not to include any other patient in the phone that is not intended to be in the photo.
25 SOCIAL MEDIA Social media use should be approached in ways that are compliant with laws and regulations. As a caregiver, you cannot share patient confidential, or proprietary information, photographs or videos about Providence on personal sites. This restriction does not apply to pictures or videos of Providence s name, logo or premises taken while engaged in concerted activities.
26 Unfortunately, cybercriminals use social media to trick people into performing actions or sharing confidential information (CI) they would not ordinarily share. You should always be cautious about whom you befriend via social media and limit any personal information you share. Rule #1 is NEVER provide CI or information about the organization s patients or caregivers in any social media environments. You can avoid the traps created by cybercriminals by adhering to the following tips: If something sounds too good to be true, assume that it is not true Do not automatically trust a message or post on a social networking site just because it looks authentic or professional Be suspicious of links provided within social media sites and be sure to check the URL in the address bar to ensure the link goes to the legitimate location Be careful when accepting friend requests and consider an off-line verification process (e.g., follow-up phone call)
27 To protect the privacy of the people we serve, never send CI unencrypted. When CI is sent to an address outside the network, send the using the approved encryption process. CI leaks from our system when: You transmit information to be posted to 3 rd party applications such as Evernote, icloud, Google Docs, etc.; You automatically forward messages to non-organization accounts; and You send CI or sensitive business information to your personal accounts. SENDING INFORMATION SECURELY Confidential Information (CI)
28 In 2014 the number of phishing attacks increased dramatically. Phishing is an attack that allows cybercriminals to access a private computer network. Through phishing cybercriminals can overcome these protections by gaining the cooperation of people to share their credentials. Once they have these credentials, they get inside our network. Phishing attacks are plentiful because they are easy for criminals to execute and the payoff can be substantial. your mailbox is almost full Phishing can often look legitimate, which increases the chances of a caregiver responding to it. When a caregiver clicks on the link it takes them to a fraudulent website, where malicious software harvests their information (e.g., username, password and credentials used to log on to the network). Do not open attachments or click on any links provided in a suspicious . Our organization will never ask for your user I.D. or password via . If you receive a suspicious in your account, delete it. PHISHING ATTACKS
29 HIPAA/HITECH FINAL RULES In 2013 the Department of Health and Human Services (HHS) released final rules which amend provisions of the Health Insurance Portability and Accountability Act (HIPAA). The new rules require covered entities to notify affected patients and the Office for Civil Rights (OCR) of breaches of protected health information (PHI). The final rules define breach as an unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information. PLUS
30 BREACH REPORTING For HIPAA covered entities, an impermissible acquisition, access, use, or disclosure of PHI is now presumed to be a reportable breach unless you can demonstrate that there is a low probability that the PHI has been compromised. To demonstrate a low probability that PHI was compromised, a risk assessment must be performed by the covered entity s Privacy Officer. A breach is treated as discovered by the covered entity on the first day the breach is known to the covered entity, or by exercising reasonable due diligence, should have been known to the covered entity. It is important to remember that breach discovery is not related to when management or compliance becomes aware. In the event of a breach, our organization has the burden of proof to demonstrate that an unauthorized disclosure is not a breach. This means that if no action is taken to show that an unauthorized disclosure is not a breach, then the covered entity must notify the patient and OCR.
31 With the changes to the definition of breach, it is more important than ever for caregivers to follow the Minimum Necessary Requirement when using or disclosing PHI. The Minimum Necessary Requirement means only accessing or disclosing PHI needed to do your job. Caregivers should ask themselves these questions to determine if access is needed: Do I need to access this information for a work-related task I am assigned to do? What is the minimum amount of information I need to get the job done?
32 YOU HAVE COMPLETED THE ICPS POWER POINT EDUCATION The End
Compliance Training for Medicare Programs Version 1.0 2/22/2013 Independence Blue Cross is an independent licensee of the Blue Cross and Blue Shield Association. 1 The Compliance Program Setting standards
HIPAA AND COMPLIANCE LEARNING MODULE #2 For Clinical Students and Instructors HWCA- South Central- Southwest Member Clinical Sites HEALTH CARE WORKFORCE ALLIANCE Revised August 2011 Objectives 2 At the
2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S 2012 Revised 1 Introduction CMS Requirements As of January 1, 2011, Federal Regulations require that Medicare Advantage Organizations (MAOs) and
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
Fraud Waste and Abuse Training First Tier, Downstream and Related Entities ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009 Overview Purpose Care1st/ ONECare Compliance Program Definitions
Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network Contents Compliance, Code of Conduct & Ethics Program 1 What is the CCCN Code of Conduct? 2 Operating Philosophies 2 Employee
Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent
Fraud Waste and Abuse Training First Tier, Downstream and Related Entities Revised: 04/2010 OVERVIEW Centene Corporation Purpose Bridgeway Compliance Program Definitions of Fraud Waste & Abuse Laws and
Disclaimer This document is not intended to be copied, reproduced, altered, or disseminated for training purposes on the departmental level. It is only intended to be used as a resource. ALL HIPAA training
Compliance and Program Integrity Melanie Bicigo, CHC, CEBS firstname.lastname@example.org 906-225-7749 Define compliance and compliance program requirements Communicate Upper Peninsula Health Plan (UPHP) compliance
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc email@example.com 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
I. PURPOSE PHI Air Medical continually strives to provide high quality emergency care and medical transportation services to our patients, and to maintain high standards of integrity in our dealings with
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
Sanchez Energy Corporation Code of Business Conduct and Ethics Introduction The Board of Directors (the Board ) of Sanchez Energy Corporation (the Company ) has adopted this Code of Business Conduct and
Page No. 1 of 8 1. POLICY: This policy defines the commitment that PHI Air Medical, L.L.C (PHI Air Medical) has to conducting our activities in full compliance with all federal, state and local laws. Our
Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security
CODE OF CONDUCT Providers, Suppliers and Contractors Table of Contents Code of Conduct... Honesty and integrity... Quality and Service... Responsibilities of Providers, Suppliers and Contractors... Compliance
LEARNING MODULE: HIPAA AND COMPLIANCE For Clinical Students and Instructors Greater Green Bay Healthcare Alliance www.ggbha.org Updated June 27, 2014 This learning module must be reviewed by students and
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
Scope: Organizationwide Page 1 of 9 I. Purpose The purpose of this policy is to provide direction to staff members to assist in carrying out daily activities within appropriate ethical and legal standards.
