The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

Size: px
Start display at page:

Download "The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq."

Transcription

1 The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq.

2 Introduction and Overview On February 17, 2009, President Obama signed P.L , the American Recovery and Reinvestment Act (ARRP) Title XIII of Division A of ARRP comprise the provisions known as HITECH the Health Information Technology for Economic and Clinical Health Act

3 Summary of Presentation Outline of HITECH Act Provisions Office of the National Coordinator for Health Information Technology (ONC) Expansion of security and privacy provisions and penalties to HIPAA business associates Breach notification requirements Compliance with HITECH

4 The Office of the National Coordinator for Health Information Technology (ONC) Established by Executive Order in 2004 HITECH appropriates $2 billion to ONC Codifies duties of ONC Goal: the utilization of an electronic health record for each person in the U.S. by 2014

5 ONC (cont d) ONC strategic plan: The development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information that ensures that patients health information is secure and protected

6 ONC (cont'd) ONC responsibilities under HITECH Establishing national standards for the exchange of health information Coordinating HIT policy and programs, and updating and implementing the Federal Health IT Strategic Plan through collaboration with public and private entities Ensuring that privacy and security protections are incorporated in the electronic exchange of health information Work with state and regional efforts regarding privacy, security and data stewardship Implementing strategies to enhance the use of HIT and integration of information among healthcare providers, health plans and government

7 ONC (cont d) ONC responsibilities under HITECH (cont'd) Assessing the impact of HIT in communities with health disparities Evaluating the benefits and costs of the exchange of health information Appointing a Chief Privacy Officer of ONC within 12 months Establishing an HIT Policy Committee, responsible for making policy recommendations to the ONC on the implementation of a nationwide HIT infrastructure

8 ONC (cont d) ONC responsibilities under HITECH (cont'd) Establishing an HIT Standards Committee, responsible for making recommendations to the ONC regarding standards, implementation specifications and certification criteria for HIT Coordinate with National Institute of Standards and Technology Initial set of standards to be adopted by HHS by December 31, 2009 after formal rulemaking ONC may adopt CCHIT or HITSP Standards, but not mandated

9 Incentive Payments for Adoption of EHR HITECH will provide an estimated $17 billion in incentives for adoption of certified EHRs by meaningful users To be eligible for Medicare incentive payments, physicians must demonstrate: Using certified EHR technology in a meaningful way A qualified EHR meeting standards adopted by HHS with recommendation of HIT Standards Committee EHRs must improve quality of health care, and be connected and integrated with other providers or an HIE Clinical quality reports required Must have erx capabilities

10 Incentive Payments for Adoption of EHR (cont d) HITECH expands financial opportunities for state government States or a state designated entity may apply for planning and implementation grants and funding to implement HIT at state level State designated entity means a not-for-profit entity with broad stakeholder representation that follows non-discrimination and conflict of interest policies Requires consultation with a broad spectrum of stakeholders Annual evaluation by Secretary of HHS and State must match funding on a sliding scale

11 Other Available Funding for HIT Through Department of Commerce Funding for standards-related research to support security and interoperability of EHR Medical Health Informatics Education Programs Assistance to higher education institutions for medical health informatics education programs Graduate programs in behavioral or mental health, health professions, nursing schools and PA programs Must be used for 2 or more programs

12 Other Available Funding for HIT (cont d) Through Department of Commerce Medical Health Informatics Education Programs (cont d) Goal to integrate certified EHRs into community based education programs Funds to be used for educational services, not hardware or software R&D for universities, non-profit consortia, federal labs or multidisciplinary centers for Health Care Information Enterprise Integration

13 Other Available Funding for HIT (cont'd) HIT Professionals in Healthcare (undergraduate or masters degree programs) Develop and revise curriculum Recruit and train students

14 Health IT Extension Program HITECH Act requires HHS to provide implementation support though creation of a National Health IT Research Center Provide technical assistance Forum for exchange of knowledge Develop best practices to accelerate HIT adoption Assist RHIOs and local HIEs and HINS

