SUPPORTING YOUR HIPAA COMPLIANCE EFFORTS

Size: px
Start display at page:

Download "SUPPORTING YOUR HIPAA COMPLIANCE EFFORTS"

Transcription

1 WHITE PAPER SUPPORTING YOUR HIPAA COMPLIANCE EFFORTS Quanti Solutions. Advancing HIM through Innovation HEALTHCARE

2 SUPPORTING YOUR HIPAA COMPLIANCE EFFORTS Quanti Solutions. Advancing HIM through Innovation PRODUCT DESCRIPTION The Quanti HIM product suite provides coding and copliance solutions, as well as health inforation anageent odules to support abstracting, chart copletion, chart location, and requests for copies of edical records. EDM, the electronic docuent iaging product, is also built on the Quanti platfor. Since these products contain individually identifiable inforation about patients, healthcare providers ust evaluate their use as part of their HIPAA copliance efforts. Soeties we re asked the question, Are these products HIPAA-copliant? Readers of the security regulations recognize that the regulations are ulti-faceted and coplex, requiring covered entities to assess the risks to their electronic inforation, anage those risks, train their workforces, ipleent physical and technical safeguards, develop and ipleent policies and procedures, and contract with their business associates. All of these activities contribute to the covered entity s copliance with HIPAA. Software applications, like the Quanti HIM suite, should contain appropriate security features to support the covered entity s copliance efforts, but they, in and of theselves, are not HIPAA-copliant. REGULATORY OVERVIEW The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and federal regulations proulgated under the Act outline specific protections for health inforation that identifies individuals. Covered entities, organizations that ust coply with HIPAA, include health plans, healthcare clearinghouses, and healthcare providers who transit certain transactions (such as healthcare clais) electronically. The HIPAA privacy regulations govern how protected health inforation ay be used and disclosed. The HIPAA security regulations outline specific easures that ust be ipleented to protect the security of electronic protected health inforation. To coply with the security regulations, healthcare organizations and other covered entities ust: Ensure the confidentiality, integrity, and availability of all electronic protected health inforation that they create, receive, aintain, or transit; Protect against reasonably anticipated threats to the security or integrity of the inforation; Protect against reasonably anticipated uses or disclosures that are not peritted under the regulations; and Ensure workforce copliance. 2

3 PROTECTED HEALTH INFORMATION HIPAA s protections apply to health inforation that identifies individuals. This inforation, known as protected health inforation, includes any inforation that pertains to an individual s past or current health history, treatent, or payent for healthcare services. Inforation is considered to identify an individual if the inforation contains one or ore of the following data eleents: Nae Street address City, county, or precinct Postal (zip) code (Note: It is acceptable to cobine all zip codes with the sae three initial digits, if that cobined geographic unit contains ore than 20,000 people) Dates, including birth date, adission date, discharge date, and date of death Age (if the individual is 90 years old or older) Telephone nubers Fax nubers Electronic ail addresses Social security nuber Medical record nuber License nubers (such as driver s license) Vehicle identifiers and serial nubers, including license plate nubers; Full face photographic iages Any other unique identifying nuber, characteristic, or code Although not required by the HIPAA security regulations, role-based access represents an industry best practice. It allows users to be assigned specific access privileges on a need to know basis giving users access to the inforation needed to do their jobs. Eleents of PHI contained in specific Quanti products are outlined in Exhibit A. ROLE-BASED ACCESS Although not required by the HIPAA security regulations, role-based access represents an industry best practice. It allows users to be assigned specific access privileges on a need to know basis giving users access to the inforation they need to do their jobs. Quanti Solutions support role-based access by allowing clients to establish their own user groups, defining the specific access privileges each group should have. Depending on the odule, users ay be given such privileges as viewing, editing, adding new data, aking status changes, archiving inforation, and configuring or printing reports. 3

