Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Size: px
Start display at page:

Download "Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style."

Transcription

1 Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013

2 Introductions Holly Carnell McGuireWoods LLP Nathan Kottkamp McGuireWoods LLP Meggan Bushee McGuireWoods LLP McGuireWoods LLP 2

3 No, it's not a female Hippopotamus, anyone else know? Cartoon by Dave Harbaugh McGuireWoods LLP 3

4 Topics 1. Regulatory Update and Impact of the Omnibus Final Rule 2. HITECH Audit Program and Protocol 3. Unauthorized Uses, Disclosures and Breach 4. Areas of Exposure 5. Key Steps to Achieving HIPAA Compliance McGuireWoods LLP 4

5 1. Regulatory Update on Omnibus Final Rule 1. On January 25, 2013, HHS published the Omnibus Final Rule ( Final Rule ) interpreting and implementing provisions of the HITECH Act. 2. The Final Rule is effective on March 26, Covered entities, business associates and their subcontractors must achieve compliance by September 23, Certain existing business associate agreements do not have to be changed until September 23, McGuireWoods LLP 5

6 Key Changes to HIPAA Under Omnibus Final Rule 1. Breach risk of harm standard replaced with more objective test 2. Definition of business associate expanded to include entities that maintain or store PHI even if they do not view the PHI 3. Expansion of liability of business associates (and subcontractors, as applicable) under the Privacy Rule and the Security Rule 4. Subcontractors of business associates that use or disclose PHI are directly subject to HIPAA (even without execution of a BAA) 5. Individuals have a right to obtain electronic copies of PHI upon request if the PHI is maintained electronically 6. Additional authorization of an individual is required prior to disclosing PHI for remuneration 7. Broader disclosure is permitted with respect to decedents PHI 8. Notices of Privacy Practices must include additional information McGuireWoods LLP 6

7 Next Steps to Ensure Compliance Under Omnibus Final Rule 1. Revise and distribute new Notices of Privacy Practices to patients a) Prohibition of sale of PHI without express written authorization of individual b) Right of individuals to restrict disclosure of PHI to a health plan where individual paid out of pocket, in full c) Duty of covered entity to notify affected individuals of breach of unsecured PHI 2. Revise policies and procedures to ensure compliance with: a) Responding to patient requests for electronic copies of PHI b) Various changes to the limits on uses and disclosures of PHI 3. Update breach definition and breach assessment tools to comport with the new standard 4. Evaluate all business associate relationships: (i) ensure business associate agreements are in place with all business associates as required based on the expanded definition of Business Associate; (ii) revise BAAs by the applicable compliance date. McGuireWoods LLP 7

8 Increased Penalties Under Final Rule $100-$50,000 per violation Civil Penalties Tiered Penalties Based on Culpability Unknowing ($100 per violation/ $25K max) Reasonable Cause ($1K per violation /$100 K max) Willful neglect ($10K per violation/$250k max) Uncorrected willful neglect ($50K per violation/$1.5m max) Criminal Penalties up to $250,000 Imprisonment up to 10 years McGuireWoods LLP 8

9 Enforcement 1. HIPAA enforcement activity is increasing 2. Smaller entities are seeing more investigations and penalties 3. OCR requested $46,717,000 to support its enforcement activities for FY HITECH mandated a HIPAA audit program 5. Voluntary compliance may limit penalties 6. Covered Entities should have a robust HIPAA Compliance Program a) Appropriate policies and procedures b) Trained workforce c) Security Rule compliance d) Mitigation plan upon discovery of a potential HIPAA violation e) Documentation supporting compliance McGuireWoods LLP 9

