STATEMENT OF PURPOSE:

Size: px
Start display at page:

Download "STATEMENT OF PURPOSE:"

Transcription

1 Policy Number: Page: Page 1 of 5 STATEMENT OF PURPOSE: The purpose of this policy is to provide guidelines on the appropriate use of Secure for patient/physician communications and transmission of Protected Health Information via the OUHSC Exchange system. OU Physicians Clinics should use Secure Messaging via the IDX Centricity Electronic Medical Record (EMR). DEFINITIONS: (1) Secure - an application that allows messages sent via OUHSC Exchange system to be delivered to an recipient in the form of a URL. The message resides on a secure server through a logon with a username and password. (2) Expired Message - a message that has been delivered to the recipient s address and has not been accessed via the URL link within the specified time (14 days), after which the URL and the message become inaccessible. (3) Patient Reply - patient response to the message. (4) Critical Results - results that require immediate intervention or are lifethreatening. (5) Protected Health Information (PHI) - any information about health status, medical treatment, or payment for health care that can be linked to an individual. (6) Release of Information: a signed authorization is required if the patient requests a copy of their medical record. A physician may release a patient s medical record / information directly to the patient without a signed authorization form, if it is the physician s desire (versus the patient s request) that the patient have the information. (7) Sender - the provider or designee who initiates the secure message. SCOPE: This policy addresses the Secure functionality available in the OUHSC MS Exchange/Proofpoint system. It is not intended to provide direction regarding any other messaging application.

2 Policy Number: Page: Page 2 of 5 POLICY: The primary contact address for the patient will be maintained by the sending department. Secure will not be utilized for: Advertising and marketing Release of personal health information / medical records Recruiting of patients Dismissal of patients (1) Communication: a) A number of types of Secure communication are allowed, such as typical test results, appointment reminders, etc. (If results are abnormal but acceptable, this should be reflected in the communication.) b) Critical Results shall not be communicated electronically until the patient has already had contact via another form of communication or all other methods of communication have been exhausted. c) All patient/physician communications sent via Secure should be included in the patient medical record. The MS Exchange system is a transport system and not designed to be an EMR or to store Protected Health Information. d) Certain results should be communicated only in person and should not be communicated via Secure Message; i.e., new cancer diagnosis, new HIV diagnosis. e) Personnel with the need to send or receive PHI should request approval from their supervisor or the clinic medical director / clinic administrator. f) Providers should respond to a patient message within 5 days of receipt. A disclaimer must accompany secure messages advising the patient to contact the clinic by other means if concern is warranted. If a provider is unavailable to respond in a reasonable time, a designee must be identified. g) Grammar and content should reflect the professional clinic conversation that would be used with the patient in person. Grammar shortcuts are not acceptable. Only approved abbreviations should be used. Expletive or derogatory comments are not to be included.

3 Policy Number: Page: Page 3 of 5 h) No PHI may be included in the subject line of a message. i) The default setting must include the following language in all messages in accordance with OUHSC policy: Confidentiality Notice This , including any attachments, contains information from clinic name, which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this is prohibited. If you have received this in error, please notify the sender immediately by a reply to sender only message and destroy all electronic and hard copies of the communication, including attachments. (2) Message Expiration: a) Secure Messages will expire in 14 days. Once expired: b) Notification will be given to the sender that the message has not been retrieved, with the option to manually resend. c) Documentation in the chart will be retained to show the message was not retrieved. (3) Attachments: An attachment may be sent via Secure , with the following guidelines: Records should not be attached as a mechanism for release of information (see Definition 6, Page 1) Only signed test results may be attached. For any abnormal result attached, the message must contain in narrative an explanation / interpretation of the abnormal results and any follow-up action needed. Attachments may originate only from the patient s chart.