4 MINIMUM NECESSARY When using or disclosing protected health inforation, covered entities ust ake reasonable efforts to liit the inforation to the iniu necessary to accoplish the intended purpose of the use or disclosure. Quanti Solutions support this requireent by allowing syste adinistrators to assign user privileges based on their job requireents. All Quanti Solutions allow confidentiality levels 1-5 to be assigned to further liit user access. All patients are assigned Level 1 (open access) by default, but the syste adinistrator ay define ore restrictive confidentiality levels in 2-5. Mass copying, printing, or downloading of data is restricted. Printing is assigned as a specific perission, and only one record or page ay be printed at a tie. We recognize that security solutions are not one-size-fitsall, so any of these security features are flexible, allowing clients to set the paraeters that best eet the needs of their organizations. In EDM, docuent types are hidden fro view if the user has not been given access privileges for that docuent type. EDM also allows docuents to be assigned a confidential security status. These docuents ay be accessed only by users with confidential access privileges. CONFIDENTIALITY LEVELS To assure confidentiality for high-profile patients or those who have requested restrictions, a confidentiality level of 1-5 ay be assigned to each patient. All patients are assigned Level 1 (open access) by default, but the syste adinistrator ay define ore restrictive confidentiality levels in 2-5. PRODUCT SECURITY FEATURES To support healthcare providers in coplying with the HIPAA security regulations, Quanti Solutions include a nuber of security features. We recognize that security solutions are not one-size-fits-all, so any of these security features are flexible, allowing syste adinistrators to set the paraeters that best eet the needs of their organizations. Product security features are outlined in Exhibit B. 4

5 EXHIBIT A Eleents of Protected Health Inforation (PHI) and Clinical Inforation in Quanti Solutions Data Eleent EDM* Abstracting Chart Copletion Chart Locator Correspondence Facil. Coding IP Copliance OP Copliance Nae Address Telephone nuber Fax nuber Eail address Date of birth Date of adission or encounter Date of discharge Date of death Social security nuber Medical record nuber Health plan beneficiary nuber Account nuber Certificate or license nuber Vehicle identification nuber or license plate nuber Device identifiers and serial nubers Web universal resource locators (URLs) Internet protocol (IP) address nubers Bioetric identifiers Full face photographic iages Other unique identifying nubers, characteristics, or codes Diagnoses Procedures Diagnosis codes Procedure codes Clinical suaries Orders Test results Diagnostic iages Phys. Coding *EDM ay contain any of these eleents if they are part of the scanned record. 5

6 EXHIBIT B Security Features in Quanti Solutions This suary includes the following products: EDM (Electronic Docuent Manageent Version 3.0 or higher) Quanti Abstracting Quanti Chart Copletion Quanti Chart Locator Quanti Correspondence Manageent Quanti Facility Coding Quanti Inpatient Copliance Quanti Outpatient Copliance Quanti Physician Coding Security Feature Unique passwords Coplex passwords Passwords hidden during entry by user Prevention of password re-use Passwords encrypted when stored on the server Passwords encrypted between client and server Required change of passwords Available ACCESS CONTROLS Not Available Notes Passwords ust be at least 6 characters in length, up to a axiu of 64 characters. Passwords ust contain at least one nuber or special character. Passwords are not displayed on the screen when they are entered. Instead, the screen displays ******. Users are required to change their passwords fro those initially assigned. Syste adinistrator defines how often users ust change their passwords, up to a axiu of 9,999 days. User authentication Authentication is perfored at the server. Prevention of concurrent (double) logon of a user User lock-out after failed logon attepts Autoatic logoff after a period of inactivity Users ay be logged on to the application on ore than one coputer at the sae tie. Users are locked out of the application after three consecutive failed logon attepts. Syste adinistrator defines how long users are locked out, up to 120 inutes. Syste adinistrator defines how long the application is inactive before the user is autoatically logged off, fro 1 to 9,999 inutes. Other ethods of user authentication In EDM, bioetric identifiers ay be used. continued 6

7 EXHIBIT B (continued) Security Feature Role-based access User restrictions Audit logs Recording of user logon, logoff, and failed logon attepts Recording of add, delete, or change actions perfored by users Warning banner Restriction of ass copying, printing, or downloading ACCESS CONTROLS (continued) Available Not Available AUDIT CONTROLS MINIMUM NECESSARY Notes Passwords ust be at least 6 characters in length, up to a axiu of 64 characters. Passwords ust contain at least one nuber or special character. Passwords are not displayed on the screen when they are entered. Instead, the screen displays ******. Users are required to change their passwords fro those initially assigned. Syste adinistrator defines how often users ust change their passwords, up to a axiu of 9,999 days. Hidden fields Authentication is perfored at the server. Restricted records Restricted docuents Encryption of data stored on the server DATA ENCRYPTION Users ay be logged on to the application on ore than one coputer at the sae tie. Users are locked out of the application after three consecutive failed logon attepts. Syste adinistrator defines how long users are locked out, up to 120 inutes. Syste adinistrator defines how long the application is inactive before the user is autoatically logged off, fro 1 to 9,999 inutes. Encryption of data during transission In EDM, bioetric identifiers ay be used. Test environent for use in applying patches or perforing upgrades TEST ENVIRONMENT Use of live data is not prohibited in the test environent. Syste adinistrators deterine the type of data used. Direct changes to application QuadraMed ay ake direct changes to the application in the production environent if peritted by the client. 7