10 Phoenix Cardiac Surgery, P.C., April 17, Phoenix Cardiac Surgery, P.C., a single specialty physician practice, entered into a settlement agreement and a year long CAP with the government after being investigated for HIPAA violations. 2. Violation: report that the practice was posting clinical and surgical appointments for patients on a publicly accessible Internet-based calendar. 3. The OCR found that the practice failed to: a) adopt privacy and security policies and procedures; b) document training of employees; c) obtain business associate agreements in all cases where required, including with the internet-based calendar services that had access and stored the PHI of the practice; and d) appoint a security official and conduct a risk assessment (i.e., assess the risks to the confidentiality, availability and integrity of ephi). 4. The OCR also found that on a daily basis, employees of the practice were ing PHI to the personal internet-based accounts of workforce members. McGuireWoods LLP 10

11 Phoenix Cardiac Surgery, P.C., April 17, Outcome: The practice was required to pay $100,000 to the OCR. The practice was required to sign a corrective action plan (CAP). 6. Elements of the CAP Develop policies and procedures, submit them to OCR, and implement them fully within 30 days of OCR approval; During the CAP, any violation of the policies, even if it is not a breach of PHI, must be reported to the OCR; Obtain a signed statement from workforce members that they have read and understand the policies; and Train all workforce members who use or disclose PHI within 60 days of OCR s approval of the policies. McGuireWoods LLP 11

12 Massachusetts Eye and Ear Infirmary, September 17, Violation: Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (MEEI) reported the theft of an unencrypted laptop that was taken abroad by an MEEI physician. The laptop contained PHI of 3,500 MEEI patients and research subjects. 2. OCR also concluded that: MEEI failed to demonstrate it had conducted a thorough analysis of the risk to the confidentiality of ephi on an ongoing basis; MEEI failed to require encryption of the laptop or implement an equivalent security measure; and MEEI failed to adequately adopt policies on the removal of portable devices and the use of portable devises to access ephi. 3. Outcome: MEEI agreed to pay $1,500,000 to the federal government and to enter into a corrective action plan to address gaps in its HIPAA compliance program. McGuireWoods LLP 12

13 Hospice, North Idaho, January 2, Violation: HONI reported the theft of an unencrypted laptop computer containing ephi of 441 patients. 2. OCR found that HONI failed to conduct a risk analysis related to safeguarding ephi and had no policies or procedures addressing mobile device security. a) HIPAA Security Rule requires covered entities to have policies on safeguarding ephi on mobile devices. b) The CMP for these violations is $3 million. 3. Outcome: Settlement for $50, This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and be held accountable for safeguarding their patients health information. OCR Director Leon Rodriguez McGuireWoods LLP 13

14 Accretive Health Settlement July 30, Violation: Laptop containing 23,500 patient records from two hospital clients stolen from the back seat of a rental car. 2. Minnesota Attorney General filed suit alleging eight separate violations of HIPAA, including. failure to implement policies to detect and prevent violations; failure to effectively train employees; failure to implement policies regarding the receipt and removal of hardware and portable media containing electronic health information. 3. Outcome: Settlement for $2.5 million (which includes settlement of claims related to questionable debt collection practices) and cessation of operations it the state for a two-year period. 4. The ability of State Attorneys General to enforce business associate liability under the HITECH Act underscores the need for business associate compliance now, and not only after the compliance date of the Omnibus Final Rule. McGuireWoods LLP 14

15 2. HITECH Audit Program and Protocol 1. Section of the HITECH Act requires HHS to perform compliance audits of covered entities and business associates 2. KPMG LLP conducted a pilot program involving audits of 115 entities a) Conducted audits from November 2011-December Audit Protocol a) Compliance with Privacy Rule Notice of privacy practices Rights to request privacy protection for PHI Administrative requirements Uses and disclosures of PHI Access of individuals to PHI Amendment of PHI Accounting of disclosures b) Compliance with Security Rule Administrative, physical and technical safeguards c) Breach Notification Rule McGuireWoods LLP 15

16 HITECH Pilot Audit Program Results 1. Results of pilot program audits: a) Smaller entities had more issues than larger entities b) Security Rule compliance was a greater issue than Privacy Rule compliance c) Security rule issues were often related to IT User activity monitoring Authentication and system integrity User access permissions Media reuse/destruction McGuireWoods LLP 16

