HIPAA Privacy Keys to Success Updated January 2010

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HIPAA Privacy Keys to Success Updated January 2010"

Transcription

1 HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1

2 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative Simplification It s a federal law HIPAA is mandatory, penalties for failure to comply Purpose: Protect health insurance coverage, improve access to healthcare Reduce fraud and abuse Improve quality of healthcare in general Reduce healthcare administrative costs (electronic transactions) HIPAA Job Specific Education 2

3 HITECH and Its Purpose What is HITECH? Health Information Technology for Economic and Clinical Health Act Subtitle D of the American Recovery and Reinvestment Act of 2009 (ARRA) It s a federal law Purpose: Makes massive changes to privacy and security laws Applies to covered entities and business associates Creates a nationwide electronic health record Increases penalties for privacy and security violations HIPAA Job Specific Education 3

4 Key HITECH Changes Breach Notification requirements AOD for treatment, payment, and healthcare operations in electronic health record (EHR) environment Business Associate Agreements Restrictions Right to access Criminal provisions Penalties OCR Privacy Audits Copy charges for providing copies from EHR HIPAA preemption applies to new provisions Private cause of action Sharing of civil monetary penalties with harmed individuals HIPAA Job Specific Education 4

5 Civil Penalties for Noncompliance* Violation Category Each Violation All such violations of an identical provision in a calendar year Did Not Know $100 - $50,000 $1,500,000 Reasonable Cause $1,000 $50,000 $1,500,000 Willful Neglect Corrected $10,000 - $50,000 $1,500,000 Willful Neglect Not Corrected $50,000 $1,500,000 *As of 2/17/09 HIPAA Job Specific Education 5

6 Criminal Penalties for Non-compliance For health plans, providers, clearinghouses and business associates that knowingly and improperly disclose information or obtain information under false pretenses. These penalties can apply to any person. Penalties higher for actions designed to generate monetary gain up to $50,000 and one year in prison for obtaining or disclosing protected health information up to $100,000 and up to five years in prison for obtaining protected health information under "false pretenses" up to $250,000 and up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm HIPAA Job Specific Education 6

7 Facility Privacy Official Your FPO is Cynthia Kean, HIM Director Responsible for: Privacy Program Privacy Rights of patients Requests for Privacy Restrictions Facilitating the training and education of staff HIPAA Job Specific Education 7

8 HIPAA Terminology HIPAA: Health Insurance Portability and Accountability Act HITECH: Health Information Technology for Economic and Clinical Health Act PHI: Protected Health Information CE: Covered Entity (Hospital) ACE: Affiliated Covered Entity (Common ownership) OHCA: Organized Health Care Arrangement (The hospital and medical staff will be considered an Organized Health Care Arrangement) DRS: Designated Record Set (medical record and billing record) AOD: Accounting of Disclosures (patient s right to receive) Directory: Hospital census list used by volunteers and operators with name and room HIPAA Job Specific Education 8

9 How will HIPAA affect you? Coversheets with confidential statement need to be used on all external faxes. Screens will need to be placed out of public view when possible Patient charts will need to be placed in secure area PHI will need to be placed in Cintas containers for disposal Patient family members will give a passcode for other than directory releases Patient information should only be accessed if there is a need to know HIPAA Job Specific Education 9

10 How will HIPAA affect you? Registration will be giving out a Notice of Privacy Practices brochure to every patient concerning our patient privacy protection policy. Patients will be given the option to opt out of our directory. Patients have a right to a copy of their medical record Authorizations need to be obtained from patient to release information for reasons other than for treatment, payment or healthcare operations (TPO) HIPAA Job Specific Education 10

11 What is Protected by HIPAA (PHI)? Name Address including street, city, county, zip code and equivalent geocodes Names of relatives Name of employers All elements of dates except year (i.e. DOB, Admission, Discharge, Expiration, etc.) Telephone numbers Fax Numbers Electronic addresses Social Security Number Medical record number Health plan beneficiary number Account number Certificate/license number Any vehicle or other device serial number Web Universal Resource Locator (URL) Internet Protocol (IP) address number Finger or voice prints Photographic images Any other unique identifying number, characteristic, code HIPAA Job Specific Education 11