8 L /13 DTM SUMMARY Although HIPAA copliance is an organization-wide responsibility for healthcare organizations that are covered entities under the law, Nuance Healthcare, as a provider of healthcare inforation technology, recognizes the critical iportance of HIPAA copliance. Quanti Solutions have any built-in security features designed to eet HIPAA s requireents for protecting the confidentiality, availability, and integrity of electronic protected health inforation. Many of these security features are flexible, allowing syste adinistrators to set the paraeters that best eet the needs of their organizations. Role-based access is easy to assign, with custoized user groups designed to eet the specific needs of your organization. Users ay be given specific access privileges to just the inforation they need to do their jobs. ABOUT NUANCE HEALTHCARE Nuance Healthcare, a division of Nuance Counications, is the arket leader in creating clinical understanding solutions that drive sart, efficient decisions across healthcare. As the largest clinical docuentation provider in the U.S., Nuance provides solutions and services that iprove the entire clinical docuentation process fro capture of the coplete patient record to clinical docuentation iproveent, coding, copliance and appropriate reiburseent. More than 450,000 physicians and 10,000 healthcare facilities worldwide leverage Nuance s award-winning voice-enabled clinical docuentation and analytics solutions to support the physician in any clinical workflow on any device. Copyright 2013 Nuance Counications, Inc. All rights reserved. Nuance, and the Nuance logo are tradearks of Nuance Counications, Inc. are tradearks and/or registered tradearks, of Nuance Counications, Inc. or its affiliates in the United States and/or other countries. All other brand and product naes are tradearks or registered tradearks of their respective copanies. HEALTHCARE

Option B: Credit Card Processing

Option B: Credit Card Processing Attachent B Option B: Credit Card Processing Request for Proposal Nuber 4404 Z1 Bidders are required coplete all fors provided in this attachent if bidding on Option B: Credit Card Processing. Note: If

More information

PHYSICIAN OFFICE IT SECURITY GUIDE

PHYSICIAN OFFICE IT SECURITY GUIDE PHYSICIAN OFFICE IT SECURITY GUIDE 2015 The CMPA supports the advice and recoendations contained in this guide and encourages their consideration by BC s physicians. Disclaier: Best practices for IT security

More information

North Shore LIJ Health System, Inc. Facility Name

North Shore LIJ Health System, Inc. Facility Name North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: The Medical Record POLICY #: 200.10 Approval Date: 2/14/13 Effective Date: Prepared by: Elizabeth Lotito, HIM Project Manager ADMINISTRATIVE

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

HIPAA COMPLIANCE INFORMATION. HIPAA Policy HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas

More information

Support for the HIPAA Security Rule

Support for the HIPAA Security Rule WHITE PAPER Support for the HIPAA Security Rule PowerScribe 360 Reporting v2.0 HEALTHCARE 2 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe

More information

HIPAA PRIVACY RULE & AUTHORIZATION

HIPAA PRIVACY RULE & AUTHORIZATION HIPAA PRIVACY RULE & AUTHORIZATION Definitions Breach. The term breach means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy

More information

Standards and Protocols for the Collection and Dissemination of Graduating Student Initial Career Outcomes Information For Undergraduates

Standards and Protocols for the Collection and Dissemination of Graduating Student Initial Career Outcomes Information For Undergraduates National Association of Colleges and Eployers Standards and Protocols for the Collection and Disseination of Graduating Student Initial Career Outcoes Inforation For Undergraduates Developed by the NACE

More information

HIPAA: The Role of PatientTrak in Supporting Compliance

HIPAA: The Role of PatientTrak in Supporting Compliance HIPAA: The Role of PatientTrak in Supporting Compliance The purpose of this document is to describe the methods by which PatientTrak addresses the requirements of the HIPAA Security Rule, as pertaining

