Training, Resources and Networking for the E-Discovery Community

Transcription

1 ACA Reporting and the HIPAA Omnibus Final Rule: Privacy and Security Requirements Doubly Strengthened New HIPAA Requirements and data reporting rules will affect healthcare providers, plans, many employers and virtually all their counsel Speakers: Ken Rashbaum, Attorney and Principal, Rashbaum Associates, Mary Mack, Enterprise Technology Counsel, ZyLAB, Johannes C. Scholtes, Chairman and Chief Strategy Officer, ZyLAB

2 ACEDS Membership Benefits Training, Resources and Networking for the E-Discovery Community Exclusive News and Analysis Weekly Web Seminars Podcasts On-Demand Training Networking Resources Jobs Board & Career Center bits + bytes Newsletter CEDS Certification And Much More! ACEDS provides an excellent, much needed forum to train, network and stay current on critical information. Kimarie Stratos, General Counsel, Memorial Health Systems, Ft. Lauderdale Join Today! aceds.org/join or Call ACEDS Member Services

3 Attend in person or online via live and archived stream Participating organizations include: Google, Intel, US Court for CAND, Sony Electronics, Mayo Clinic Panel topics include: Controlling cost of big data; judicial roundtable; data security; BYOD Keynote address by US magistrate Judge Paul Grewal CorporateEdiscoverySummit.com 3

4 Today s Speakers Ken Rashbaum Attorney and Principal Rashbaum Associates, LLC Prof. Johannes Scholtes Chief Strategy Officer ZyLAB Moderated by: Mary Mack Enterprise Technology Counsel ZyLAB

5 Today s agenda Who is covered by the Omnibus Rule Enhanced U.S. and state government enforcement in 2013 Preparation to meet the compliance requirements How compliance and the ediscovery readiness can support each other How technology can help to mitigate risks

6 3 Hot Issues in HIPAA Cyber-Security: legal obligations, best practices and how security protocols aid admissibility Privacy and Information Governance: managing and protecting ever-increasing volumes of information Healthcare Quality: riding the information tsunami to safety

7 Cyber-Security Hacking of healthcare businesses AND LAW FIRMS is increasing at an accelerating rate Actors reported to include nations (allegedly China, Russia, Iran and others), politically motivated groups (anonymous), business rivals (cyber-espionage) and individuals Growing Black market in personal data, including healthcare information Yet, many security breaches (particularly in healthcare) are the result of negligence and/or poor security protocols

8 Cyber-Security Unintentional Security Breaches: the bane of healthcare Stolen laptops with unencrypted data Lost USB drives with unencrypted information Use of cloud service providers without adequate safeguards for physician office appointment calendar: unprotected and available to public on the Internet Virus introduced to hospital network through USB drive used at home. Hospital forced to transfer nonemergency patients.

9 Cyber-Security Legal Obligations for Cyber-Security HIPAA and HITECH Act and Meaningful Use Rule State Laws (i.e., MA Standards for the Protection of Personal Information) Legal Benefits: strong security practices can ease admissibility of electronic information Authentication Chain of Custody

10 Healthcare: the information Tsunami Federal initiative: all patient information to be in electronic form by 2015 $27 Billion in HITECH Incentive Payments to assist transition to fully interoperable health record BUT, Medicare and Medicaid reimbursement to be cut if not compliant by 2015 Two-year look-back means covered entities need to comply by end of 2013 ACA Sec. 1104: patient eligibility inquiries and responses to be electronic with perhaps 40 million new insurance subscribers

11 Healthcare HIPAA Omnibus Rule Jan : Incorporates HITECH requirements for security and breach notification, and extends jurisdiction to Business Associates (IT vendors, law firms, etc.) and subcontractors New provisions for written agreements in which Business Associates and subcontractors agree to HIPAA requirements Security: reduced standard for reportable breaches State Attorneys General may pursue HIPAA violations if Dept. of Health and Human Services declines

12 Healthcare Healthcare e-discovery Hot Issues Audit Trails: preserved and readily accessible? Native format production Electronic communications ( s, texts, blogs, social media) Off-the-grid applications (and lack of current data maps) Most hospitals are not e-discovery ready and, as a result, frequently settle cases that should be defended on merits

13 Protected Health Information Covered entity employment considerations Sick time, disability pay, personal and family leave time Benefits for particular conditions (particularly for self insured) Wellness programs Reasonable accommodations

14 How Technology can Help: Structuring the Unstructured

15 Protected Health Information (PHI) Under HIPAA, PHI that is linked based on the following list of 18 identifiers must be treated with special care: 1. Names 2. All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and [t]he initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to Dates (other than year) directly related to an individual 4. Phone numbers 5. Fax numbers 6. addresses 7. Social Security numbers 8. Medical record numbers 9. Health insurance beneficiary numbers 10. Account numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers, including license plate numbers; 13. Device identifiers and serial numbers; 14. Web Uniform Resource Locators (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger, retinal and voice prints 17. Full face photographic images and any comparable images 18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data

16 Identifying Protected Health Information

17 Finding Social Security Numbers

18 Finding images

19 Identifying Protected Health Information

20 Identifying Protected Health Information

21 Protected Information in the ENRON Set

22 Reviewing Protected Health Information

23 Redactions for ediscovery

24 Flexible Redaction: Multiple Directions and Languages

25 Intelligent Redactions and Finding PHI

26 ZyLAB ediscovery Delivery Models ediscovery oncommand Exceptional services and #1 legal review software to instantly launch a matter. ediscovery ondemand Login to a virtual, fully-equipped war room pre-configured with your data. ediscovery onpremise End-to-end ediscovery system integrated with legacy systems. Outsourced Matter Transparency Progress Reports Hosted Review Co-sourced Matters Our Software; Your Data No IT Install Easy Migration In-house System Behind your Firewall Total Integrations Configuration Services 26

27 Complimentary Whitepaper Privacy and Data Protection Locating PII is where it all starts By Johannes Scholtes GET A FREE COPY! Send an to annelore.vanderlint@zylab.com

28 Questions?