HIPAA & HITECH Privacy and Security Concerns : Are You Covered?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HIPAA & HITECH Privacy and Security Concerns : Are You Covered?"

Transcription

1 HIPAA & HITECH Privacy and Security Concerns : Are You Covered? Insurance Accounting and Systems Association Chicagoland Chapter Conference April 17, 2014 Colin Gainer & Tim Lessman SmithAmundsen, LLC

2 HIPAA Privacy and Security Health Insurance Portability and Accountability Act of 1996 HIPAA created and implemented standards for the use and dissemination of health care information. The Privacy Rule and Security Rule are sets of regulations for administrative simplification which were promulgated in order to carry out the requirements set forth by HIPAA.

3 Privacy Rule The Privacy Rule regulates the use and disclosure of individuals health information, called protected health information ( PHI )

4 Security Rule The Security Rule sets standards for ensuring that only individuals with clearance to work with electronic protected health information ( e-phi ) have access to such information.

5 Privacy Rule applies to all forms of patients protected health information Security Rule covers protected health information in electronic form Both rules stress the need to maintain administrative, physical, and technical safeguards when working with any form of protected health information.

6 Under HIPAA and HITECH Covered Entity (CE): Health plan Healthcare Clearinghouse Healthcare Provider

7 What is a Covered Entity A Health Care Provider A Health Plan A Health Care Clearinghouse This includes providers such as: Hospitals Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies This includes: Health insurance companies HMOs Company health plans Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

8 Who is a Business Associate of a Covered Entity Under HIPAA Business Associate (BA) is a person/entity who: Performs or assists with a function or activity involving individually Identifiable information

9 Business Associate Examples Law firms Accountants Information technology companies Billing services Health insurance brokers

10 HITECH

11 What is HITECH? The American Recovery and Reinvestment Act of 2009 ( ARRA ) included legislation, commonly referred to as Health Information Technology for Economic and Clinical Health Act ( HITECH ).

12 Final Rule On January 17, 2013, the Department of Health and Human Services issued long-awaited final regulations implementing the privacy, security, and breachnotification provisions of the HITECH Effective September 23, 2013 The regulations amend the HIPAA Privacy, Security, and Enforcement Rules and finalize a modified HIPAA Breach Notification Rule, which has been in effect on an interim basis since 2009.

13 HITECH on HIPAA Creates new privacy and security requirements for HIPAA covered entities & their business associates New accounting, disclosure, and breach requirements New restrictions on marketing & fundraising Increased Penalties Rise of the HIPAA Audit

14 Expansion of Business Associate Business Associate defined to include: Patient Safety Organizations Health Information Organizations, E- prescribing gateways Subcontractors

15 Subcontractors Downstream entities that work at the direction of or on behalf of a BA Does not require CE to have a contract with the subcontractor (BA does)

16 Subcontractors BA required to obtain written satisfactory assurances from its immediate subcontractor (Sub BAA). Responsible for compliance with the business associate requirements under the Security and Privacy Rules, even if the parties failed to enter into a written business associate agreement.

17 Expansion of Business Associate Entities that maintain PHI Document destruction ephi vendors Storage vendors Cloud storage Test is persistence of custody, not the degree of access

18 The Big Change for Business Associates

19 The Business Associate before HITECH Originally, the provisions of HIPAA only applied to a business associate through a contractually created relationship with a covered entity. Before HITECH the only remedy available to a covered entity for a business associate s violation of HIPAA was one of general contract law.