12 What is a Covered Entity (CE)? Health plans, Health care clearinghouses, and Health care providers that transmit electronically for billing Examples Hospitals Physician Practices Insurance companies Ambulance Transportation Services Hospice Home Health HIPAA Job Specific Education 12

13 What does that mean to me? You can share information without patient authorization as it relates to TPO Other covered entities will request only minimum necessary to perform their job You may request the minimal information necessary from them for reasons of TPO without patient authorization May need to verify the requestor according to policy HIPAA Job Specific Education 13

14 Disclosing PHI to Family Members and Friends Who Call the Unit Patient will be assigned a four-digit passcode. Knowledge of this passcode will allow information, (PHI), to be shared with the family member or friend Distribution of passcode will be the responsibility of the patient Passcode may be changed during treatment Revocation and password change form must be routed to FPO Passcode will be last 4-digits of patient account number HIPAA Job Specific Education 14

15 Verification of Requestors Requestors via phone will need: Patient SS#, DOB and one of the following: Scenarios Account number, street address, MR#, birth certificate, insurance card or policy number Unknown physician calling from cell phone Family member or friend calling without passcode HIPAA Job Specific Education 15

16 External Faxing Guidelines Limit when possible Verify fax number Utilize preset numbers when applicable Fax machine located in secure location ALWAYS use cover sheet with confidentiality statement for transmittals Highly sensitive information should not be faxed (HIV status, abuse records, etc.) HIPAA Job Specific Education 16

17 Patient s Right to Access Forward to HIM for processing Must be able to provide access and/or hard copy of record If patient is in-house, HIM will manage access process HIPAA Job Specific Education 17

18 Patient s Right to Amend Forward request to HIM for processing Right of patient to request amendment to records. Request must be in writing Cannot change or omit documentation already in the medical record If patient is in-house HIM will manage amendment process HIPAA Job Specific Education 18

19 Patient s Right to Opt out of Directory Patient can opt out of directory at anytime but will probably happen during admission process You may not acknowledge the patient is in the facility or give information about the patient to friends, family or others who may inquire Can still release information to family and friends with 4-digit passcode as defined in the Directory policy. Forward any request for opt out to Registration for processing HIPAA Job Specific Education 19

20 Right to Privacy Restrictions Patients have the right to request a privacy restriction of their PHI NEVER agree to a restriction that a patient may request All requests must be made in writing and given to the FPO to make a decision on NO request is so small that it should not be routed to the FPO HIPAA Job Specific Education 20

21 Patient Privacy Complaints FPO must maintain complaint log in accordance with the complaint process ALL privacy complaints must be routed to the FPO Responses cannot be accompanied by retaliatory actions by the hospital Disposition of complaint must be consistent with the facility s Sanctions for Privacy Violations Risk Management module of Meditech may be used for complaint tracking HIPAA Job Specific Education 21

22 Accounting of Disclosures (AOD) Right to an accounting of disclosures of protected health information An individual has a right to receive an accounting of disclosures of protected health information made by a covered entity in the six years prior to the date on which the accounting is requested, except for disclosures: For TPO To the patient For directory purposes To law enforcement or correctional institutions For national security Additional requirements forthcoming as a result of HITECH regulations HIPAA Job Specific Education 22

23 How will Accounting of Disclosures (AOD) affect me? You must enter information into the AOD for: State mandated reporting Suspected Abuse Victims Certain Disease reporting such as STDs Brain Injury Organ and Tissue Donations Health Oversight Activities (JCAHO) HIPAA Job Specific Education 23

24 Notice of Privacy Practices Patient will receive Notice upon each registration Outlines patient rights Right to access Right to amend Confidential Communication Right to Privacy Restriction Right to Opt out of Directory HIPAA Job Specific Education 24