4 Policy Number: Page: Page 4 of 5 (4) Referrals: Information on referral appointments may be sent via secure message if the appointment is greater than 14 days out. If the appointment is less than 14 days out, another form of notification must be used. (5) Inappropriate use of Secure Messaging: a) By Patients: Inappropriate use is to be identified by the clinic staff or provider and includes, but is not limited to: inappropriate language threatening language requesting release of information requesting medication / treatment without a recent visit i. Response to inappropriate use shall be via one or more of the following: Redirect to the appropriate entity, i.e. (release of information requests are referred to Medical Records) Notify the patient of inappropriate use Disable Secure Messaging Account Phone: Redirect to the appropriate entity, i.e. (release of information requests are referred to Medical Records) Notify the patient of inappropriate use Disable Secure Messaging Account

5 Policy Number: Page: Page 5 of 5 b) By OU Staff: Written Response: Necessary if the patient is going to be dismissed Inappropriate use is to be identified by the Clinic Management. The incident shall be reviewed by the Medical Records Committee. Recommended action shall be carried out by Clinic Management. Disciplinary action may include, but is not limited to: verbal warning written warning performance improvement plan suspension termination Depending upon the severity of the incident, immediate termination may be appropriate. (8) Patient Passwords: Patients who are unable to remember their secure messaging password and/or remember the two security questions to reset/change their password must complete a Secure Messaging Password Reset form. LEGAL/CONTRACT/OUHSC REFERENCE: Consent for Electronic Communication via 45 CFR Parts 160 & 164 Staff Handbook Section 3.22 OUHSC HIPAA Privacy-18, Safeguards

Technical Assistance Document 5

Technical Assistance Document 5 Technical Assistance Document 5 Information Sharing with Family Members of Adult Behavioral Health Recipients Developed by the Arizona Department of Health Services Division of Behavioral Health Services

More information

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter Agreement ) is between COVERED ENTITY NAME (hereinafter Covered Entity ) and BUSINESS ASSOCIATE NAME (hereinafter Business

More information

GUIDANCE October 31, 2008

GUIDANCE October 31, 2008 The University of Chicago Medical Center (UCMC) supports the timely e-mail communication of protected health information (PHI) to promote patient health and safety and efficient customer service while

More information

By the end of this course you will demonstrate:

By the end of this course you will demonstrate: 1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health

More information

Managing the Privacy and Security of Patient Portals

Managing the Privacy and Security of Patient Portals Managing the Privacy and Security of Patient Portals Jacki Monson, JD, CHC Chief Privacy Officer Adam H. Greene, JD, MPH Partner Mayo s Experience with EHR portal Mayo Clinic s biggest site (Rochester)

More information

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability

More information

ADMINISTRATIVE POLICY #45-11(2015) COMMUNICATION VIA ELECTRONIC MAIL

ADMINISTRATIVE POLICY #45-11(2015) COMMUNICATION VIA ELECTRONIC MAIL Policy Title: Communication via Electronic Mail Policy Type: Administrative Policy Policy Number: 45-11 (2015) Approved: 09/22/2015 Responsible Office: Human Resources/Student Affairs Responsible Executive:

More information

Managing Privacy and Security Challenges of Patient EHR Portals

Managing Privacy and Security Challenges of Patient EHR Portals Managing Privacy and Security Challenges of Patient EHR Portals Jacki Monson, JD, CHC Adam H. Greene, JD, MPH DISCLAIMER: The views and opinions expressed in this presentation are those of the author and

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy & Security - Sanctions 10210

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy & Security - Sanctions 10210 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy & Security - Sanctions 10210 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy Title:

More information

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9 1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

HIPAA Compliance Policies and Procedures. Privacy Standards:

HIPAA Compliance Policies and Procedures. Privacy Standards: Privacy Standards: Policy Name: Protected Health Information Policy #: 1-01 Reference: 45 CFR 164 Performance Physical Therapy will not use or disclose protected health information without the consent

More information

UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:

UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by: UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: ALCOHOL & SUBSTANCE ABUSE INFORMATION Page 1 of 10 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy

More information

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY Purpose: The following privacy policy is adopted to ensure that the Sarasota County Government Employee Medical Benefit Plan

More information

COUNCIL POLICY NO. C-13

COUNCIL POLICY NO. C-13 COUNCIL POLICY NO. C-13 TITLE: POLICY: Identity Theft Prevention Program See attachment. REFERENCE: Salem City Council Finance Committee Report dated November 7, 2011, Agenda Item No. 3 (a) Supplants Administrative

More information

COLUMBIA UNIVERSITY EMAIL USAGE POLICY

COLUMBIA UNIVERSITY EMAIL USAGE POLICY COLUMBIA UNIVERSITY EMAIL USAGE POLICY Published: October 2013 I. Introduction Email is an expedient communication vehicle to send messages to the Columbia University community. The University recognizes

More information

U.S. Bank Secure Mail

U.S. Bank Secure Mail U.S. Bank Secure Mail @ Table of Contents Getting Started 3 Logging into Secure Mail 5 Opening Your Messages 7 Replying to a Message 8 Composing a New Message 8 1750-All Introduction: The use of email

More information

Procedure Title: TennDent HIPAA Security Awareness and Training

Procedure Title: TennDent HIPAA Security Awareness and Training Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary

More information

MCCP Online Orientation

MCCP Online Orientation Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.

More information

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? 6/28/2012

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? 6/28/2012 DIRECTIONS HIPAA Privacy/Security Personal Privacy Catholic Charities On-line Training July 2012 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is entered into by and between the Board of Regents of the University of Wisconsin System on behalf of the [insert name

More information

HIPAA Security Education. Updated May 2016

HIPAA Security Education. Updated May 2016 HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)

More information

PATIENT REGISTRATION FORM

PATIENT REGISTRATION FORM 201 N. Park Ave Suite 201 Apopka, FL 32703 Office (407)228-3180 Fax: (407)-228-3725 PATIENT REGISTRATION FORM Last Name: First Name: Middle Initial Male Female Date of Birth: Marital Status: Single Married

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

Nursing Home Facility Implementation Overview

Nursing Home Facility Implementation Overview DrConnect Improved Communication; Improved Care Nursing Home Facility Implementation Overview clevelandclinic.org/drconnect Cleveland Clinic 1995-2013. All Rights Reserved. Table of Contents Table of Contents...2

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION This Agreement governs the provision of Protected Health Information ("PHI") (as defined in 45 C.F.R.

More information

UMHS Electronic Health Information Access Agreement

UMHS Electronic Health Information Access Agreement UMHS Electronic Health Information Access Agreement Made effective the of, by and between The Regents of the University of Michigan, on behalf of the University of Michigan Health System, ( UMHS ) and

More information

Ability to view, download, or print a "Continuity of Care Document" or "Health Summary".

Ability to view, download, or print a Continuity of Care Document or Health Summary. The Salina Pediatric Care patient portal offers secure viewing and communication as a service to patients who wish to view parts of their records and communicate with our staff. This can be a valuable

More information

Forrestville Valley School District #221

Forrestville Valley School District #221 Forrestville Valley School District #221 Student Acknowledgment of Receipt of Administrative Procedures for Acceptable Use of the Electronic Network 2015-2016 All use of electronic networks shall be consistent

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

HIPAA Notice of Privacy Practices - Sample Notice. Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520)

HIPAA Notice of Privacy Practices - Sample Notice. Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520) HIPAA Notice of Privacy Practices - Sample Notice Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520) The information provided in this document does not constitute, and is no substitute

More information

ARKANSAS OFFICE OF HEALTH INFORMATION TECHNOLOGY (OHIT) PRIVACY POLICIES

ARKANSAS OFFICE OF HEALTH INFORMATION TECHNOLOGY (OHIT) PRIVACY POLICIES ARKANSAS OFFICE OF HEALTH INFORMATION TECHNOLOGY (OHIT) PRIVACY POLICIES OHIT wishes to express its gratitude to Connecting for Health and the Markel Foundation for their work in developing the Common