More information

New for 2016! Get Licensed

New for 2016! Get Licensed Financial Manageent 2016 HS There s only one place you need to go for all your professional developent needs. The Power to Know. NEW Experience a different school of learning! New for 2016! Online courses

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

HIPAA Privacy Common Questions: Definitions

HIPAA Privacy Common Questions: Definitions Brought to you by Momentous Insurance Brokerage, Inc. HIPAA Privacy Common Questions: Definitions What is a Covered Entity under the HIPAA Privacy Rules? The following organizations are governed by this

More information

Local Area Network Management

Local Area Network Management Technology Guidelines for School Coputer-based Technologies Local Area Network Manageent Local Area Network Manageent Introduction This docuent discusses the tasks associated with anageent of Local Area

More information

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

PERFORMANCE METRICS FOR THE IT SERVICES PORTFOLIO

PERFORMANCE METRICS FOR THE IT SERVICES PORTFOLIO Bulletin of the Transilvania University of Braşov Series I: Engineering Sciences Vol. 4 (53) No. - 0 PERFORMANCE METRICS FOR THE IT SERVICES PORTFOLIO V. CAZACU I. SZÉKELY F. SANDU 3 T. BĂLAN Abstract:

More information

Research Article Performance Evaluation of Human Resource Outsourcing in Food Processing Enterprises

Research Article Performance Evaluation of Human Resource Outsourcing in Food Processing Enterprises Advance Journal of Food Science and Technology 9(2): 964-969, 205 ISSN: 2042-4868; e-issn: 2042-4876 205 Maxwell Scientific Publication Corp. Subitted: August 0, 205 Accepted: Septeber 3, 205 Published:

More information

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set. IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Limited Data Sets and Data Use Agreements 10200 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel

More information

An Improved Decision-making Model of Human Resource Outsourcing Based on Internet Collaboration

An Improved Decision-making Model of Human Resource Outsourcing Based on Internet Collaboration International Journal of Hybrid Inforation Technology, pp. 339-350 http://dx.doi.org/10.14257/hit.2016.9.4.28 An Iproved Decision-aking Model of Huan Resource Outsourcing Based on Internet Collaboration

More information

What is Covered by HIPAA at VCU?

What is Covered by HIPAA at VCU? What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

White Paper. Support for the HIPAA Security Rule PowerScribe 360

White Paper. Support for the HIPAA Security Rule PowerScribe 360 White Paper Support for the HIPAA Security Rule PowerScribe 360 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of the PowerScribe 360 system as

More information

Software Quality Characteristics Tested For Mobile Application Development

Software Quality Characteristics Tested For Mobile Application Development Thesis no: MGSE-2015-02 Software Quality Characteristics Tested For Mobile Application Developent Literature Review and Epirical Survey WALEED ANWAR Faculty of Coputing Blekinge Institute of Technology

More information

UPMC POLICY AND PROCEDURE MANUAL

UPMC POLICY AND PROCEDURE MANUAL UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and

More information

Generating Certification Authority Authenticated Public Keys in Ad Hoc Networks

Generating Certification Authority Authenticated Public Keys in Ad Hoc Networks SECURITY AND COMMUNICATION NETWORKS Published online in Wiley InterScience (www.interscience.wiley.co). Generating Certification Authority Authenticated Public Keys in Ad Hoc Networks G. Kounga 1, C. J.

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

AutoHelp. An 'Intelligent' Case-Based Help Desk Providing. Web-Based Support for EOSDIS Customers. A Concept and Proof-of-Concept Implementation

AutoHelp. An 'Intelligent' Case-Based Help Desk Providing. Web-Based Support for EOSDIS Customers. A Concept and Proof-of-Concept Implementation //j yd xd/_ ' Year One Report ":,/_i',:?,2... i" _.,.j- _,._".;-/._. ","/ AutoHelp An 'Intelligent' Case-Based Help Desk Providing Web-Based Support for EOSDIS Custoers A Concept and Proof-of-Concept Ipleentation

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

Applying for a passenger service licence

Applying for a passenger service licence Applying for a passenger service licence To operate a goods, passenger, vehicle recovery or rental service the law requires individuals or copanies to hold the appropriate transport service licence. This