20 The Business Associate after HITECH HITECH creates a direct legal obligation on a business associate in both the application of the HIPAA requirements and the penalties associated with a violation. BA may be liable not only to the CE in the case of breach of security or privacy, but to the patient as well through HIPAA. BA subject to Civil and Criminal penalties under HIPAA Potentially subject to mandatory compliance audits by Secretary of HHS

21 BA Obligations Limit uses and disclosures to what is permitted under the Privacy Rule This specifically includes compliance with the minimum necessary standards; Provide breach notification to the covered entity; Provide a copy of electronic PHI to either the covered entity or individual Disclose PHI to the Secretary in an investigation Provide an accounting of disclosures* Comply with the security rule safeguards and BAA requirements

22 HIPAA s and HITECH s Impact on Identifiable Health Information

23 PHI and E-PHI Content Individually identifiable health information contains demographic information collected from an individual. Is created or received by a CE Relates to past, present, or future health condition of the individual; the provision of health care to the individual; or past, present, or future payment for the provision of health care to the individual

24 Elements of PHI Names Geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code Elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death Telephone and Fax numbers address Social security numbers Medical record numbers Account numbers Certificate/license numbers Vehicle identifiers and serial numbers, including license plate numbers Web Universal Resource Locators (URLs) Internet Protocol (IP) address numbers Biometric identifiers, including finger and voice prints Full face photographic images and any comparable images 45 CFR

25 Secured Information Unsecured protected health information is protected health information that is not secured through a technology or methodology specified in guidance by HHS C.F.R Electronic protected health information may be secured by encryption or workstation security for example. Paper protected health information can be secured by destruction or proper storage for example.

26 Securing PHI and E-PHI Automatic log out Password protected log on Procedures in place for guarding against viruses, Trojan horses, worms, etc. Limit access to E-PHI internally Verify terminated employees/agents no longer have electronic access Increase use of shredders (bins) on daily basis and at time of purging closed files Monitor or control areas where PHI is used Immediately account for and report lost: Iphone, laptop, disks, files, etc. Encryption

27 Breaches

28 Breach Reporting HITECH requires every covered entity to notify a person when there has been a breach of that person s PHI and to notify HHS Under HITECH, a business associate is required to notify the covered entity of any breach of confidentiality of PHI acquired from the covered entity

29 Old Breach Definition Breach meant the acquisition, access, use, or disclosure of [PHI] in a manner not authorized under [HIPAA] which compromises the security or privacy of such information 45 C.F.R

30 Old Definition compromises the security or privacy meant a result of: significant risk of financial, reputational, or other harm to the individual. 45 C.F.R

31 Final Rule Change Replaces the breach notification rule s harm threshold with a more objective standard. Breach is any breach UNLESS you can demonstrate that there is a LOW PROBABILITY that the PHI has been compromised. Presumption standard

32 Reporting Within 60 days of the discovery of a breach, a covered entity must provide notice via first class mail to the affected person s last known address. 45 C.F.R (b).

33 In any case in which more than 500 persons are affected by a breach, the covered entity must provide notice to major local media outlets

34 What must the notice include? A description of what happened Date Types of information involved Steps the person should take to protect Description of covered entity's investigation & mitigation efforts Contact information *Toll free number for web/print/broadcast notice

35 Business Associate Breach Notification Rule Business associate must notify the covered entity A business associate must provide notice to the covered entity within 60 days (check BAA). Provide CE with: the identification of each individual any information required to be provided by the CE in its notification to affected individuals.

36 Additional BA Requirements Must report to CE if BA knows of a pattern of activity or practice by CE that constitutes a material breach of BAA BA must take steps to cure the breach OR: Terminate arrangement Report to HHS

37 HIPAA/HITECH Enforcement

38 Breaches Every breach carries with it the potential for OCR enforcement and civil penalties, regardless of the size, circumstances, or response of the responsible entity

39 Penalties Prior to HITECH No more than $100 for each and up to $25,000 Also allowed for ignorance of the law defense

40 HITECH: Tiered approach Penalties Unaware even through due diligence: $100-$50,000per occurrence/ $1.5mil aggregate Caused but not from willful neglect: $1,000-$50,000per occurrence/ $1.5mil aggregate Willful neglect, corrected in 30 days: $10,000-$50,000per occurrence/ $1.5mil aggregate Willful neglect, not corrected: $50,000 minimum per occurrence/ $1.5mil aggregate

41 OCR Penalties Alaska Medicaid Agency $1.7 million over PHI of 501 individuals BCBS of Tennessee $1.5 million over PHI of 1,023,209 individuals