15 Health IT Extension Program (cont'd) Creation of Regional Extension Centers Assistance with implementation, maintenance and upgrading of EHRs Technical assistance and disseminate best practices from National Research Center Funding will focus on public or not-for-profit hospitals, critical access hospitals, FQHC and underserved populations, primary care solos or small group practices Affiliate with not-for-profit organizations Financial assistance of up to 50% of capital and annual operating and maintenance funds 4 year funding cycle

16 Expansion of Security and Privacy Provisions and Penalties to HIPAA Business Associates HITECH applies the administrative, physical and technical safeguards of the HIPAA security regulations directly to business associates HITECH imposes additional obligations upon business associates regarding policies, procedures and documentation

17 Impact Expansion of Security and Privacy Provisions and Penalties (cont'd) All organizations that support the health care industry as business associates Before HITECH, these entities were required by contract to agree to certain safeguards regarding use or disclosure of PHI After HITECH, required by law to develop and implement written privacy and security policies and procedures regarding handling of PHI

18 Expansion of Security and Privacy Provisions and Penalties (cont'd) Impact (cont d) Upgrade technological capabilities and infrastructure HITECH will specify encryption or other standards Revision of HIPAA business associate agreements Differing interpretations - by application of law or amendment required

19 Expansion of Security and Privacy Provisions and Penalties (cont'd) Business associates that become aware of a pattern of activity that constitutes a violation of HIPAA must take steps to cure the violation Terminate agreement Report problem to HHS Civil and criminal penalties that apply to covered entities for violations of security and privacy regulations now will apply directly to business associates

20 Expansion of Security and Privacy Provisions and Penalties (cont'd) Business Associates will need to: Engage in HIPAA security compliance process Develop and implement appropriate policies and procedures Revise business associate agreements Develop and implement breach notification process and request for amendment process

21 Security Breach Notification Requirements HITECH requires covered entities, business associates, vendors of Personal Health Records (PHR) and other third-party service providers to notify individuals or entities when unsecured PHI or unsecured PHR that is identifiable is breached Breach defined to include the unauthorized acquisition, access, use or disclosure of PHI that compromises its security, privacy or integrity

22 Security Breach Notification Requirements (cont'd) Breach does not include an inadvertent disclosure if the information is not further accessed, used or disclosed HHS must issue guidance specifying the technologies and methodologies that render PHI unusable (i.e. encryption)

23 Security Breach Notification Requirements (cont'd) Required notice Covered entities must notify each individual whose unsecured PHI has been or is reasonably believed to have been accessed, acquired or disclosed Business associates must notify covered entities of a security breach and provide identification of affected individuals Vendors of PHRs, entities that offer products or services through websites of PHRs must notify individuals and the FTC following discovery of breach of security of unsecured PHR and FTC will notify HHS temporary requirements until Congress enacts new legislation establishing notification requirements for non-covered entities

24 Required Notice (cont'd) Third party service providers must notify vendor or entity of security breach, including identity of the individual affected Notification must be within 60 days of discovery Notification may be delayed if requested by law enforcement In writing or electronic Posting on website Broadcast media

25 Required Notice (cont'd) If more than 500 people affected, notice must be provided to prominent media outlet Notice must be made to HHS HHS will post on its website a list of covered entities involved in a breach affecting over 500 individuals If less than 500 individuals, covered entity must provide a log to HHS HHS reports results of logs annually to Congress

26 Required Notice (cont'd) Notices must include Description of what happened Description of the type of unsecured protected health information that was involved in the breach Steps to be taken to protect themselves from harm Description of what the covered entity is doing to investigate the breach, mitigate losses and protection against further breaches Contact information for individuals to ask questions

27 State Breach Notification Laws Over 40 states have enacted Most require reasonable belief that information will be used for identity theft (no such requirement in HITECH) No specific preemption language in HITECH, although it supersedes any inconsistent standards governing privacy and security of individually identifiable information HIPAA does not supersede state law if state law is more stringent Need to comply with both state and HITECH if there is a breach

