Compliance. TODAY September Fighting fraud, waste, and abuse. Ted Doolittle. See page 16. How to avoid the CIA: The high price of non-compliance
|
|
- Horatio Hodge
- 8 years ago
- Views:
Transcription
1 Compliance TODAY September 2013 a publication of the health care compliance association Fighting fraud, waste, and abuse Ted Doolittle Deputy Director of the Center for Program Integrity, Centers for Medicare and Medicaid Services See page How to avoid the CIA: The high price of non-compliance Gerry Goodman 26 The not-so-usual suspects: Four laws that may impact your compliance focus Lisa J. Acevedo and Brett B. Heger 31 After the investigation: What do you do when you are done? Meric Craig Bloch 35 Government targets healthcare for disability violations Karen R. Glickstein This article, published in Compliance Today, appears here with permission from the Health Care Compliance Association. Call HCCA at with reprint requests.
2 by Lisa J. Acevedo and Brett B. Heger The not-so-usual suspects: Four laws that may impact your compliance focus Many electronic and wire communications are subject to access by law enforcement under the Electronic Communications Privacy Act. Pending legislation under the proposed Cyber Intelligence Sharing Protection Act could permit companies to more easily share information with the government. The unauthorized access to computerized medical records could be punishable under the Computer Fraud and Abuse Act, including imprisonment, fines, or both. The Trans-Pacific Partnership Agreement may impact the intellectual property rights of, and trade-related requirements that impact, healthcare organizations. Compliance professionals should remain aware of current and proposed non-traditional healthcare laws, regulations, and government actions and their possible impact. Lisa J. Acevedo is a Shareholder in the Chicago office of Polsinelli PC. Brett B. Heger (bheger@polsinelli.com) is an Associate in the Phoenix office of Polsinelli PC. As healthcare compliance professionals who regularly negotiate the everincreasing web of federal and state statutes and regulations, we are all familiar with the usual suspects: the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and its recently issued final implementing regulations, and of course, the Patient Protection and Affordable Care Act (PPACA). However, looming out there in this tangled web are laws, as well as proposed laws and trade agreements, that may also impact healthcare-related compliance issues, but which rarely get the same attention as HIPAA, HITECH and PPACA. Following is a summary of the Electronic Communications Privacy Act (ECPA), the proposed Cyber Intelligence Sharing Protection Act (CISPA), the Computer Fraud and Abuse Act (CFAA), and the proposed Trans-Pacific Partnership Agreement (TPP) and how they can impact the healthcare industry. Electronic Communications Acevedo Privacy Act ECPA regulates the privacy of electronic communications. 1 Among other things, EPCA addresses government access to stored wire and electronic communications. Under EPCA, providers of electronic communications services (e.g., service providers) and remote computing services Heger providers, (e.g., providers to the public of computer storage or processing systems) must disclose the contents of electronic communications that they store under certain circumstances. In the past, EPCA was not the
3 focus of healthcare compliance efforts because organizations typically stored their electronic documents, including s, on their own network servers. However, with the advent of Storage of electronic communications in the cloud means that the stored data may be subject to government access the cloud, organizations are increasingly contracting with cloud providers to store data in the cloud providers network servers. Storage of electronic communications in the cloud, or otherwise with electronic communication providers or remote computing service providers, means that the stored data may be subject to government access, even without a warrant under certain circumstances. Under ECPA, law enforcement may require electronic communication or remote computing service providers to disclose the contents of an electronic communication that is: (1) in remote storage; or (2) stored by an electronic communication provider for more than 180 days. However, law enforcement officials will need a warrant to access any electronic communication that is: (1) in transit, (2) in storage on a personal computer, or (3) stored by an electronic communication provider for 180 days or less. Although there have been recent attempts to update the ECPA, particularly given the changes in technology since 1986, such attempts have not been successful. In 2013, the Senate Judiciary Committee passed an ECPA amendment that would eliminate the 180 day rule and would require law enforcement to obtain a warrant based on probable cause in order to obtain any stored information. However, that amendment failed to pass in the Senate. In May 2013, two similar bills were introduced in the House of Representatives. House subcommittees were debating and deliberating such bills at the time this article went to press. ECPA could potentially impact privacy protections for medical documents, protected health information (PHI), and