17 Preparing for an Audit 1. HHS will conduct more audits of covered entities and business associates in the future 2. A good offense is your best defense a) Conduct self-audits as part of your compliance program b) Annual reviews of and updates to compliance program (especially security policies and procedures) c) Document all audits and reviews d) Management (other than just the Privacy and Security Officer) should be familiar with HIPAA policies and procedures e) Dusty binders of policies and procedures are not enough! 3. Post Omnibus Final Rule: Audit preparation will not change a) Ensure policies and procedures have been updated and implemented McGuireWoods LLP 17

18 3. Unauthorized Uses, Disclosures and Breach McGuireWoods LLP 18

19 Uses and Disclosures of PHI 1. Use Employment, application, utilization, examination or analysis of information within a covered entity that holds the information. 2. Disclosure Release, transfer, provision of access to, or divulging in any other manner of information outside the covered entity holding the information. 3. PHI may not be used or disclosed unless: a) The patient authorizes disclosure; b) It is for treatment, payment or healthcare operations purposes; c) An exception applies under HIPAA; or d) It is a mandatory disclosure (i.e., court ordered, law enforcement agencies, and other disclosures required by law) McGuireWoods LLP 19

20 Breach After the HIPAA Omnibus Final Rule 1. What is a Breach? a) The acquisition, access, use or disclosure of unsecured PHI, that is not permitted under the Privacy Rule and which compromises the security or privacy of the PHI. 2. Before the Final Rule: Subjective Risk of Harm Standard a) The acquisition, access, use or disclosure poses a significant risk of financial, reputational, or other harm to the individual. 3. After the Final Rule: More Objective Risk Assessment a) The impermissible use or disclosure is presumed to be a breach unless the covered entity or business associate demonstrates through a risk assessment that there is a low probability that the PHI has been compromised. b) 4 factor risk assessment McGuireWoods LLP 20

21 Breach After the HIPAA Omnibus Final Rule (cont.) 4. Risk Assessment a) The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification; b) The unauthorized person who used the protected health information or to whom the disclosure was made; c) Whether the protected health information was actually acquired or viewed; and d) The extent to which the risk to the protected health information has been mitigated. McGuireWoods LLP 21

22 Recommended Breach Procedures 1. Employee notifies Privacy Officer of potential breach 2. Privacy Officer investigates potential breach a) Was there an unauthorized acquisition, access, use or disclosure? b) Performance of new objective risk assessment c) If no risk assessment the incident is presumed to be a breach 3. If the Privacy Officer determines a breach is reasonably believed to have occurred: a) Privacy Officer fulfills necessary notification requirements b) Completes necessary and appropriate remedial measures i. Revise policies and procedures ii. Perform training and retraining iii. Sanction workforce members c) Ensures necessary documentation is retained McGuireWoods LLP 22

23 Breach Obligations 1. Notification required without unreasonable delay, but in no case later than 60 days after breach discovery or when the breach should have been known a) Written notice to affected individuals b) If more than 500 individuals affected, notice to HHS 2. If more than 500 individuals affected in one state or jurisdiction, additional notice to the local prominent media outlets 3. Must also report annually to HHS for breaches affecting fewer than 500 individuals (report must be submitted no later than 60 days after the start of the calendar year following the year in which the breach occurred.) 4. A business associate must report the breach to the covered entity without unreasonable delay, and not later than 60 days after discovery, or in accordance with the terms of the business associate agreement if more stringent McGuireWoods LLP 23

24 4. Areas of Exposure McGuireWoods LLP 24

25 Mobile Devices 1. Computers, laptops, tablets and smart phones with PHI a) Use a password or other user authentication b) Install and enable encryption c) When leaving your computer, enable the password protection or shut down the computer d) Use laptop locks if leaving laptops in the office to prevent theft e) Install and activate remote wiping and/or remote disabling f) Do not use file sharing applications g) Install and enable fire walls and security software h) Delete all PHI before discarding or reusing the device 2. Entities have been penalized for a lack of policies and procedures directly addressing the security of mobile devices (including, encryption, authentication, and mobile tech tracking) McGuireWoods LLP 25