28 Other HITECH Requirements Covered entities must honor a patient s request to withhold PHI from a health plan if the patient paid for the medical care Covered entities must limit use or disclosure of PHI to a limited data set or, if needed, to the minimum necessary to accomplish an intended purpose Requires a review of the request and a determination of what constitutes minimum necessary for the request HHS Secretary will issue new guidance on what constitutes minimum necessary within 18 months

29 Other HITECH Requirements (cont'd) Covered entities must provide patients with an audit trail of all disclosures of PHI made within the past three years HHS Secretary to promulgate regulations regarding what information should be collected about PHI disclosures by 6/10 Covered entities and business associates are prohibited from receiving remuneration in exchange for any PHI of an individual without authorization

30 Other HITECH Requirements (cont'd) Restrictions on marketing communications No communication that encourages the recipient to purchase or use a product or service that is not considered a health care operation unless: It describes a product or service that is provided in a plan of benefits including: Participation in a health care provider network or health plan network Replacement of, or enhancements to, a health plan Health related products or services available only to a health plan enrollee that add value, to, but are not part of, a plan of benefits For treatment of the individual For case management or care coordination for the individual

31 Other HITECH Requirements (cont'd) Fundraising communication must provide in a clear and conspicuous manner An opportunity for the recipient to opt out of receiving any further communications If individual opts out, the election is to be treated as a revocation of authorization Restrictions apply to written communications after 2/17/10

32 Penalties for Violation Penalties are tiered, depending on conduct Unknown $100 per violation up to $25,000 for all identical violations in a calendar year, with a cap of $1.5 million Corrective action without CMPs authorized

33 Penalties for Violation (cont'd) Reasonable cause that is not willful neglect $1,000 for each violation up to $100,000 for all identical violations in a calendar year, with a cap of $1.5 million for all violations of this type in a calendar year

34 Penalties for Violation (cont'd) Willful neglect If violation corrected within 30 days of knowledge: $10,000 for each identical violation, up to $250,000 for all identical violations in a calendar year, with a cap of $1.5 million for all violations of this type in a calendar year If violation not corrected: $50,000 for each violation, up to $1.5 million for all identical or non-identical violations in a calendar year

35 Penalties for Violation (cont'd) Collections will got to OCR for enforcement of HIPAA privacy and security rules Similar to whistleblower statutes, a portion may be paid to harmed individuals Regulations to be promulgated no later than 2/17/12

36 Enforcement by State Attorneys General State AGs may commence civil actions in federal district court for violations of HIPAA Damages: $100 per violation with a cap of $25,000 Costs and attorneys fees may be awarded to State

37 Audits Secretary of HHS required under HITECH to conduct periodic audits of covered entities and business associates for compliance and enforcement purposes Secretary of HHS is required to report the number of audits and a summary of audit findings to Congress starting in 2010 Reports will be made available on HHS website Increased enforcement activities

38 Timeline 2/17/09 Tiered civil monetary penalties Enforcement of violation of privacy and security regulations by State Attorneys General 4/3/09 HHS Secretary may appoint HIT Policy Committee members not yet appointed 4/18/09 HHS Secretary to provide guidance on technical safeguards for unsecured PHI

39 5/18/09 Timeline (cont'd) HHS Secretary to publish a draft description of program for regional extension centers HIT Standards Committee to develop schedule to act on recommendations from HIT Policy Committee 8/16/09 HHS Secretary to publish interim final rules on breach notification that will apply to breaches of security FTC rules on PHR breach notification 12/31/09 HHS shall adopt initial set of standards and implementation specifications on HIE, EHR certification, privacy and HIT considered by HIT Policy Committee

40 2/16/10 Timeline (cont'd) HHS Secretary appoints Chief Privacy Officer for ONC Secretary submits reports to Congress Efforts to demonstrate integration of HIT into clinical education Guidance on effective security measures Nature and number of reported security breaches and remedial steps taken Privacy and security violation complaint allegations Effective date of all security and privacy provisions HHS publish rules on communications for marketing and funding

41 Compliance with HITECH and other Privacy and Security Laws Develop and implement a Red Flag Rules Compliance Program Develop and implement a Breach Notification Compliance Program Review and amend existing business associate agreements and determine if new BAAs are needed Strategize and position yourself to obtain loan and grant funding

42 Questions??? If you have any questions concerning HITECH or this webinar, please contact Whitney Cook at Thank you for participating!