More information

Glenmeadow, Inc. Terms and Conditions of Use Legal Notices/ Privacy Policy

Glenmeadow, Inc. Terms and Conditions of Use Legal Notices/ Privacy Policy Glenmeadow, Inc. Terms and Conditions of Use Legal Notices/ Privacy Policy Medical Disclaimer Glenmeadow is a senior living retirement community providing assisted and independent senior living options

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records. PRIVACY 11.0 DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have

More information

MEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA

MEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA MEDICAL OFFICE COMPLIANCE TOOLKIT The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA MEDICAL OFFICE COMPLIANCE TOOLKIT The Complete Medical Practice Compliance Resource HIPAA HITECH

More information

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 Effective Date: 5/18/15 NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a

More information

PRIVACY AND INFORMATION SECURITY WORKFORCE TRAINING

PRIVACY AND INFORMATION SECURITY WORKFORCE TRAINING PRIVACY AND INFORMATION SECURITY WORKFORCE TRAINING PURPOSE The federal Health Insurance Portability and Accountability Act (referred to as HIPAA or the Privacy Rule ) requires that a covered entity must

More information

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Original effective date: 2003 Effective date of last Revision: July 17, 2013 CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Caring Hospice Services of Connecticut Caring Hospice Services of New York

More information

General Department Policies & Procedures

General Department Policies & Procedures General Department Policies & Procedures Title SMS Text Messaging Policy Document Code No. Department/Issuing Agency Public Health Seattle & King County Approved Effective Date. August 23, 2013 DPH Director

More information

Subscription Administrator Guide. For GS1 Canada Services

Subscription Administrator Guide. For GS1 Canada Services For GS1 Canada Services The information contained in this document is privileged and confidential and may otherwise be exempt from disclosure under applicable law. It is intended solely for the entity

More information

meridianemr PATIENT PORTAL Release Notes

meridianemr PATIENT PORTAL Release Notes meridianemr PATIENT PORTAL Release Notes Click HERE to watch the video tutorials http://hitsehrtraining.com/training/memr/new%20releases/5_9/index.html Version 2.0 July 14, 2014 TABLE OF CONTENTS Contents

More information

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure E-Mail User Guide. Version 1.0.

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure E-Mail User Guide. Version 1.0. Pennsylvania Department of Public Welfare Bureau of Information Systems Secure E-Mail User Guide Version 1.0 August 30, 2006 Table of Contents Introduction... 3 Purpose... 3 Terms of Use Applicable to

More information

HIPAA and You The Basics

HIPAA and You The Basics HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information

More information

HIPAA Privacy Overview

HIPAA Privacy Overview HIPAA Privacy Overview General HIPAA stands for a federal law called the Health Insurance Portability and Accountability Act. This law, among other purposes, was created to protect the privacy and security

More information

Please Note: Please send all documentation related to the credentialing portion of this documentation to:

Please Note: Please send all documentation related to the credentialing portion of this documentation to: Please ote: The application process is split into different actions. Please send all documentation related to the contracting portion of this documentation to: Fax to: (916)350-8860 Or email to: BSCproviderinfo@blueshieldca.com

More information

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project HIPAA Compliance And Participation in the National Oncologic Pet Registry Project Your facility has indicated its willingness to participate in the National Oncologic PET Registry Project (NOPR) sponsored

More information

HIPAA Compliance. 2013 Annual Mandatory Education

HIPAA Compliance. 2013 Annual Mandatory Education HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL What is HIPAA? Comprehensive federal legislation regarding health insurance which is comprised of four key areas:

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

El Paso Integrated Physicians Group

El Paso Integrated Physicians Group El Paso Integrated Physicians Group Policy Name Policy Number HIPAA Compliance Program OP95 Effective Date 4/1/2014 Supersedes Policy Dated 9/20/2013 References: HIPAA, 2009 Hitech Act Amendments. Decision

More information

Keeps a physician up to date on all laws and regulations affecting medical practice.