26 Communications 1. HIPAA does not prohibit the transmission of PHI to a patient or other healthcare provider via or facsimile so long as reasonable safeguards are applied 2. and facsimile transmission of PHI pose a significant security risk 3. Reasonable safeguards: PHI should be encrypted if it is transmitted via . Double check the address to which the PHI will be sent. An not containing PHI could be sent to the patient asking him or her to confirm the address, prior to sending an with PHI. password protection should be used. 4. Encryption may provide protection under breach safe harbor McGuireWoods LLP 26

27 Handling Patient/Employee Privacy Complaints 1. Patients have the right to file complaints with the provider or health plan or with the U.S. Department of Health and Human Services. 2. Patients or employees wanting to make a privacy complaint should be directed to complete the covered entity s complaint form. 3. All privacy complaints should be immediately submitted to the Privacy Officer who should initiate an investigation of the complaint in accordance with the covered entity s policy. a) Copies of all complaints and related investigations should be retained. 4. If the Privacy Officer determines that a complaint may be valid, the covered entity may consider contacting legal counsel prior to responding to the complaint. 5. If the Privacy Officer determines there is no valid complaint, the covered entity should draft a letter informing the individual that no action will be taken. a) The covered entity should consider asking legal counsel to review any response letter prior to providing it to the patient. 6. The fact that an individual has filed a complaint shall not affect the services provided to such individual. McGuireWoods LLP 27

28 5. Ten Key Steps for Achieving HIPAA Compliance 1. Develop, adopt and implement privacy and security policies and procedures. 2. Appoint a privacy and security officer (same or different individuals). 3. Conduct a risk assessment to identify vulnerabilities to the confidentiality, integrity and accessibility of PHI. a) Remediate any identified risks b) Revise policies and procedures as needed c) Implement a system to monitor risks going forward 4. Adopt policies regarding the use of Adopt strict policies regarding the storage of PHI on portable electronic devices (i.e., require encryption) and strictly regulate the removal of any portable electronic devices containing PHI from the premises. McGuireWoods LLP 28

29 5. Ten Key Steps for Achieving HIPAA Compliance 6. Train all employees who use or disclose PHI and document employee participation in training. Conduct refresher training on an annual basis. 7. Correctly publish and distribute a Notice of Privacy Practices. a) Distribute to all patients b) Obtain acknowledgement of receipt c) Display on company s website d) Update whenever policies are revised (will need to be updated under Omnibus Final Rule) 8. Enter into valid business associate agreements with all business associates and subcontractors (will need to be updated under Omnibus Final Rule) 9. Adopt and implement a protocol for investigating potential breaches of PHI, documenting the results of the investigation and achieving the requisite notifications in the event of a breach. 10. Sanction employees appropriately in the event of a violation and otherwise monitor program implementation. McGuireWoods LLP 29

30 Questions or Comments? McGuireWoods LLP 30

31 For more information, contact: Holly Carnell McGuireWoods LLP Chicago Nathan Kottkamp McGuireWoods LLP Richmond Meggan Bushee McGuireWoods LLP Charlotte McGuireWoods LLP McGuireWoods LLP 31

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014 HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014 Introduction The HIPAA Privacy Rule establishes the conditions under which Covered Entities

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE The Speakers Cinda Velasco Attorney, Manager, Privacy Officer Patient Safety and Risk Management Trish Lugtu Senior Manager MMIC

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C. HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results

More information

You Probably Don t Even Know

You Probably Don t Even Know You Probably Don t Even Know That You Need To Comply With HIPAA In Collaboration With: About ERM About The Speaker Stephen Siegel, Esq., Of Counsel, Broad and Cassel Board Certified Health Law Over 25

More information

HIPAA in an Omnibus World. Presented by

HIPAA in an Omnibus World. Presented by HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

HIPAA WEBINAR HANDOUT

HIPAA WEBINAR HANDOUT HIPAA WEBINAR HANDOUT OCR Enforcement Tools Voluntary corrective action Resolution Agreement and Payment CMPs Referral to DOJ for criminal investigation Resolution Agreements Contract signed by HHS and

More information

Am I a Business Associate?

