Compliance. TODAY September Fighting fraud, waste, and abuse. Ted Doolittle. See page 16. How to avoid the CIA: The high price of non-compliance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Compliance. TODAY September 2013. Fighting fraud, waste, and abuse. Ted Doolittle. See page 16. How to avoid the CIA: The high price of non-compliance"

Transcription

1 Compliance TODAY September 2013 a publication of the health care compliance association Fighting fraud, waste, and abuse Ted Doolittle Deputy Director of the Center for Program Integrity, Centers for Medicare and Medicaid Services See page How to avoid the CIA: The high price of non-compliance Gerry Goodman 26 The not-so-usual suspects: Four laws that may impact your compliance focus Lisa J. Acevedo and Brett B. Heger 31 After the investigation: What do you do when you are done? Meric Craig Bloch 35 Government targets healthcare for disability violations Karen R. Glickstein This article, published in Compliance Today, appears here with permission from the Health Care Compliance Association. Call HCCA at with reprint requests.

2 by Lisa J. Acevedo and Brett B. Heger The not-so-usual suspects: Four laws that may impact your compliance focus Many electronic and wire communications are subject to access by law enforcement under the Electronic Communications Privacy Act. Pending legislation under the proposed Cyber Intelligence Sharing Protection Act could permit companies to more easily share information with the government. The unauthorized access to computerized medical records could be punishable under the Computer Fraud and Abuse Act, including imprisonment, fines, or both. The Trans-Pacific Partnership Agreement may impact the intellectual property rights of, and trade-related requirements that impact, healthcare organizations. Compliance professionals should remain aware of current and proposed non-traditional healthcare laws, regulations, and government actions and their possible impact. Lisa J. Acevedo is a Shareholder in the Chicago office of Polsinelli PC. Brett B. Heger is an Associate in the Phoenix office of Polsinelli PC. As healthcare compliance professionals who regularly negotiate the everincreasing web of federal and state statutes and regulations, we are all familiar with the usual suspects: the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and its recently issued final implementing regulations, and of course, the Patient Protection and Affordable Care Act (PPACA). However, looming out there in this tangled web are laws, as well as proposed laws and trade agreements, that may also impact healthcare-related compliance issues, but which rarely get the same attention as HIPAA, HITECH and PPACA. Following is a summary of the Electronic Communications Privacy Act (ECPA), the proposed Cyber Intelligence Sharing Protection Act (CISPA), the Computer Fraud and Abuse Act (CFAA), and the proposed Trans-Pacific Partnership Agreement (TPP) and how they can impact the healthcare industry. Electronic Communications Acevedo Privacy Act ECPA regulates the privacy of electronic communications. 1 Among other things, EPCA addresses government access to stored wire and electronic communications. Under EPCA, providers of electronic communications services (e.g., service providers) and remote computing services Heger providers, (e.g., providers to the public of computer storage or processing systems) must disclose the contents of electronic communications that they store under certain circumstances. In the past, EPCA was not the

3 focus of healthcare compliance efforts because organizations typically stored their electronic documents, including s, on their own network servers. However, with the advent of Storage of electronic communications in the cloud means that the stored data may be subject to government access the cloud, organizations are increasingly contracting with cloud providers to store data in the cloud providers network servers. Storage of electronic communications in the cloud, or otherwise with electronic communication providers or remote computing service providers, means that the stored data may be subject to government access, even without a warrant under certain circumstances. Under ECPA, law enforcement may require electronic communication or remote computing service providers to disclose the contents of an electronic communication that is: (1) in remote storage; or (2) stored by an electronic communication provider for more than 180 days. However, law enforcement officials will need a warrant to access any electronic communication that is: (1) in transit, (2) in storage on a personal computer, or (3) stored by an electronic communication provider for 180 days or less. Although there have been recent attempts to update the ECPA, particularly given the changes in technology since 1986, such attempts have not been successful. In 2013, the Senate Judiciary Committee passed an ECPA amendment that would eliminate the 180 day rule and would require law enforcement to obtain a warrant based on probable cause in order to obtain any stored information. However, that amendment failed to pass in the Senate. In May 2013, two similar bills were introduced in the House of Representatives. House subcommittees were debating and deliberating such bills at the time this article went to press. ECPA could potentially impact privacy protections for medical documents, protected health information (PHI), and other sensitive or confidential information contained in electronic communications that are stored with cloud or other providers covered under EPCA. Healthcare organizations should review their electronic communication document storage practices and their document retention/destruction policies to determine the impact of ECPA on their practices and policies. Cyber Intelligence Sharing Protection Act The Cyber Intelligence Sharing and Protection Act (CISPA) 2 was introduced in the House of Representatives in November 2011 and approved in April After failing to pass in the Senate during the same session, the bill was reintroduced 3 in the House on February 12, 2013 and passed on April 18, The Senate has refused to vote on the bill as passed by the House. CISPA, as proposed, provides for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cyber security entities, and for other purposes. 4 If signed into law, CISPA will amend the National Security Act of 1947 with an additional section on cyber intelligence threats and will encourage information sharing between private sector entities and the government as is consistent with the protection of the national security of the United States. CISPA will provide for protection of personal documents including medical records