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
Privacy Compliance Health Occupations Students Health Occupations Students The information in this power point is the same information provided to new SCHS caregivers at their orientation. We cannot stress
Course Objectives Learn about the most important elements of the compliance program; Increase awareness and effectiveness of our compliance program; Learn about the important laws and what the government
Gwinnett Health System s Annual Education 2014 Corporate Compliance: Our Commitment to Excellence Prepared by: The Office of Corporate Compliance & HIPAA Administration Objectives After completing this
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
2013 Compliance Training for Contractors and Vendors Module 3 Protecting Privacy & Security in the Health Care Setting For Internal Training Purposes Only. After completing this training, learners will
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
Code of Conduct WHAT IS A COMPLIANCE PLAN AND CODE OF CONDUCT? The Compliance Plan and Code of Conduct are formal statements of EPIC s standards and rules of ethical business conduct. We need a Compliance
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
Stark, False Claims and Anti- Kickback Laws: Easy Ways to Stay Compliant with the Big Three in Healthcare In health care, we are blessed with an abundance of rules, policies, standards and laws. In Health
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
Fraud, Waste and Abuse Training 1 Why Do I Need Training? Every year millions of dollars are improperly spent because of fraud, waste and abuse. It affects everyone, Including YOU. This training will help
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
CODE OF CONDUCT American Ambulance continually strives to provide high quality emergency care and medical transportation services to our patients, and to maintain high standards of integrity in our dealings
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
1. PURPOSE CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES Champaign County Nursing Home ( CCNH ) has established anti-fraud and abuse policies to prevent fraud, waste, and abuse
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title
Message from the Co-Chairmen and Chief Executive Officers As each of us works to meet individual and Company-wide business goals here at Torchmark, we must all ensure that the work we perform and the business
To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information
APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
Procedure Name: HITECH Breach Notification The ReHabilitation Center 1439 Buffalo Street. Olean. NY. 14760 Purpose To amend The ReHabilitation Center s HIPAA Policy and Procedure to include mandatory breach
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
Neighborhood requires compliance with all laws applicable to the organization s business, including insistence on compliance with all applicable federal and state laws dealing with false claims and false
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
PAGE 1 OF 5 I. PURPOSE The purpose of this Policy is to fulfill the requirements of Section 6032 of the Deficit Reduction Act of 2005 by providing to Creighton University employees and employees of contractors
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
Protecting Patient Privacy It s Everyone s Responsibility Observation & Student Learning Packet 1. Read packet Instructions for Self-Study Module 2. Complete post-test. A score of 80% must be achieved.
REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
CODE OF ETHICS AND PROFESSIONAL CONDUCT Mission To provide adults, caregivers and families with programs and services promoting an enhanced quality of life. Family Alliance, Inc. has a clearly stated charitable
HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address
Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY
HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,
GENERAL COMPLIANCE TRAINING CIA YEAR ONE REVIEW AND CERTIFICATION INTRODUCTION Supporting the mission and vision of Broward Health requires commitment to compliance, integrity and dedication to the highest
Code of Conduct Our vision A company where the best people want to work. The world leader in chemical distribution, providing unparalleled connectivity between customers and suppliers. 2 Univar s guiding
HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
Fraud, Waste & Abuse Training Course for UHCG Employees Overview The Centers for Medicare & Medicaid Services (CMS) require Medicare Advantage Organizations and Part D Plan Sponsors to provide annual fraud,
CODE OF CONDUCT Our commitment to ethical conduct and compliance depends on all UHS personnel. If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, discuss it with your
Helix Energy Solutions Group, Inc. Code of Business Conduct and Ethics Introduction This Code of Business Conduct and Ethics ( Code ) covers a wide range of business practices and procedures. It does not
Page: 1 of 7 EADS-NA Code of Ethics Introduction The Company demands high ethical standards of conduct from its directors, employees, and agents and will conduct its business with honesty, integrity, and
These training materials are divided into three topics to meet the responsibilities stated on the previous pages: Fraud, Waste, Compliance Program Standards of Conduct Although the information contained