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

University of Cincinnati Limited HIPAA Glossary

University of Cincinnati Limited HIPAA Glossary University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations

More information

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0 WHITE PAPER Support for the HIPAA Security Rule RadWhere 3.0 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of the RadWhere 3.0 system as part of

More information

An Application Research on the Workflow-based Large-scale Hospital Information System Integration

An Application Research on the Workflow-based Large-scale Hospital Information System Integration 106 JOURNAL OF COMPUTERS, VOL. 6, NO. 1, JANUARY 2011 An Application Research on the Workflow-based Large-scale Hospital Inforation Syste Integration Yang Guojun School of Coputer, Neijiang Noral University,

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy

More information

Are you managing your Service Portfolio?

Are you managing your Service Portfolio? White Paper Are you anaging your Service Portfolio? About this White Paper The CIO is expected to be the prestidigitator 1, anaging priorities like a juggler attepting the next world record. But just how

More information

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption

More information

Dual Enrollment Application for Admission For High School Juniors and Seniors

Dual Enrollment Application for Admission For High School Juniors and Seniors Application for Adission www.colubiastate.edu Office of Adissions 1665 Hapshire Pike Colubia, TN 38401 Dual Enrollent Application for Adission For High School Juniors and Seniors How do I apply? Step 1

More information

Fuzzy Sets in HR Management

Fuzzy Sets in HR Management Acta Polytechnica Hungarica Vol. 8, No. 3, 2011 Fuzzy Sets in HR Manageent Blanka Zeková AXIOM SW, s.r.o., 760 01 Zlín, Czech Republic blanka.zekova@sezna.cz Jana Talašová Faculty of Science, Palacký Univerzity,

More information

HIPAA-Compliant Research Access to PHI

HIPAA-Compliant Research Access to PHI HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for

More information

An online sulfur monitoring system can improve process balance sheets

An online sulfur monitoring system can improve process balance sheets Originally appeared in: February 2007, pgs 109-116. Used with perission. An online sulfur onitoring syste can iprove process balance sheets A Canadian gas processor used this technology to eet environental

More information

Customer Name: Telepak Networks, Inc. Attachment 2 - PreOrdering, Ordering and Maintenance and Repair

Customer Name: Telepak Networks, Inc. Attachment 2 - PreOrdering, Ordering and Maintenance and Repair BELLSOUTH Telepak Networks, Inc.-MBR 3Q06 General Ters and Conditions Table of Contents Signature Page Attachent 1 - Services Attachent1-ExhibitA / CLEC Agreeent Attachent 2 - PreOrdering, Ordering and

More information

HIPAA ephi Security Guidance for Researchers

HIPAA ephi Security Guidance for Researchers What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

Administrative Services

Administrative Services Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the

More information

University of Wisconsin-Madison Policy and Procedure

University of Wisconsin-Madison Policy and Procedure Page 1 of 6 I. Policy A limited data set is protected health information that excludes direct identifiers. The UW HCC units may use or disclose a limited data set only for the purposes of public health

More information

Important Compliance Information. How to obtain and use the new documents (if fillable PDF s are mentioned above)

Important Compliance Information. How to obtain and use the new documents (if fillable PDF s are mentioned above) Copliance This Copliance is being sent to infor you that one or ore of the docuents currently contained in your Wolters Kluwer Financial Services Bankers Systes software syste or electronic docuents odule

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

HIPAA Privacy & Security Health Insurance Portability and Accountability Act HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would

More information

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3 INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.

More information

A framework for performance monitoring, load balancing, adaptive timeouts and quality of service in digital libraries

A framework for performance monitoring, load balancing, adaptive timeouts and quality of service in digital libraries Int J Digit Libr (2000) 3: 9 35 INTERNATIONAL JOURNAL ON Digital Libraries Springer-Verlag 2000 A fraework for perforance onitoring, load balancing, adaptive tieouts and quality of service in digital libraries

More information

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance  De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies

More information

HIPAA and You The Basics

HIPAA and You The Basics HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information

More information

Investing in corporate bonds?