4 However, the bill raises privacy concerns due to its broad language permitting companies to share information with the government for cyber security purposes. Additionally, CISPA states that private companies may share information with the government notwithstanding any other provisions of law. Opponents of CISPA argue that CISPA s drafters intended to make it trump all existing federal and state laws, including laws dealing with medical privacy. Compliance professionals should monitor the progress of CISPA. Computer Fraud and Abuse Act The Computer Fraud and Abuse Act (CFAA) 5 is a criminal statute which prohibits anyone from accessing a computer without authorization, or from exceeding the scope of authorized access in order to: obtain protected information held by the US government; obtain financial records of financial institutions, information from any department or agency of the United States, or information from any protected computer; access or affect the use of a non-public computer used by or for the US government; knowingly and with intent to defraud, access a protected computer in an effort to further the intended fraud; knowingly transmit information that causes damage or loss to a protected computer; knowingly and with intent to defraud, traffic computer passwords or similar information, if such trafficking affects interstate or foreign commerce or a government computer 6 ; and intentionally participate in computer extortion. A protected computer is a computer that is (1) exclusively used by or for a financial institution or the United States government, (2) used by or for a financial institution or the United States government and affecting that entity, or (3) used in or affecting interstate or foreign commerce or communication. Courts have interpreted this to mean any computer connected to the Internet. Traffic means: (1) transfer, (2) otherwise dispose, or (3) obtain control of data with intent to transfer or dispose of that data. Violations of the CFAA could result in a fine, imprisonment, or both. With respect to the healthcare industry, CFAA specifically states that if a person modifies or potentially modifies a medical examination, diagnosis, treatment, or care of one or more individuals, this can result in a fine and imprisonment for five years. Healthcare organizations should consider including the CFAA in their employee training programs and should evaluate the impact of the CFAA if there is a breach involving their computers. Trans-Pacific Partnership Agreement The TPP is a proposed free-trade deal currently being negotiated between Australia, Brunei Darussalam, Canada, Chile, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam, and the United States. 7 It is aimed at fostering a closer relationship between these countries regarding economic policies and regulatory issues. The seventeenth round of negotiations of the TPP took place in Lima, Peru, May 15 17, Although the Office of the United States Trade Representative has and continues to solicit input from various stakeholders, the countries negotiating the TPP have entered into a confidentiality agreement regarding the TPP negotiations. The confidentiality of the TPP negotiations has caused criticism over the lack of transparency and accountability regarding such negotiations