25 Sharing Information with Other Treatment Providers We can share information with physicians and office staff, hospitals, or other treatment facilities just as we do today Need to verify the requestor according to policy Patient information (PHI) can be released for reasons of treatment, payment or health care operations HIPAA Job Specific Education 25

26 Confidential Communications Request for use of alternate address or phone number for future contact Route any request for Confidential Communications to Admissions Should communicate only with alternate address given HIPAA Job Specific Education 26

27 Breach Notification HITECH provisions require the following notifications when breaches (as defined in the regulations) occur: To the patient To the Department of Health and Human Services To the media when the breach involves more than 500 individuals in the same state or jurisdiction HIPAA Job Specific Education 27

28 Ensuring Security Compliance Ensure users log off terminals when not in use. PC s should have screen savers whenever possible. Computer screens should be positioned so information (PHI) is not readable by the public or other unauthorized viewers Printers should be positioned in protected locations so that printed information is not accessible or viewable by an unauthorized person. PHI must be properly disposed. HIPAA Job Specific Education 28

29 Common Exposures on Nursing Units Discussions of patient information in public places such as elevators, hallways and cafeterias Printed or electronic information left in public view (e.g., charts left on counters) Discussing patient information on social networking sites (e.g., Facebook, Twitter) PHI in regular trash Records that are accessed without need to know in order to perform job duties Unauthorized individuals hearing patient sensitive information such as diagnosis or treatment HIPAA Job Specific Education 29

30 Sanctions 3 levels of violations that require disciplinary action Accidental and/or due to lack of proper education Purposeful violation of privacy policy or an unacceptable number of previous violations Purposeful violation of privacy policy with associated potential for patient harm FPO to review facility sanctions policy examples HIPAA Job Specific Education 30

31 Test Your Knowledge 1. The FPO at JFK Medical Center is: a) Gina Melby, CEO b) The President of the Medical Staff c) Cynthia Kean, HIM Director d) Jim Leamon, CFO 2. Does the patient have the right to access or obtain a copy their medical record? a) Yes b) No 3. Can a patient amend their record? a) Yes b) No 4. What is protected by HIPAA (PHI-Protected Health Information)? a) Telephone number b) Names of relatives c) Photos d) All the above HIPAA Job Specific Education 31

32 Test Your Knowledge 5. What right is NOT provided under HIPAA? a) Right to Opt out of the dictionary b) Right to not pay the bill c) Right to amend d) Right to request Confidential Communication 6. Under HITECH when a breach occurs the following must be notified, EXCEPT: a) The Department of Health and Human Services b) The media when more than 500 individuals reside in the same state or jurisdiction c) The patients next of kin d) The patient 7. One of the purposes of HITECH is to create an electronic health record a) True b) False HIPAA Job Specific Education 32

33 To Test Your Knowledge 8. Patients have the right to request a privacy restriction of their PHI. This request must always be forwarded to the : a) Admitting Physician b) The FPO c) The Chief Nursing Officer d) The Quality Director 9. Criminal penalties for non-compliance can apply to any person a) True b) False 10. Examples of exposure would be a) discussions of a patients diagnosis in the elevator b) PHI in the trashcan c) sharing PHI without an authorization when one is required d) sharing of passwords e) All of the above HIPAA Job Specific Education 33

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

Alliance for Clinical Education (ACE) Student HIPAA Training

Alliance for Clinical Education (ACE) Student HIPAA Training Alliance for Clinical Education (ACE) Student HIPAA Training Health Insurance Portability and Accountability Act of 1996 October 2003 1 Objectives Understand the HIPAA Privacy rules and regulations Understand

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

HIPAA Education Level One For Volunteers & Observers

HIPAA Education Level One For Volunteers & Observers UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act

More information

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,

More information

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability

More information

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3 INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.