Investing in corporate bonds? Investing in corporate bonds? This independent guide fro the Australian Securities and Investents Coission (ASIC) can help you look past the return and assess the risks of corporate bonds. If you re thinking

More information

HIPAA, Research, and the IRB. Michelle Brown, BBA Biomedical IRB Manager

HIPAA, Research, and the IRB. Michelle Brown, BBA Biomedical IRB Manager HIPAA, Research, and the IRB Michelle Brown, BBA Biomedical IRB Manager Agenda Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under

More information

A SPOUSE'S RIGHT TO HEALTH INSURANCE AFTER DIVORCE: A REVIEW*

A SPOUSE'S RIGHT TO HEALTH INSURANCE AFTER DIVORCE: A REVIEW* A SPOUSE'S RIGHT TO HEALTH INSURANCE AFTER DIVORCE: A REVIEW* Without proper planning and advice, losing health insurance is a real risk for a divorcing spouse who relies on the other spouse for coverage.

More information

Winthrop-University Hospital

Winthrop-University Hospital Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance

More information

Small Business ebook. 5 Steps to a killer social media strategy

Small Business ebook. 5 Steps to a killer social media strategy Sall Business ebook 5 Steps to a killer social edia strategy About the authors John Keepax and Frank Irias offer ore than 32 years of cobined experience in the areas of John Keepax Creative Director /

More information

IRB Guidelines 1.3 HIPAA Research Implications Version 1.1: Created 4/20/2016

IRB Guidelines 1.3 HIPAA Research Implications Version 1.1: Created 4/20/2016 Institutional Review Board (IRB) IRB Guidelines 1.3 HIPAA Research Implications Version 1.1: Created 4/20/2016 Overview The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its regulations,

More information

Investing in corporate bonds?

Investing in corporate bonds? Investing in corporate bonds? This independent guide fro the Australian Securities and Investents Coission (ASIC) can help you look past the return and assess the risks of corporate bonds. If you re thinking

More information

Introduction to the Microsoft Sync Framework. Michael Clark Development Manager Microsoft

Introduction to the Microsoft Sync Framework. Michael Clark Development Manager Microsoft Introduction to the Michael Clark Developent Manager Microsoft Agenda Why Is Sync both Interesting and Hard Sync Fraework Overview Using the Sync Fraework Future Directions Suary Why Is Sync Iportant Coputing

More information

LA BioMed Secure Email

LA BioMed Secure Email INFORMATION SYSTEMS LA BioMed Secure Email Los Angeles Biomedical Research Institute at Harbor-UCLA 1124 W Carson St Bldg E2.5 Phone 310.222.1212 Table of Contents Intended Audience... 1 Purpose... 1 When

More information

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Memorandum. Factual Background

Memorandum. Factual Background Memorandum TO: FROM: SUBJECT: Chris Ianelli and Jill Mullan, ispecimen, Inc. Kristen Rosati and Ana Christian, Polsinelli, PC ispecimen Regulatory Compliance DATE: January 26, 2014 You have asked us to

More information

Presentation Safety Legislation and Standards

Presentation Safety Legislation and Standards levels in different discrete levels corresponding for each one to a probability of dangerous failure per hour: > > The table below gives the relationship between the perforance level (PL) and the Safety

More information

HUMAN SUBJECTS AND HIPAA

HUMAN SUBJECTS AND HIPAA Research Compliance Tipsheet HIPAA Basics Last Revised: September 11, 2009 When we work with Protected Health Information (PHI) covered under the Health Insurance Portability and Accountability Act (HIPAA),

More information

Red Hat Enterprise Linux: Creating a Scalable Open Source Storage Infrastructure

Red Hat Enterprise Linux: Creating a Scalable Open Source Storage Infrastructure Red Hat Enterprise Linux: Creating a Scalable Open Source Storage Infrastructure By Alan Radding and Nick Carr Abstract This paper discusses the issues related to storage design and anageent when an IT

More information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy

More information

Financial Aid Workshop Promotional Kit

Financial Aid Workshop Promotional Kit Financial Aid Workshop Prootional Kit CFWV.COM West Virginia s Free College-Planning Resource The College Foundation of West Virginia, online at www.cfwv.co, provides FREE resources to help students and

More information

Protecting Consumers from Card and other types of Fraud. What the consumer needs to know. How can we combat the rise in fraud

Protecting Consumers from Card and other types of Fraud. What the consumer needs to know. How can we combat the rise in fraud Protecting Consuers fro Card and other types of Fraud What are the trends What the consuer needs to know How can we cobat the rise in fraud What are the future threats Card Fraud What is Card Fraud: Card