5 Other countries involved in TPP negotiations have different levels of intellectual property protections, and in the course of negotiations between the United States and these countries, the United States intellectual property protections could be subject to change. Healthcare organizations routinely deal with intellectual property on their websites, webinars, and licensing agreements, as well as using intellectual property to protect their medical products, and thus, should be aware of these concerns and any changes in intellectual property protections that may arise from the TPP. Further, the eighth round of TPP negotiations that concluded in September 2011 produced a white paper outlining the Trade Enhancing Access to Medicines (TEAM) initiative. 8 The TPP TEAM initiative aims to achieve the following goals: Expedite access to innovative and generic medicines through a TPP access window Enhance legal certainty for manufacturers of generic medicines Eliminate tariffs on medicines Reduce customs obstacles to medicines Curb trade in counterfeit medicines Reduce internal barriers to distribution of medicines Promote transparency and procedural fairness Minimize unnecessary regulatory barriers Reaffirm TPP parties commitment to the Doha Declaration on Trade-Related Aspects of Intellectual Property Rights (TRIPS) and Public Health 9 Although many of these goals may be welcomed within the US healthcare industry, some fear that such protections will result in longer patent terms, data exclusivity, and increased prices. Compliance professionals who focus on intellectual property and traderelated issues should monitor the progress of the TPP. In short, the laws and the proposed statutes and trade agreement described above should be on every compliance officer s radar. While it s easy to get bogged down with HIPAA, HITECH and PPACA, time should be devoted to exploring whether your organization could be impacted by the ECPA, CISPA, CFAA, and the TPP. 1. Public Law No , 100 Stat (1986) (codified as amended at 18 U.S.C , , 3117, ). Available at 2. Cyber Intelligence Sharing and Protection Act, H.R. 3523, 112 th Cong. (2011). 3. Cyber Intelligence Sharing and Protection Act, H.R. 624, 113 th Cong. (2013). 4. H.R. 624, 113 th Cong. (2013) U.S.C U.S.C. 1029(e)(5). 7. Office of the United States Trade Representative: The United States in the Trans-Pacific Partnership. Nov Available at 8. Office of the United States Trade Representative: Trade Enhancing Access to Medicine Available at 9. World Health Organization: The Doha Declaration on the TRIPS Agreement and Public Health Available at Upcoming HCCA Web Conferences 9/19 9/25 9/26 Behavioral Health Documentation & Billing: Compliance Pitfalls, Challenges, and Solutions Vonda K. Moon and Georgia D. Rackley to Motivate the Physician: Why, Who, How, and When James S. Dunnick Understanding the Attorney Client Privilege and its Role in Compliance Amy Fehn learn more and register at

COMPUTER FRAUD AND ABUSE ACT. US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers

COMPUTER FRAUD AND ABUSE ACT. US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers COMPUTER FRAUD AND ABUSE ACT US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers (a) Whoever - (1) having knowingly accessed a computer without authorization

More information

Cyber Legislation & Policy Developments 2014

Cyber Legislation & Policy Developments 2014 Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

Policies and Procedures SECTION:

Policies and Procedures SECTION: PAGE 1 OF 5 I. PURPOSE The purpose of this Policy is to fulfill the requirements of Section 6032 of the Deficit Reduction Act of 2005 by providing to Creighton University employees and employees of contractors

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

When Can We Expect a Federal Data Breach Notification Law?

When Can We Expect a Federal Data Breach Notification Law? When Can We Expect a Federal Data Breach Notification Law? The Trials and Tribulations of Getting a DBN Bill through Congress. Alexi Madon Director of State Government Affairs, Midwest Cybersecurity Overview

More information

The following presentation was based on the

The following presentation was based on the Fraud Waste and Abuse Presentation The following presentation was based on the Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training developed by the Centers for Medicare

More information

Privacy and Data Breaches

Privacy and Data Breaches Privacy and Data Breaches A GROWING AIRPORT CONCERN Dominic Nessi Los Angeles World Airports Privacy in General There is none Google and other search engines, cookies Growth of on-line commerce Social

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Exhibit A. Federal Statutes Impacting Data Security

Exhibit A. Federal Statutes Impacting Data Security Exhibit A Federal Statutes Impacting Data Security Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 Federal Law Citation

More information

PCPCC National Briefing/Webinar

PCPCC National Briefing/Webinar PCPCC National Briefing/Webinar O V E R C O M I N G B A R R I E R S T O C O L L A B O R A T I O N A M O N G B E H A V I O R A L H E A L T H A N D P R I M A R Y C A R E P R O V I D E R S D A Y N A B O W

More information

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011 HIPAA Considerations for Small Non-Profits Jill M. Girardeau July 20, 2011 Mission of Pro Bono Partnership of Atlanta: To provide free legal assistance to community-based nonprofits that serve low-income

More information

The first round of TPP negotiations was held in Melbourne in March 2010.