More information

MCCP Online Orientation

MCCP Online Orientation Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

HIPAA/HITECH Privacy and Security Training for New Employees

HIPAA/HITECH Privacy and Security Training for New Employees HIPAA/HITECH Privacy and Security Training for New Employees Facility Privacy Official (FPO) Each facility has a designated FPO Every workforce member should be familiar with the facility s FPO Our WFH

More information

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

More information

HIPAA and You The Basics

HIPAA and You The Basics HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

Guadalupe Regional Medical Center

Guadalupe Regional Medical Center Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address

More information

HIPAA PRIVACY OVERVIEW

HIPAA PRIVACY OVERVIEW HIPAA PRIVACY OVERVIEW OBJECTIVES At the completion of this course, the learner will be able to: Define the Purpose of HIPAA Define Business Associate Identify Patients Rights Understand the Consequences

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA POLICY PROCEDURE GUIDE

HIPAA POLICY PROCEDURE GUIDE HIPAA POLICY & PROCEDURE GUIDE HEALTH INFORMATION MANAGEMENT DEPARTMENT Office of Compliance & Audit Services - 1 - Table of Contents I. Patient Requests for Medical Records: Page 3 II. Other Requests

More information

HIPAA Privacy & Security Training for Clinicians

HIPAA Privacy & Security Training for Clinicians HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information

More information

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

Annual Compliance Training. HITECH/HIPAA Refresher

Annual Compliance Training. HITECH/HIPAA Refresher Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance

More information

Department of Health and Human Services Policy ADMN 004, Attachment A

Department of Health and Human Services Policy ADMN 004, Attachment A WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability

More information

HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information

HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information New regulations requiring health care professionals, health plans, and other entities covered by the Health Insurance

More information

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

HIPAA Privacy & Security Health Insurance Portability and Accountability Act HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would

More information

Copyright 2016 State Volunteer Mutual Insurance Company. HIPAA Training for the Medical Office

Copyright 2016 State Volunteer Mutual Insurance Company. HIPAA Training for the Medical Office Copyright 2016 State Volunteer Mutual Insurance Company HIPAA Training for the Medical Office Disclaimer The information and any commentary contained in these training materials is for informational purposes

More information

Virginia Commonwealth University Information Security Standard

Virginia Commonwealth University Information Security Standard Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

HIPAA Privacy & Security Rules

HIPAA Privacy & Security Rules HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to

More information

HIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act.

HIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act. HIPAA/ HITECH HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT Health Information Technology for Economic and Clinical Health Act Revised 4/4/14 1 Your Accountability Quality Care Compliance Reputation

More information

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy

Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is broad federal legislation that includes

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

What is Covered by HIPAA at VCU?

What is Covered by HIPAA at VCU? What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,

More information

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):

More information

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health

More information

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done? Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514

More information

LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois. NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013

LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois. NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013 LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU WILL BE USED AND

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA)... 1 Welcome to HIPAA Awareness Training Content... 3 HIPAA

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

NOTICE OF PRIVACY PRACTICES FOR OUR PATIENTS POTOMAC PHYSICIAN ASSOCIATES, P.C.

NOTICE OF PRIVACY PRACTICES FOR OUR PATIENTS POTOMAC PHYSICIAN ASSOCIATES, P.C. NOTICE OF PRIVACY PRACTICES FOR OUR PATIENTS POTOMAC PHYSICIAN ASSOCIATES, P.C. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules Page 2 Index Privacy 101 and Intermediate Privacy Self-Learning Module 2012 HIPAA Education 3 Instructions Index

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

By the end of this course you will demonstrate:

By the end of this course you will demonstrate: 1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health

More information

HIPAA POLICY PROCEDURE GUIDE

HIPAA POLICY PROCEDURE GUIDE HIPAA POLICY & PROCEDURE GUIDE FRONT END AREAS Office of Compliance & Audit Services - 1 - Table of Contents I. Notice of Privacy Practices: Page 3 II. Disclosing Downstate Directory Information: Page

More information

HIPAA Privacy Overview

HIPAA Privacy Overview HIPAA Privacy Overview General HIPAA stands for a federal law called the Health Insurance Portability and Accountability Act. This law, among other purposes, was created to protect the privacy and security