Am I a Business Associate? Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014 HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative

More information

The ReHabilitation Center. 1439 Buffalo Street. Olean. NY. 14760

The ReHabilitation Center. 1439 Buffalo Street. Olean. NY. 14760 Procedure Name: HITECH Breach Notification The ReHabilitation Center 1439 Buffalo Street. Olean. NY. 14760 Purpose To amend The ReHabilitation Center s HIPAA Policy and Procedure to include mandatory breach

More information

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On

More information

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013 HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq. HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement

OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement Clinton Mikel The Health Law Partners, P.C. Alessandra Swanson U.S. Department of Health and Human Services - Office for Civil Rights Disclosure

More information

Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates

Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates After a very long wait, the Department of Health and Human Services ( HHS ) has issued a final HIPAA/HITECH

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

Covered Entities and Business Associates: An Evolving Relationship

Covered Entities and Business Associates: An Evolving Relationship Covered Entities and Business Associates: An Evolving Relationship Rebecca L. Williams, RN, JD Partner, Chair of HEALTH/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 No health care provider

More information

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters

More information

FINAL HIPAA HITECH REGULATIONS RELEASED

FINAL HIPAA HITECH REGULATIONS RELEASED FINAL HIPAA HITECH REGULATIONS RELEASED On January 25, 2013, the United States Department of Health and Human Services (HHS) published final regulations implementing changes to the Health Insurance Portability

More information

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance. For Calendar Years 2011 and 2012

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance. For Calendar Years 2011 and 2012 Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance For Calendar Years 2011 and 2012 As Required by the Health Information Technology for Economic and Clinical

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists

Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists ONCE MORE UNTO THE BREACH, DEAR FRIENDS, ONCE MORE Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third Avenue, 16th Floor, New York,

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Presented by: Gina L. Campanella, JD, MHA Rules that Control Privacy A collection of laws and regulations including:

More information

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013 Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative

More information

HIPAA Omnibus Final Rule Changes Breach Notification & Enforcement Plus An Audit Update

HIPAA Omnibus Final Rule Changes Breach Notification & Enforcement Plus An Audit Update HIPAA Omnibus Final Rule Changes Breach Notification & Enforcement Plus An Audit Update OCR / WEDI Webinar Series July 17, 2013 Today s Speakers Verne Rinker, JD, MPH Health Information Privacy Specialist

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

HIPAA/HITECH Omnibus Final Rule - January 23, 2013

HIPAA/HITECH Omnibus Final Rule - January 23, 2013 HIPAA Omnibus Rule Please note: these slides are intended to provide an overview of general information, not an exhaustive review. No legal advice is being offered or intended. Do not rely on this information

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA Compliance: Efficient Tools to Follow the Rules

HIPAA Compliance: Efficient Tools to Follow the Rules Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability

More information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule ) HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Lessons Learned from HIPAA Audits

Lessons Learned from HIPAA Audits Lessons Learned from HIPAA Audits October 29, 2012 Tony Brooks, CISA, CRISC Partner - IT Assurance and Risk Services HORNE LLP AGENDA HIPAA/HITECH Regulations Breaches and Fines OCR HIPAA/HITECH Compliance

More information

STANDARD ADMINISTRATIVE PROCEDURE

STANDARD ADMINISTRATIVE PROCEDURE STANDARD ADMINISTRATIVE PROCEDURE 16.99.99.M0.26 Investigation and Response to Breach of Unsecured Protected Health Information (HITECH) Approved October 27, 2014 Next scheduled review: October 27, 2019

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

Raymond: Beyond Basic HIPAA - GSHA Convention 2-28-15 1 HIPAA HIPAA HIPAA. Financial. Carol Ann Raymond, MBA, Ed.S., CCC-SLP