The first round of TPP negotiations was held in Melbourne in March 2010. AN INTRODUCTION History The Trans-Pacific Partnership (TPP) builds from the Trans-Pacific Strategic Economic Partnership Agreement (P4) between Brunei, Chile, New Zealand and Singapore which entered into

More information

Compliance Training for Medicare Programs Version 1.0 2/22/2013

Compliance Training for Medicare Programs Version 1.0 2/22/2013 Compliance Training for Medicare Programs Version 1.0 2/22/2013 Independence Blue Cross is an independent licensee of the Blue Cross and Blue Shield Association. 1 The Compliance Program Setting standards

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA)... 1 Welcome to HIPAA Awareness Training Content... 3 HIPAA

More information

DEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)

DEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3) DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Outlines of the Trans-Pacific Partnership Agreement

Outlines of the Trans-Pacific Partnership Agreement Page 1 of 5 Outlines of the Trans-Pacific Partnership Agreement ENHANCING TRADE AND INVESTMENT, SUPPORTING JOBS, ECONOMIC GROWTH AND DEVELOPMENT: OUTLINES OF THE TRANS-PACIFIC PARTNERSHIP AGREEMENT On

More information

Summary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum

Summary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum Summary of Privacy and Data Security Bills- 112 th Congress Prepared for September 15, 2011 CT Privacy Forum GEOLOCATION TRACKING The Location Privacy Protection Act of 2011 (S. 1223)- introduced by s

More information

Fraud, Waste, and Abuse

Fraud, Waste, and Abuse These training materials are divided into three topics to meet the responsibilities stated on the previous pages: Fraud, Waste, Compliance Program Standards of Conduct Although the information contained

More information

The University of Toledo. Corporate Compliance and HIPAA Training

The University of Toledo. Corporate Compliance and HIPAA Training Disclaimer This document is not intended to be copied, reproduced, altered, or disseminated for training purposes on the departmental level. It is only intended to be used as a resource. ALL HIPAA training

More information

Computer Fraud & Abuse Act

Computer Fraud & Abuse Act Computer Fraud & Abuse Act Computer Fraud and Abuse Act (18 USC 1030) COMPUTER FRAUD AND ABUSE STATUTE ' 1030. Fraud and related activity in connection with computers (a) Whoever (1) knowingly accesses

More information

2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S. 2012 Revised

2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S. 2012 Revised 2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S 2012 Revised 1 Introduction CMS Requirements As of January 1, 2011, Federal Regulations require that Medicare Advantage Organizations (MAOs) and

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

EDUCATION ABOUT FALSE CLAIMS RECOVERY

EDUCATION ABOUT FALSE CLAIMS RECOVERY Type: MGI Corporate Policy Number: M 700 Effective Date: June 2014 Supersedes: AP 201, 4/12 Revised: 6/14 EDUCATION ABOUT FALSE CLAIMS RECOVERY I. PURPOSE This policy is intended to ensure compliance with

More information

Fraud, Waste & Abuse. UPMC Health Plan Quality Audit, Fraud, Waste & Abuse Department

Fraud, Waste & Abuse. UPMC Health Plan Quality Audit, Fraud, Waste & Abuse Department Fraud, Waste & Abuse UPMC Health Plan Quality Audit, Fraud, Waste & Abuse Department Definitions of Fraud, Waste & Abuse FRAUD: An intentional deception or misrepresentation made by a person or entity,

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

EMR: Electronic Medical Records Security: International Law Review

EMR: Electronic Medical Records Security: International Law Review EMR: Electronic Medical Records Security: International Law Review HCCA 11 th Annual Compliance Institute, April 2007 Jill Nelson, RN, MBA, JD, CPC, CHC Cleveland Clinic, Director of Corporate Compliance

More information

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc.