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Health Insurance Portability and Accountability Act of 1996 (HIPAA) HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA

HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Amended January 23, 2014 This HIPAA compliance manual was prepared for the

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014 HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors

More information

PATIENT PRIVACY RIGHTS: GENERAL GUIDELINES FOR HOSPITALS AND THE MEDIA

PATIENT PRIVACY RIGHTS: GENERAL GUIDELINES FOR HOSPITALS AND THE MEDIA PATIENT PRIVACY RIGHTS: GENERAL GUIDELINES FOR HOSPITALS AND THE MEDIA The Michigan Health & Hospital Association (MHA) Media Guide is designed to assist hospital administrators, nurses, physicians and

More information

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns Boulder County Public Health Volunteer/Intern Services 3450 Broadway Boulder, CO 80304 1 Boulder

More information

HIPAA, Research, and the IRB. Michelle Brown, BBA Biomedical IRB Manager

HIPAA, Research, and the IRB. Michelle Brown, BBA Biomedical IRB Manager HIPAA, Research, and the IRB Michelle Brown, BBA Biomedical IRB Manager Agenda Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA SELF STUDY TRAINING GUIDE

HIPAA SELF STUDY TRAINING GUIDE HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may

More information

HIPAA Awareness Training

HIPAA Awareness Training New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental

More information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

Clinician s Guide to HIPAA Privacy. I. Introduction What is HIPAA? Health Information Privacy Protected Health Information

Clinician s Guide to HIPAA Privacy. I. Introduction What is HIPAA? Health Information Privacy Protected Health Information Clinician s Guide to HIPAA Privacy I. Introduction What is HIPAA? Health Information Privacy Protected Health Information II. HIPAA s Impact On Clinical Practice, Treatment, Referrals And Payment How is

More information

HIPAA And Public Health. March 2006 Delaware s Division of Public Health 1

HIPAA And Public Health. March 2006 Delaware s Division of Public Health 1 HIPAA And Public Health March 2006 Delaware s Division of Public Health 1 HIPAA The purpose for HIPAA (Health Insurance Portability & Accountability Act) is to protect the confidentiality, integrity, and

More information

Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living. Notice of Privacy Practices

Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living. Notice of Privacy Practices Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Floyd Healthcare Management, Inc. Notice of Privacy Practices

Floyd Healthcare Management, Inc. Notice of Privacy Practices Floyd Healthcare Management, Inc. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

Catholic Health HIPAA/ HITECH

Catholic Health HIPAA/ HITECH Catholic Health HIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT and HITECH Health Information Technology for Economic and Clinical Health Act 1 Objectives of HIPAA & HITECH Training Understand

More information

CROSSROADS HOSPICE HIPAA PRIVACY NOTICE

CROSSROADS HOSPICE HIPAA PRIVACY NOTICE CROSSROADS HOSPICE HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY 1.

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices Pueblo Radiology Medical Group, Inc. Pueblo Radiology Associates, Inc. Central Coast Radiology Associates, Inc. Santa Barbara Women s Imaging Center Effective Date: September

More information

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER: NOTICE OF PRIVACY PRACTICES COMPLETE EYE CARE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

HIPAA Notice of Privacy Practices Effective Date: 09/23/13

HIPAA Notice of Privacy Practices Effective Date: 09/23/13 HIPAA Notice of Privacy Practices Effective Date: 09/23/13 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices HIPAA Notice of Privacy Practices Date of Last Revision: 09/20/2013 Effective Date: Immediately THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

HIPAA Employee Training Guide. Revision Date: April 11, 2015

HIPAA Employee Training Guide. Revision Date: April 11, 2015 HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address

More information

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,

More information

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and Provided by Benefits By Choice HIPAA Rules: Privacy, Security and Electronic Data Interchange The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad federal law regarding health

More information

Health Insurance Portability and Accountability Act HIPAA Privacy Standards

Health Insurance Portability and Accountability Act HIPAA Privacy Standards Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate

More information