Raymond: Beyond Basic HIPAA - GSHA Convention 2-28-15 1 HIPAA HIPAA HIPAA. Financial. Carol Ann Raymond, MBA, Ed.S., CCC-SLP Carol Ann Raymond, MBA, Ed.S., CCC-SLP Associate Clinical Professor/Clinic Director Department of Communication Sciences and Disorders Financial o Employed by the University of Georgia o Non-Financial

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

HIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer

HIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer HIPAA LIAISON MEETING PRESENTAITON August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer Current State of HIPAA Enforcement Content Contributor Abby Bonjean, Investigator Office for

More information

Breach Notification and Enforcement Update

Breach Notification and Enforcement Update Breach Notification and Enforcement Update Presented to the Seattle Western Pension & Benefits Council June 16, 2015 Sarah Brown Investigator U.S. Department of Health and Human Services Office for Civil

More information

Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300)

Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Ricky Link, Coalfire ISACA North Texas and IIA Fort Worth Chapters The Petroleum Club of Fort Worth March 4, 2014 1 About Coalfire Coalfire

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

Responding to HIPAA Breaches

Responding to HIPAA Breaches Responding to HIPAA Breaches 11/06/2015 by Kim Stanger HIPAA privacy and security breaches can result in fines of $100 to $50,000 to covered entities (including healthcare providers and health plans) and

More information

HIPAA Compliance in 2013:

HIPAA Compliance in 2013: HIPAA Compliance in 2013: National Association for Home Care & Hospice March on Washington March 18, 2013 1 Marcia Augsburger Partner, DLA Piper, LLP (US) Firm HIPAA Officer and HIPAA Working Group Co-Chair

More information

HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations

HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations Health Care Litigation Webinar Series March 22, 2012 Spence Pryor Paula Stannard Jason Popp 1 HIPAA/HITECH

More information

What s New with HIPAA? Policy and Enforcement Update

What s New with HIPAA? Policy and Enforcement Update What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation WHY YOU NEED TO COMPLY. HIPAA UPDATE 2014: WHY AND HOW YOU MUS T C OMPL Y 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its longawaited Omnibus Rule 2 implementing regulations

More information

HIPAA Breach Notification Interim Final Rule

HIPAA Breach Notification Interim Final Rule HIPAA Breach Notification Interim Final Rule The American Recovery and Reinvestment Act of 2009 ( the Act ) made several changes to the HIPAA privacy rules including adding a requirement for notice to

More information

Breaches. Complying with the HIPAA Omnibus Final Rule. Important Definitions. Protected Health Information Includes HIPAA PRIVACY 3/2/2014

Breaches. Complying with the HIPAA Omnibus Final Rule. Important Definitions. Protected Health Information Includes HIPAA PRIVACY 3/2/2014 Breaches Complying with the HIPAA Omnibus Final Rule You Can Be Successful! Advocate Medical Group in Chicago had 4 desktop computers taken in a burglary that contained the personal information of over

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments. Robin B. Campbell Ethan P. Schulman Jennifer S. Romano

The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments. Robin B. Campbell Ethan P. Schulman Jennifer S. Romano The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments Robin B. Campbell Ethan P. Schulman Jennifer S. Romano HIPAAPrivacy and Security Breach Overview of the Laws Developments Incident

More information

HIPAA Final Rule Changes

HIPAA Final Rule Changes HIPAA Final Rule Changes What you need to know and do now Presented by Lucy A. Homans, Ed.D WSPA Director of Professional Affairs Prepared by the APA Practice Organization Introduction January 2013: U.S.

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

Arizona Physicians Group To Pay $100,000 To Settle HIPAA Charges

Arizona Physicians Group To Pay $100,000 To Settle HIPAA Charges Cynthia Marcotte Stamer Board Certified Labor and Employment Law Texas Board of Legal Specialization Primary Telephone: (214) 452-8297 24-Hour Telephone (469) 767.8872 Addison Telephone (972) 588.1860

More information