Keeps a physician up to date on all laws and regulations affecting medical practice. Dear Doctor: Thank you for the inquiry you made to the Cooperative of American Physicians, Inc. (CAP). The accompanying document that addresses your professional liability question is published by the

More information

ACCEPTABLE USE OF TECHNOLOGY

ACCEPTABLE USE OF TECHNOLOGY IIBE Page 1 ACCEPTABLE USE OF TECHNOLOGY Internet and computer network and non-network access is available to authorized students, teachers, and other staff in the. Albemarle County Public Schools primary

More information

Department of Veterans Affairs VHA HANDBOOK 1003.3. Washington, DC 20420 October 15, 2003

Department of Veterans Affairs VHA HANDBOOK 1003.3. Washington, DC 20420 October 15, 2003 Department of Veterans Affairs VHA HANDBOOK 1003.3 Veterans Health Administration Transmittal Sheet Washington, DC 20420 October 15, 2003 RESPONDING TO ELECTRONIC INQUIRIES FROM THE VA INTERNET HOMEPAGE

More information

APPENDIX 1: Frequently Asked Questions

APPENDIX 1: Frequently Asked Questions APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).

More information

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

More information

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is

More information

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain

More information

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between Franciscan Health System ( Hospital ), and ( Community Partner ). RECITALS

More information

Directory and Messaging Services Enterprise Secure Mail Services

Directory and Messaging Services Enterprise Secure Mail Services Title: Directory and Messaging Services Enterprise Secure Mail Services Enterprise Secure Mail Services for End Users Attention: Receivers of Secure Mail Retrieval of Secure Mail by the Recipient Once

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Clinical Solutions. 2 Hour CEU

Clinical Solutions. 2 Hour CEU 1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected

More information

Electronic Medical Records Private. Secure. Practical. www.ehealthwv.org

Electronic Medical Records Private. Secure. Practical. www.ehealthwv.org Electronic Medical Records Private. Secure. Practical. www.ehealthwv.org Quick Retrieval Storing medical records electronically allows for quick retrieval of patient information by physicians and clinical

More information

Protection of Clients' Personal Health Information G & G LIVING CENTERS, INC.'s Privacy Practices

Protection of Clients' Personal Health Information G & G LIVING CENTERS, INC.'s Privacy Practices Protection of Clients' Personal Health Information G & G LIVING CENTERS, INC.'s Privacy Practices G & G Living Centers, Inc. has had a longstanding commitment to protecting the privacy of its clients'

More information

Practice Name: Brief overview of your intended scope of practice at Anna Jaques Hospital:

Practice Name: Brief overview of your intended scope of practice at Anna Jaques Hospital: Medical Staff Application for Initial Appointment Supplemental Page Introduction (to be presented to the Credential Committee): Practice Name: Brief overview of your intended scope of practice at Anna

More information

UC Irvine Health Secure Mail Message Center

UC Irvine Health Secure Mail Message Center UC Irvine Health Secure Mail Message Center UC Irvine Health is committed to protecting the privacy of its member s information, especially their protected health information (PHI). UC Irvine Health is

More information

Please look for comments in yellow boxes below to see how your service with RemitDATA is protected under this latest CMS communication.

Please look for comments in yellow boxes below to see how your service with RemitDATA is protected under this latest CMS communication. Please look for comments in yellow boxes below to see how your service with RemitDATA is protected under this latest CMS communication. Related Change Request (CR) #: N/A Medlearn Matters Number: SE0461

More information

Kaiser Permanente Affiliate Link Provider Web Site Application

Kaiser Permanente Affiliate Link Provider Web Site Application Kaiser Foundation Health Plan of Colorado Kaiser Permanente Affiliate Link Provider Web Site Application FOR PROVIDERS CONTRACTED WITH KAISER IN THE COLORADO REGION ONLY Page 1 of 7 Kaiser Permanente Affiliate

More information

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011 HIPAA Considerations for Small Non-Profits Jill M. Girardeau July 20, 2011 Mission of Pro Bono Partnership of Atlanta: To provide free legal assistance to community-based nonprofits that serve low-income

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Health Insurance Portability and Accountability Act of 1996 (HIPAA) HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.