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc. Notice of Health Information Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE

More information

William Rusty Huseman 3733 University Blvd. West, Suite 305-A Jacksonville, FL 32217

William Rusty Huseman 3733 University Blvd. West, Suite 305-A Jacksonville, FL 32217 William Rusty Huseman est, Email: Rusty@husemanhealthlaw.com 1 Audit & Compliance Audit Who can audit your practice? What to expect? What to do if you are audited? Compliance 2 What you MUST have in place

More information

Fraud, Waste and Abuse Page 1 of 9

Fraud, Waste and Abuse Page 1 of 9 Page 1 of 9 Overview It is the policy of MVP Health Care, Inc. and its affiliates (collectively referred to as MVP ) to comply with all applicable federal and state laws regarding fraud, waste and abuse.

More information

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability

More information

Harris County - Texas HIPAA Notice of Privacy Practices

Harris County - Texas HIPAA Notice of Privacy Practices Harris County - Texas HIPAA Notice of Privacy Practices Effective Date: September 23, 2013. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Approver Approval Stage Date Chris Zorn Approval Event (Authoring) 12/09/2013 Nancy Monk Approval Event

More information

TRANS-PACIFIC PARTNERSHIP AGREEMENT

TRANS-PACIFIC PARTNERSHIP AGREEMENT TRANS-PACIFIC PARTNERSHIP AGREEMENT Presented by Ms. Dany Carrière, Director Trans-Pacific Partnership Division, Global Affairs Canada Deputy Chief Negotiator for Canada Trans-Pacific Partnership and Mr.

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Fraud, Waste and Abuse Prevention Training

Fraud, Waste and Abuse Prevention Training Fraud, Waste and Abuse Prevention Training The Centers for Medicare & Medicaid Services (CMS) requires annual fraud, waste and abuse training for organizations providing health services to MA or Medicare

More information

Section 10. Compliance

Section 10. Compliance Section 10. Compliance Fraud, Waste, and Abuse Introduction Molina Healthcare of [state] maintains a comprehensive Fraud, Waste, and Abuse program. The program is held accountable for the special investigative

More information

COMPLIANCE AND FRAUD, WASTE AND ABUSE

COMPLIANCE AND FRAUD, WASTE AND ABUSE Neighborhood requires compliance with all laws applicable to the organization s business, including insistence on compliance with all applicable federal and state laws dealing with false claims and false

More information

Providers are expected to conduct their business activities in full compliance with all applicable state and federal laws.

Providers are expected to conduct their business activities in full compliance with all applicable state and federal laws. 8. Compliance KP strives to demonstrate high ethical standards in its business practices. The Agreement details specific laws and contractual provisions with which you are expected to comply. This section

More information

Regulatory Update with a Touch of HIPAA

Regulatory Update with a Touch of HIPAA Regulatory Update with a Touch of HIPAA Cloud Communications Alliance Quarterly Meeting Miami, January 2015 Glenn S. Richards, Partner Pillsbury Winthrop Shaw Pittman LLP Phone: 202.663.8215 glenn.richards@pillsburylaw.com

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

Compliance and Program Integrity Melanie Bicigo, CHC, CEBS mlbicigo@uphp.com 906-225-7749

Compliance and Program Integrity Melanie Bicigo, CHC, CEBS mlbicigo@uphp.com 906-225-7749 Compliance and Program Integrity Melanie Bicigo, CHC, CEBS mlbicigo@uphp.com 906-225-7749 Define compliance and compliance program requirements Communicate Upper Peninsula Health Plan (UPHP) compliance

More information

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract

More information

PHI Air Medical, L.L.C. Compliance Plan

PHI Air Medical, L.L.C. Compliance Plan Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation

More information

2010 Fraud, Waste, and Abuse Training Materials

2010 Fraud, Waste, and Abuse Training Materials 2010 Fraud, Waste, and Abuse Training Materials UnitedHealthcare Medicare Plans Medicare Advantage AARP MedicareComplete Erickson Advantage Evercare Sierra Spectrum Sierra Village Health SM SecureHorizons

More information

Introduction to HIPAA Privacy

Introduction to HIPAA Privacy Introduction to HIPAA Privacy is published by HCPro, Inc. Copyright 2003 HCPro, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, in any