42 Other Violation Examples OCR imposed $4.3 million penalty on Cignet Health of Prince George s County, MD $1.3 million was imposed on the basis that Cignet had denied 41 patients access to their medical records. An additional $3.0 million was imposed because Cignet failed to cooperate with OCR s investigations on a continuing basis from March 17, 2009 to April 7, Massachusetts General Physicians Organization Inc. (Mass General) agreed to pay $1,000,000 Incident involved the loss PHI of 192 patients of Mass General s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS. University of California at Los Angeles Health System agreed to settle for $865,500 Investigation stemmed from complaint of employees viewing records of two separate celebrity patients

43 OCR and HHS Findings, Developments, and Trends

44 Breaches involving 500 or more individuals made up less than one percent of reports, BUT accounted for more than 99 percent of the more than 7.5 million individuals who were affected by a breach of their protected health information The largest breaches occurred as a result of theft Greatest number of reported incidents: Small breaches involving human or technological error Most commonly involved the protected health information of just one or two individuals

45 Trends Investigated most Impermissible use and disclosure of PHI Lack of safeguards on PHI Lack of patient access Violating minimum necessary rule Lack of admin safeguards on E-PHI

46 Who is Being Affected Top 5: Private Practices General Hospitals Outpatient Facilities Health Plans Pharmacies

47 Audits

48 HIPAA Audits under HITECH Section of the of the HITECH Act requires Dept. of Health and Human Services (HHS) to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards.

49 HIPAA Audits under HITECH HHS was left with the task of developing and implementing an audit program that carries out the mandate under HITECH Office of Civil Rights (OCR), through HHS, is overseeing the audit process

50 Audit Protocol Currently 169 activities OCR considers part of the Audit Program 78 activities for HIPAA Security 81 activities for HIPAA Privacy 10 activities for Breach Notification and Reporting

51 Security Rule Protocols The protocol covers Security Rule requirements for administrative, physical, and technical safeguards Examples: Risk assessment policy Workforce clearance to PHI access

52 Privacy Rule Protocols Covers areas of the Privacy rule concerning: 1) notice of privacy practices for PHI; 2) Rights to request privacy protection for PHI; 3) Administrative requirements; 4) Uses and disclosures of PHI; 5) Access of individuals to PHI; 6) Amendment of PHI; 7) Accounting of disclosures Examples: Business Associate Agreement Policy Consistent Use and Disclosure Policies and Notice of Disclosure Policies

53 Breach Protocols The protocol covers requirements for the Breach Notification Rule Examples: Alerting an individual of a breach involving his/her PHI Ensuring breach notification elements are contained in Business Associate Agreement

54 What OCR Discovered Most of the evaluated entities did not conform to HIPAA standards for security, privacy, and breach notification the three-audit areas 2/3 failed to perform a sufficient security risk assessment Most common response to non-compliance finding was that the entity was unaware of the requirement

55 What OCR Discovered Privacy requirements entities were most unaware of: notice of privacy practices access of individuals minimum necessary authorizations Security requirements entities were most unaware of risk analysis media movement and disposal audit controls and monitoring

56 Future of the HIPAA Audit As suspected Round II February 2014 HHS OCR announced plan to survey 1200 organizations 800 covered entities and 400 business associates will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit. Will collect recent data about the number of patient visits or insured lives, use of electronic information, revenue and business locations

57 Who Can Be Audited? Every covered entity and business associate is eligible for an audit Initial rounds were designed to provide a broad assessment of the health care industry OCR has promised to audit: as wide a range of types and sizes of covered entities as possible; covered individual and organizational providers of health services, health plans of all sizes and functions, and health care clearinghouses..."