43

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT

Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center My Definition of Meaningful Use Processes and

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

New HIPAA Rules and EHRs: ARRA & Breach Notification

New HIPAA Rules and EHRs: ARRA & Breach Notification New HIPAA Rules and EHRs: ARRA & Breach Notification Jim Sheldon-Dean Director of Compliance Services Lewis Creek Systems, LLC www.lewiscreeksystems.com and Raj Goel Chief Technology Officer Brainlink

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

IMPORTANT HIPAA CHANGES SUSAN J. FREED. THE DAVIS BROWN TOWER th STREET, SUITE 1300 DES MOINES, IA

IMPORTANT HIPAA CHANGES SUSAN J. FREED. THE DAVIS BROWN TOWER th STREET, SUITE 1300 DES MOINES, IA IMPORTANT HIPAA CHANGES SUSAN J. FREED THE DAVIS BROWN TOWER 215 10 th STREET, SUITE 1300 DES MOINES, IA 50309 515-288-2500 WWW.DAVISBROWNLAW.COM DAVIS BROWN KOEHN SHORS & ROBERTS P.C. #1651683 IMPORTANT

More information

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C. HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results

More information

New Privacy Laws Impacting the Health Care Work Place

New Privacy Laws Impacting the Health Care Work Place New Privacy Laws Impacting the Health Care Work Place Presented by Thomas E. Jeffry, Jr., Esq. Arent Fox LLP Washington, DC New York, NY Los Angeles, CA November 12 & 19, 2009 Overview 1. Overview of California

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

The American Recovery and Reinvestment Act of 2009 Summary of Key Health Information Technology Provisions July 1, 2009

The American Recovery and Reinvestment Act of 2009 Summary of Key Health Information Technology Provisions July 1, 2009 The American Recovery and Reinvestment Act of 2009 Summary of Key Health Information Technology Provisions July 1, 2009 This document is a summary of the ARRA and offered for information only. As the term

More information

What's in the stimulus bill and what does it mean for your hospital

What's in the stimulus bill and what does it mean for your hospital What's in the stimulus bill and what does it mean for your hospital Premier Advocacy February 25, 2009 What's in the stimulus bill and what does it mean for your hospital American Recovery and Reinvestment

More information

HIPAA Breach Notification Interim Final Rule

HIPAA Breach Notification Interim Final Rule HIPAA Breach Notification Interim Final Rule The American Recovery and Reinvestment Act of 2009 ( the Act ) made several changes to the HIPAA privacy rules including adding a requirement for notice to

More information

H. R. 1 144. Subtitle D Privacy

H. R. 1 144. Subtitle D Privacy H. R. 1 144 (1) an analysis of the effectiveness of the activities for which the entity receives such assistance, as compared to the goals for such activities; and (2) an analysis of the impact of the

More information

Will the Feds Really Buy Me an EHR?

Will the Feds Really Buy Me an EHR? Steven Waldren, MD, David C. Kibbe, MD, MBA, and Jason Mitchell, MD Will the Feds Really Buy Me an EHR? and Other Commonly Asked Questions About the HITECH Act The economic stimulus package offers $19

More information

STANDARD ADMINISTRATIVE PROCEDURE

STANDARD ADMINISTRATIVE PROCEDURE STANDARD ADMINISTRATIVE PROCEDURE 16.99.99.M0.26 Investigation and Response to Breach of Unsecured Protected Health Information (HITECH) Approved October 27, 2014 Next scheduled review: October 27, 2019

More information

Business Associates: HITECH Changes You Need to Know

Business Associates: HITECH Changes You Need to Know Business Associates: HITECH Changes You Need to Know Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 Who Is a Business Associate? A

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Model Business Associate Agreement

Model Business Associate Agreement Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA Fundraising Fundamentals for Foundations WHA s 2013 Prescription for Success: A Workshop for Hospital Foundations August 13, 2013