More information

Title V Preventing Fraud and Abuse. Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions

Title V Preventing Fraud and Abuse. Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions Title V Preventing Fraud and Abuse Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions Sec. 501. Health and Human Services Senior Advisor There

More information

Legislative Language. Law Enforcement Provisions Related to Computer Security

Legislative Language. Law Enforcement Provisions Related to Computer Security Legislative Language Law Enforcement Provisions Related to Computer Security Part 1: Specific Criminalization of Damaging Critical Infrastructure Computers Title 18, United States Code, is amended to add

More information

Fraud, Waste and Abuse Prevention and Education Policy

Fraud, Waste and Abuse Prevention and Education Policy Corporate Compliance Fraud, Waste and Abuse Prevention and Education Policy The Compliance Program at the Cortland Regional Medical Center (CRMC) demonstrates our commitment to uphold all federal and state

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

Recent Developments in Cybersurveillance

Recent Developments in Cybersurveillance David W. Opderbeck New Jersey Law Journal, May 16, 2016 Over the past few months, there has been a flurry of sometimes contradictory activity concerning the government's ability to access electronic information

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP Important Disclaimer: Practice limited to labor and employment law on behalf of management and related litigation.

More information

ACO Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security It s a Team Sport.

ACO Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security It s a Team Sport. ACO Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security It s a Team Sport. Robby Gulri VP, Product Marketing gulri@echoworx.com 8/28/13 1 Industry leading Educa1on Cer1fied

More information

Compliance with False Claims Act

Compliance with False Claims Act MH Policy and Procedure Document Number: MH-COMPLY-001 Document Owner: Corporate Compliance Officer Date Last Author: Corporate Compliance Officer General Description Purpose: To establish written guidelines

More information

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between Franciscan Health System ( Hospital ), and ( Community Partner ). RECITALS

More information

Touchstone Health Training Guide: Fraud, Waste and Abuse Prevention

Touchstone Health Training Guide: Fraud, Waste and Abuse Prevention Touchstone Health Training Guide: Fraud, Waste and Abuse Prevention About the Training Guide Touchstone is providing this Fraud, Waste and Abuse Prevention Training Guide as a resource for meeting Centers

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

Compliance Program Code of Conduct

Compliance Program Code of Conduct Compliance Program Code of Conduct INTRODUCTION All personnel must not only act in compliance with all applicable legal rules and regulations, but also strive to avoid even the appearance of impropriety.

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

Fraud Waste and Abuse Training First Tier, Downstream and Related Entities. ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009

Fraud Waste and Abuse Training First Tier, Downstream and Related Entities. ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009 Fraud Waste and Abuse Training First Tier, Downstream and Related Entities ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009 Overview Purpose Care1st/ ONECare Compliance Program Definitions

More information

Category: Patient Information Number: 4.003.3. Use and Disclosure of Protected Health Information

Category: Patient Information Number: 4.003.3. Use and Disclosure of Protected Health Information Applies: All Staff and Clients/Caregivers Page: 1 of 11 Purpose: To ensure that all THS Staff and Caregivers understand the permissible and required uses and disclosure of protected health information.

More information

A summary of administrative remedies found in the Program Fraud Civil Remedies Act

A summary of administrative remedies found in the Program Fraud Civil Remedies Act BLACK HILLS SPECIAL SERVICES COOPERATIVE'S POLICY TO PROVIDE EDUCATION CONCERNING FALSE CLAIMS LIABILITY, ANTI-RETALIATION PROTECTIONS FOR REPORTING WRONGDOING AND DETECTING AND PREVENTING FRAUD, WASTE

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES 1. PURPOSE CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES Champaign County Nursing Home ( CCNH ) has established anti-fraud and abuse policies to prevent fraud, waste, and abuse

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

STATE OF OKLAHOMA. 2nd Session of the 53rd Legislature (2012) AS INTRODUCED

STATE OF OKLAHOMA. 2nd Session of the 53rd Legislature (2012) AS INTRODUCED STATE OF OKLAHOMA nd Session of the rd Legislature () SENATE BILL AS INTRODUCED By: Crain An Act relating to Medicaid fraud; amending O.S., Sections 0 and 0, which relate to the Oklahoma Medicaid Program

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. OUR PLEDGE

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES THE PHYSICIAN PRACTICE, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices HIPAA Notice of Privacy Practices Date of Last Revision: 09/20/2013 Effective Date: Immediately THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

OSF HEALTHCARE FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTIONS

OSF HEALTHCARE FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTIONS OSF HEALTHCARE FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTIONS POLICY: CC-109 It is the policy of OSF HealthCare (OSF) that false, inaccurate or improper claims will not be submitted to any payer.