58 HHS OCR Perspective Views the audits as a way to improve knowledge, compliance, and encourage best practices "Audits present a new opportunity to examine mechanisms for compliance, identify best practices and discover risks and vulnerabilities that may not have come to light through OCR's ongoing complaint investigations and compliance reviews

59 Best Practices Self-audits The audit process is public information No secret formula on how OCR will grade your compliance Annually review your program Do not rely on out-of-date policies and procedures as evidence of compliance OCR has been clear that you are out of compliance with the regulation if you are not reviewing and updating your program on an annual basis The areas covered by HIPAA Security Rule are especially sensitive to changes in technology

60 Best Practices Do your policies extend beyond the desktop PC at work? Recent OCR enforcement trends have focused heavily on internet and mobile technology e.g. cloud and social networking Entities need policies and procedures addressing tracking, authentication, and security of PHI accessible outside of the physical work area e.g. remote access via smartphones and tablets

61 Worst Practices Hoping you do not get selected (fingers crossed approach) Thinking you are too small to be noticed by OCR Waiting until you receive an Audit letter to begin developing HIPAA/HITECH compliant policies

62 What the future will bring More audits! Evidence Audits will not go away: HHS mandated under HITECH to periodically audit Audits perform two-fold function of enforcing HIPAA and generating (potentially) revenue in the form of penalties stemming from HIPAA violations Money has been appropriated for the audit program OCR Director Leon Rodriguez: We did our audit pilot this year and the idea after that is to have a permanent program, part of which will need to be funded by the proceeds of enforcement. I saw these articles out there that said More audits are coming and Are you ready for audits? and that s a smart question because that is really what s ahead for us.

63 The Cyber Threat Data Breach Examples: Hacking Theft of storage devices Viruses Catastrophic weather events State-sponsored hacking

64 The Implications: Exposure of Personally Identifiable Information Business interruption Litigation Regulatory Implications Government Investigations Reputational Damages

65 Will Insurance Help? Some decisions have found coverage under traditional policies Going forward, however, traditional forms of insurance may not offer sufficient protection. or

66 Property Insurance Ward General Ins. Serv., Inc. v. Employers Fire Ins. Co., 114 Cal.App. 4 th 548 (Cal. App. 2003) Lost data does not constitute tangible property, thus there was no physical loss as was required by the policy. See also: America Online, Inc. v. St. Paul Mercury Ins. Co., 207 F.Supp.2d 459 (E.D. Va. 2002); Southeast Mental Health Center, Inc. v. Pacific Ins. Co., Ltd., 439 F.Supp.2d 831 (W.D. Tenn. 2006) But. Landmark American Ins. Co. v. Gulf Coast Analytical Laboratories, 2012 WL (M.D. La., Mar. 30, 2012) Tangibility was not a defining quality of physicality; electronic data deemed to be physical.

67 Crime Insurance Retail Ventures, Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., 691 F.3d 821 (6 th Cir. 2012) Insured prevailed on appeal in its coverage claim seeking $6.8 million in data breach losses under a computer fraud rider to a commercial crime policy. Loss resulted directly from theft of insured property by computer fraud.

68 Errors & Omissions Insurance Eyeblaster, Inc. v. Federal Ins. Co., 613 F.3d 797 (8 th Cir. 2010) Online marketing firm was provided coverage under its E&O policy because the insured s acts were not intentionally wrongful, thus fell within coverage grant. Also found coverage under CGL due to allegations of loss of use of plaintiff s computer. Was not excluded under the impaired property exclusion because no evidence was presented that the situation could be remedied by the removal of Eyeblaster s spyware.

69 CGL Insurance Loss of Electronic Data not Tangible Property Recall Total Information Management v. Federal Ins. Co., 2012 WL (Conn.Super. Jan. 17, 2012); Union Pump Co. v. Centrifugal Technologies, Inc. But. remember Eyeblaster Also, Netscape Communications Corp. v. Federal Ins. Co., 343 Fed.Appx 271 (9 th Cir. 2009) found that an insured was covered under the Personal & Advertising Injury Encore Receivable Management, Inc. v. ACE Property & Cas. Ins. Co., 2013 WL (S.D. Ohio, July 3, 2013) found that publication occurs the moment a customer s conversation is recorded. Could serve to limit the publication requirement. Hartford Cas. Ins. Co. v. Corcino & Assoc. et al. C.D. California case finding publication of confidential medical information triggered a duty to defend. Zurich American Ins. Co. v. Sony Corp. of America: PlayStation Data Breach. Recent pro-insurer ruling publication that occurred was not by policyholder, but by third-party hackers. No duty to defend found.