HIPAA Fundraising Fundamentals for Foundations WHA s 2013 Prescription for Success: A Workshop for Hospital Foundations August 13, 2013 HIPAA Fundraising Fundamentals for Foundations WHA s 2013 Prescription for Success: A Workshop for Hospital Foundations August 13, 2013 Presented by: Monica C. Hocum, Esq. and Leia C. Olsen, Esq. Agenda

More information

TTUHSC HIPAA Privacy Changes HITECH Act August 28, 2009

TTUHSC HIPAA Privacy Changes HITECH Act August 28, 2009 New "Defined" Terms Breach; Electronic health record (different from electronic PHI); Personal Health Record (different from PHI); Vendor of Personal Health Records; Unsecured PHI Electronic Health Record

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

What You Need to Know About the New HIPAA Breach Notification Rule 1

What You Need to Know About the New HIPAA Breach Notification Rule 1 What You Need to Know About the New HIPAA Breach Notification Rule 1 New regulations effective September 23, 2009 require all physicians who are covered by HIPAA to notify patients if there are breaches

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 Orchard Creek Health Care is required by law to maintain the privacy of protected health information (PHI) of our residents. If you feel

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

This is a "preview " of the BAA agreement. You'll be able to sign the BAA electronically after you upgrade to the Powerhouse Player plan.

This is a preview  of the BAA agreement. You'll be able to sign the BAA electronically after you upgrade to the Powerhouse Player plan. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into as of (the Effective Date ), by and between ("Covered Entity") and Acuity Scheduling, Inc. ("Business Associate").

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

NACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA. March 2010

NACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA. March 2010 NACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA March 2010 Prepared By: Marisa Guevara and Marcie H. Zakheim Feldesman Tucker Leifer Fidell, LLP 2001

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016 Page 1 of 9 CITY OF CHESAPEAKE, VIRGINIA NUMBER: 2.62 ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016 SUPERCEDES: N/A SUBJECT: HUMAN RESOURCES DEPARTMENT CITY OF CHESAPEAKE EMPLOYEE/RETIREE GROUP HEALTH

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. The terms and conditions of this document entitled Business Associate Agreement ( Business Associate Agreement ), shall be attached to and incorporated by reference in the

More information

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health

More information

The ReHabilitation Center. 1439 Buffalo Street. Olean. NY. 14760

The ReHabilitation Center. 1439 Buffalo Street. Olean. NY. 14760 Procedure Name: HITECH Breach Notification The ReHabilitation Center 1439 Buffalo Street. Olean. NY. 14760 Purpose To amend The ReHabilitation Center s HIPAA Policy and Procedure to include mandatory breach

More information

POLICY NAME: NOTICE OF PRIVACY BREACHES

POLICY NAME: NOTICE OF PRIVACY BREACHES NOTE: This sample policy is drafted to comply with the HIPAA breach notification rules as amended January 2013. The user should review applicable laws and regulations and modify this sample policy as appropriate

More information

Business Associates and HIPAA

Business Associates and HIPAA Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business

More information

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq. HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September

More information

HIPAA Privacy Breach Notification Regulations

HIPAA Privacy Breach Notification Regulations Technical Bulletin Issue 8 2009 HIPAA Privacy Breach Notification Regulations On August 24, 2009 Health and Human Services (HHS) issued interim final regulations implementing the HIPAA Privacy Breach Notification

More information

Issue House Bill (H.R.1) Senate Amendments to H.R.1 American Recovery and Reinvestment Act of 2009

Issue House Bill (H.R.1) Senate Amendments to H.R.1 American Recovery and Reinvestment Act of 2009 An Overview of Major Health Information Technology, Public Health, Medicaid, and COBRA Provisions of the American Recovery and Reinvestment Act of Health Information Technology, Health Care Quality, and

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap

More information

Guidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES

Guidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR PARTS 160 and 164 Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

NEWS ALERT WINSTEAD POTENTIAL OPPORTUNITIES FOR HEALTHCARE INDUSTRY UNDER THE AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009. May 2009 Winstead PC