More information

Secure E-Mail Management Guide. June 2008

Secure E-Mail Management Guide. June 2008 Secure E-Mail Management Guide June 2008 What are Paychex Secure Messages? To enhance the security of client and vendor data, Paychex created the Paychex Secure E-mail Message Center, a Web site hosted

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

Secure transmission of Protected Health Information (PHI)

Secure transmission of Protected Health Information (PHI) PHI Email Encryption Instructions for External Entities Page 1 of 5 Secure transmission of Protected Health Information (PHI) To ensure that all communications (email, phone, or fax) containing Protected

More information

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of

More information

Additional Information

Additional Information HIPAA Privacy Procedure #17-7 Effective Date: April 14, 2003 Reviewed Date: February, 2011 Communication of Electronic Protected Health Revised Date: Information by E-mail Scope: Radiation Oncology ****************************************************************************

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

Protecting Privacy & Security in the Health Care Setting

Protecting Privacy & Security in the Health Care Setting 2013 Compliance Training for Contractors and Vendors Module 3 Protecting Privacy & Security in the Health Care Setting For Internal Training Purposes Only. After completing this training, learners will

More information

Background Information

Background Information User Guide 1 Background Information ********************************Disclaimer******************************************** This is a government system intended for official use only. Using this system

More information

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

ITS Policy Library. 11.08 - Use of Email. Information Technologies & Services

ITS Policy Library. 11.08 - Use of Email. Information Technologies & Services ITS Policy Library Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: December 15, 2010 Last Updated: September 18, 2015 POLICY STATEMENT... 3 REASON

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

ALLINA HOSPITALS & CLINICS System-wide Policy

ALLINA HOSPITALS & CLINICS System-wide Policy ALLINA HOSPITALS & CLINICS System-wide Policy Department: Allina Hospitals & Clinics Corporate Compliance Privacy & Security Compliance Page: 1 of 6 Approved by: Ethics & Compliance Oversight Committee

More information

PERSONAL HEALTH RECORDS AND

PERSONAL HEALTH RECORDS AND PERSONAL HEALTH RECORDS AND THE HIPAA PRIVACY RULE INTRODUCTION A personal health record (PHR) is an emerging health information technology that individuals can use to engage in their own health care to

More information

Assistant Director of Facilities

Assistant Director of Facilities Policy Title ID Number Scope Status Reviewed By IT Security Policy P04001 All Users Policy Assistant Director of Facilities Reviewed Date January 2011 Last Reviewed Due for Review January 2013 Impact Assessment

More information

Exhibit 2. Business Associate Addendum

Exhibit 2. Business Associate Addendum Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing

More information

Clear Creek ISD 084910 CQ (REGULATION) Business and Support Services: Electronic Communications

Clear Creek ISD 084910 CQ (REGULATION) Business and Support Services: Electronic Communications Clear Creek ISD 084910 CQ (REGULATION) SCOPE CONSENT REQUIREMENTS CHIEF TECHNOLOGY OFFICER RESPONSIBILITIES The Superintendent or designee will oversee the District s electronic communications system.

More information

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

The HIPAA privacy rule established federal law to help protect the use and disclosure of patient information. The privacy rule prohibits a covered

The HIPAA privacy rule established federal law to help protect the use and disclosure of patient information. The privacy rule prohibits a covered The HIPAA privacy rule established federal law to help protect the use and disclosure of patient information. The privacy rule prohibits a covered entity from using or disclosing protected health information

More information

Releasing Information

Releasing Information Releasing Information There are 3 kinds of release situations now: our original Release of Information and it s uses under Colorado Law and Professional Ethical Standards; HPAA s Consent to release information

More information