70 Limitations of Existing Forms of Coverage Exclusions being added to these types of policies to prevent coverage extensions The War Exclusion and Terrorism Exclusions Insurers willing to litigate issues

71 Best Practices: Cyber Coverage Types of coverage offered widely varies, but consultation with professionals regarding needs can ascertain the appropriate type of coverage.

72 Q & A

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

OCR/HHS HIPAA/HITECH Audit Preparation

OCR/HHS HIPAA/HITECH Audit Preparation OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done? Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C. HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why

More information

Joe Dylewski President, ATMP Solutions

Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare

More information

Business Associate Management Methodology

Business Associate Management Methodology Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates

More information

HIPAA WEBINAR HANDOUT

HIPAA WEBINAR HANDOUT HIPAA WEBINAR HANDOUT OCR Enforcement Tools Voluntary corrective action Resolution Agreement and Payment CMPs Referral to DOJ for criminal investigation Resolution Agreements Contract signed by HHS and

More information

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties

More information

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability

More information

HIPAA in an Omnibus World. Presented by

HIPAA in an Omnibus World. Presented by HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013 HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

Am I a Business Associate?

Am I a Business Associate? Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

HIPAA FOR LAWYERS AND LAW FIRMS What you need to know to prevent your law firm from paying MILLION$

HIPAA FOR LAWYERS AND LAW FIRMS What you need to know to prevent your law firm from paying MILLION$ HIPAA FOR LAWYERS AND LAW FIRMS What you need to know to prevent your law firm from paying MILLION$ FDCC Annual Meeting The Greenbrier Resort White Sulphur Springs, West Virginia July 27 August 2, 2014

More information

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters

More information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule ) HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

HIPAA Privacy Keys to Success Updated January 2010

HIPAA Privacy Keys to Success Updated January 2010 HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

Understanding HIPAA Regulations and How They Impact Your Organization!

Understanding HIPAA Regulations and How They Impact Your Organization! Understanding HIPAA Regulations and How They Impact Your Organization! Presented by: HealthInfoNet & Systems Engineering! April 25 th 2013! Introductions! Todd Rogow Director of IT HealthInfoNet Adam Victor

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

Proofpoint HIPAA Breach Report:

Proofpoint HIPAA Breach Report: Proofpoint HIPAA Breach Report: An Analysis of HITECH Breach Notifications and Settlements, Q1 2013 Healthcare Industry Update threat protection compliance archiving & governance secure communication Contents

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

HIPAA COMPLIANCE PLAN FOR 2013

HIPAA COMPLIANCE PLAN FOR 2013 HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt

More information

The HIPAA Audit Program

The HIPAA Audit Program The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

HIPAA & HITECH AND THE DISCOVERY PROCESS

HIPAA & HITECH AND THE DISCOVERY PROCESS HIPAA & HITECH AND THE DISCOVERY PROCESS HEATHER L. HUGHES, J.D. U.S. Legal Support, Inc. 363 North Sam Houston Parkway East, Suite 900 Houston, Texas 77060 (713) 653-7100 State Bar of Texas 8 th ANNUAL

More information

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by

More information

District of Columbia Health Information Exchange Policy and Procedure Manual

District of Columbia Health Information Exchange Policy and Procedure Manual District of Columbia Health Information Exchange Policy and Procedure Manual HIPAA Privacy & Direct Privacy Policies (Version 1 November 27, 2012) Table of Contents Policy # Policy/Procedure Description

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA Compliance Issues and Mobile App Design

HIPAA Compliance Issues and Mobile App Design HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies

More information

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information

More information

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner

More information

Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance. For Calendar Years 2009 and 2010

Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance. For Calendar Years 2009 and 2010 Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance For Calendar Years 2009 and 2010 As Required by the Health Information Technology for Economic and Clinical Health (HITECH)

More information

MCCP Online Orientation

MCCP Online Orientation Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information