NEWS ALERT WINSTEAD POTENTIAL OPPORTUNITIES FOR HEALTHCARE INDUSTRY UNDER THE AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009. May 2009 Winstead PC May 2009 Winstead PC POTENTIAL OPPORTUNITIES FOR HEALTHCARE INDUSTRY UNDER THE AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 Contact: The American Recovery and Reinvestment Act of 2009 (the "Act") was

More information

Section 2: HIPAA and the HITECH Act

Section 2: HIPAA and the HITECH Act Section 2: HIPAA and the HITECH Act 1 Introduction to HIPAA and the HITECH Act The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed on February 17, 2009 as part of

More information

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and

More information

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE THIS AGREEMENT, effective, 2011, is between ( Provider Organization ), on behalf of itself and its participating providers ( Providers

More information

BREACH NOTIFICATION POLICY

BREACH NOTIFICATION POLICY PRIVACY 2.0 BREACH NOTIFICATION POLICY Scope: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities ( Facilities

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

Overview Selected Health IT Provisions in The American Recovery and Reinvestment Act of 2009 (ARRA)

Overview Selected Health IT Provisions in The American Recovery and Reinvestment Act of 2009 (ARRA) Overview Selected Health IT Provisions in The American Recovery and Reinvestment Act of 2009 (ARRA) Susan M. Christensen Senior Public Policy Advisor Washington, DC (c) BAKER DONELSON 2009 1 This overview

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

Adopting Electronic Medical Records: What Do the New Federal Incentives Mean to Your Individual Physician Practice?

Adopting Electronic Medical Records: What Do the New Federal Incentives Mean to Your Individual Physician Practice? Adopting Electronic Medical Records: What Do the New Federal Incentives Mean to Your Individual Physician Practice? U John M. Neclerio, Esq.,* Kathleen Cheney, Esq., C. Mitchell Goldman, Esq., and Lisa

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

HIPAA in an Omnibus World. Presented by

HIPAA in an Omnibus World. Presented by HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is made and entered into as of the day of, 20, by and between Delta Dental of California (the Covered Entity ) and (the Business

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative

More information

FINAL HIPAA HITECH REGULATIONS RELEASED

FINAL HIPAA HITECH REGULATIONS RELEASED FINAL HIPAA HITECH REGULATIONS RELEASED On January 25, 2013, the United States Department of Health and Human Services (HHS) published final regulations implementing changes to the Health Insurance Portability

More information

Business Associate Liability Under HIPAA/HITECH

Business Associate Liability Under HIPAA/HITECH Business Associate Liability Under HIPAA/HITECH Joseph R. McClure, JD, CHP Siemens Healthcare WEDI Security & Privacy SNIP Co-Chair Reece Hirsch, CIPP, Partner Morgan Lewis & Bockius LLP ` Fifth National

More information

CHART YOUR HIPAA COURSE...

CHART YOUR HIPAA COURSE... CHART YOUR HIPAA COURSE... HHS ISSUES SECURITY BREACH NOTIFICATION RULES PUBLISHED IN FEDERAL REGISTER 8/24/09 EFFECTIVE 9/23/09 The Department of Health and Human Services ( HHS ) has issued interim final

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

what your business needs to do about the new HIPAA rules

what your business needs to do about the new HIPAA rules what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or

More information

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule ) HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations

HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations Health Care Litigation Webinar Series March 22, 2012 Spence Pryor Paula Stannard Jason Popp 1 HIPAA/HITECH

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and

More information

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On

More information

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE The Speakers Cinda Velasco Attorney, Manager, Privacy Officer Patient Safety and Risk Management Trish Lugtu Senior Manager MMIC

More information

The Institute of Professional Practice, Inc. Business Associate Agreement

The Institute of Professional Practice, Inc. Business Associate Agreement The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute

More information

HIPAA Update. Bob Radecki W.J. Flynn and Associates, LLC

HIPAA Update. Bob Radecki W.J. Flynn and Associates, LLC HIPAA Update Bob Radecki W.J. Flynn and Associates, LLC Background ARRA American Recovery and Reinvestment Act of 2009 HITECH Health Information Technology for Economic and Clinical Act (Title XII, Part

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information