More information

ASIC Design Project Management Supported by Multi Agent Simulation

ASIC Design Project Management Supported by Multi Agent Simulation ASIC Design Project Manageent Supported by Multi Agent Siulation Jana Blaschke, Christian Sebeke, Wolfgang Rosenstiel Abstract The coplexity of Application Specific Integrated Circuits (ASICs) is continuously

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

De-Identification of Clinical Data

De-Identification of Clinical Data De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background

More information

IRB Application for Medical Records Review Request

IRB Application for Medical Records Review Request Office of Regulatory Research Compliance Institutional Review Board FORM B1 : Medial Records Review Application FORM B1 IRB Application for Medical Records Review Request Principal Investigator: Email:

More information

The AGA Evaluating Model of Customer Loyalty Based on E-commerce Environment

The AGA Evaluating Model of Customer Loyalty Based on E-commerce Environment 6 JOURNAL OF SOFTWARE, VOL. 4, NO. 3, MAY 009 The AGA Evaluating Model of Custoer Loyalty Based on E-coerce Environent Shaoei Yang Econoics and Manageent Departent, North China Electric Power University,

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors TITLE: Access Management Policy #: Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors Purpose The purpose of this policy is to describe

More information

LEAN FOR FRONTLINE MANAGERS IN HEALTHCARE An action learning programme for frontline healthcare managers

LEAN FOR FRONTLINE MANAGERS IN HEALTHCARE An action learning programme for frontline healthcare managers Course Code: L024 LEAN FOR FRONTLINE MANAGERS IN HEALTHCARE An action learning prograe for frontline healthcare anagers 6 days Green Belt equivalent Are you ready to challenge the status quo and transfor

More information

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability

More information

HIPAA Education Level One For Volunteers & Observers

HIPAA Education Level One For Volunteers & Observers UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015 Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...

More information

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10 HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH

More information

IRB Policy for Security and Integrity of Human Research Data

IRB Policy for Security and Integrity of Human Research Data IRB Policy for Security and Integrity of Human Research Data Kathleen Hay Human Subjects Protection Office Terri Shkuda Research Informatics & Computing, Information Technology Overview of Presentation

More information

CONTINUATION OPTION FORM EXECUTIVE INCOME PROTECTION & LIFE COVER FOR EXISTING FRIENDS FIRST POLICYHOLDERS

CONTINUATION OPTION FORM EXECUTIVE INCOME PROTECTION & LIFE COVER FOR EXISTING FRIENDS FIRST POLICYHOLDERS CONTINUATION OPTION FORM EXECUTIVE INCOME PROTECTION & LIFE COVER FOR EXISTING FRIENDS FIRST POLICYHOLDERS Agency Nuber: Agency Nae: OFFICE USE: Contract Type: Policy/Contract No.: Client No. (Eployer):

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related

More information

An Innovate Dynamic Load Balancing Algorithm Based on Task

An Innovate Dynamic Load Balancing Algorithm Based on Task An Innovate Dynaic Load Balancing Algorith Based on Task Classification Hong-bin Wang,,a, Zhi-yi Fang, b, Guan-nan Qu,*,c, Xiao-dan Ren,d College of Coputer Science and Technology, Jilin University, Changchun

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4

HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4 HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS HIPAA Privacy Policy pages 2 to 12 Exhibit A HIPAA Privacy Regulations pages A-1 to A-89 Exhibit B Notice of Privacy Practices pages B-1 to B-4 Exhibit

More information

3706JK K925 11/16/2015 12:59:31 PM V 11-6.5 71302 PAGE 4

3706JK K925 11/16/2015 12:59:31 PM V 11-6.5 71302 PAGE 4 For 99 (211) Page 2 Part III Stateent of Progra Service Accoplishents Check if Schedule O contains a response to any question in this Part III 1 Briefly describe the organization's ission: ATTACHMENT 1

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

Load balancing over redundant wireless sensor networks based on diffluent

Load balancing over redundant wireless sensor networks based on diffluent Load balancing over redundant wireless sensor networks based on diffluent Abstract Xikui Gao Yan ai Yun Ju School of Control and Coputer Engineering North China Electric ower University 02206 China Received

More information