More information

Library Guide: HIPAA

Library Guide: HIPAA Library Guide: HIPAA Page 2 Table of Contents Overview...2 Course Descriptions: Privacy and Security Library: Business Practices to Protect Personal Health Information (HIPAA05)... 3 HIPAA: General Awareness

More information

NATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR. Version 1.0 08/08/05

NATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR. Version 1.0 08/08/05 NATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR Version 1.0 08/08/05 VERSION HISTORY Version # Implemented By Revision Date Reason 1.0 James Tolson 08/08/05 Page 2 of 12 TABLE OF CONTENTS 1 INTRODUCTION...

More information

Medical Device Industry. industry developments and stay ahead. of the challenges. Health care law has been the. cornerstone of our law firm for nearly

Medical Device Industry. industry developments and stay ahead. of the challenges. Health care law has been the. cornerstone of our law firm for nearly ebglaw.com introduction The medical device industry has seen significant growth in recent years. This has led to an increase in government regulations and enforcement efforts. attorneys help our clients

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

Updated Administration Proposal: Law Enforcement Provisions

Updated Administration Proposal: Law Enforcement Provisions Updated Administration Proposal: Law Enforcement Provisions [Changes to existing law are in shown in italics, bold, and strikethrough format] SEC. 101. Prosecuting Organized Crime Groups That Utilize Cyber

More information

REFERENCE 5. White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry

REFERENCE 5. White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry REFERENCE 5 White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry Shannah Koss, Program Manager, IBM Government and Healthcare This

More information

Rules of the Engagement: Compliance, Legalities and Ethics in Audiology Today. 2011 AAA Convention Chicago, IL

Rules of the Engagement: Compliance, Legalities and Ethics in Audiology Today. 2011 AAA Convention Chicago, IL Rules of the Engagement: Compliance, Legalities and Ethics in Audiology Today 2011 AAA Convention Chicago, IL 1. Ignorance is NOT a defense 2. Rules, regulations, guidance and laws do not have to be interpreted

More information

CORPORATE COMPLIANCE POLICY AND PROCEDURE

CORPORATE COMPLIANCE POLICY AND PROCEDURE Title: Fraud Waste and Abuse Laws in Health Care Policy # 1011 Sponsor: Corporate Compliance Approved by: Carleen Dunne, Director, Corporate Compliance and Privacy Officer Issued: Page: 1 of 7 June 25,

More information

HIPAA HITECH PA Physician Practices

HIPAA HITECH PA Physician Practices NOTICE OF PRIVACY PRACTICES Premier Urology Associates LLC dba Urology Care Alliance SUMMARY Effective Date: 12/20/2012 WHAT IS THIS NOTICE FOR? This Notice of Privacy Practices (Notice) describes how

More information

S. ll IN THE SENATE OF THE UNITED STATES A BILL

S. ll IN THE SENATE OF THE UNITED STATES A BILL TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information

More information

Developed by the Centers for Medicare & Medicaid Services

Developed by the Centers for Medicare & Medicaid Services Developed by the Centers for Medicare & Medicaid Services Every year millions of dollars are improperly spent because of fraud, waste, and abuse. It affects everyone. Including YOU. This training will

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network. Contents

Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network. Contents Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network Contents Compliance, Code of Conduct & Ethics Program 1 What is the CCCN Code of Conduct? 2 Operating Philosophies 2 Employee

More information

Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE

Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE Kurt Wimmer I. The Need for Reform: A 1986 Act Doesn t Fit the

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3 INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.

More information