other sensitive or confidential information contained in electronic communications that are stored with cloud or other providers covered under EPCA. Healthcare organizations should review their electronic communication document storage practices and their document retention/destruction policies to determine the impact of ECPA on their practices and policies. Cyber Intelligence Sharing Protection Act The Cyber Intelligence Sharing and Protection Act (CISPA) 2 was introduced in the House of Representatives in November 2011 and approved in April After failing to pass in the Senate during the same session, the bill was reintroduced 3 in the House on February 12, 2013 and passed on April 18, The Senate has refused to vote on the bill as passed by the House. CISPA, as proposed, provides for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cyber security entities, and for other purposes. 4 If signed into law, CISPA will amend the National Security Act of 1947 with an additional section on cyber intelligence threats and will encourage information sharing between private sector entities and the government as is consistent with the protection of the national security of the United States. CISPA will provide for protection of personal documents including medical records
4 However, the bill raises privacy concerns due to its broad language permitting companies to share information with the government for cyber security purposes. Additionally, CISPA states that private companies may share information with the government notwithstanding any other provisions of law. Opponents of CISPA argue that CISPA s drafters intended to make it trump all existing federal and state laws, including laws dealing with medical privacy. Compliance professionals should monitor the progress of CISPA. Computer Fraud and Abuse Act The Computer Fraud and Abuse Act (CFAA) 5 is a criminal statute which prohibits anyone from accessing a computer without authorization, or from exceeding the scope of authorized access in order to: obtain protected information held by the US government; obtain financial records of financial institutions, information from any department or agency of the United States, or information from any protected computer; access or affect the use of a non-public computer used by or for the US government; knowingly and with intent to defraud, access a protected computer in an effort to further the intended fraud; knowingly transmit information that causes damage or loss to a protected computer; knowingly and with intent to defraud, traffic computer passwords or similar information, if such trafficking affects interstate or foreign commerce or a government computer 6 ; and intentionally participate in computer extortion. A protected computer is a computer that is (1) exclusively used by or for a financial institution or the United States government, (2) used by or for a financial institution or the United States government and affecting that entity, or (3) used in or affecting interstate or foreign commerce or communication. Courts have interpreted this to mean any computer connected to the Internet. Traffic means: (1) transfer, (2) otherwise dispose, or (3) obtain control of data with intent to transfer or dispose of that data. Violations of the CFAA could result in a fine, imprisonment, or both. With respect to the healthcare industry, CFAA specifically states that if a person modifies or potentially modifies a medical examination, diagnosis, treatment, or care of one or more individuals, this can result in a fine and imprisonment for five years. Healthcare organizations should consider including the CFAA in their employee training programs and should evaluate the impact of the CFAA if there is a breach involving their computers. Trans-Pacific Partnership Agreement The TPP is a proposed free-trade deal currently being negotiated between Australia, Brunei Darussalam, Canada, Chile, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam, and the United States. 7 It is aimed at fostering a closer relationship between these countries regarding economic policies and regulatory issues. The seventeenth round of negotiations of the TPP took place in Lima, Peru, May 15 17, Although the Office of the United States Trade Representative has and continues to solicit input from various stakeholders, the countries negotiating the TPP have entered into a confidentiality agreement regarding the TPP negotiations. The confidentiality of the TPP negotiations has caused criticism over the lack of transparency and accountability regarding such negotiations
5 Other countries involved in TPP negotiations have different levels of intellectual property protections, and in the course of negotiations between the United States and these countries, the United States intellectual property protections could be subject to change. Healthcare organizations routinely deal with intellectual property on their websites, webinars, and licensing agreements, as well as using intellectual property to protect their medical products, and thus, should be aware of these concerns and any changes in intellectual property protections that may arise from the TPP. Further, the eighth round of TPP negotiations that concluded in September 2011 produced a white paper outlining the Trade Enhancing Access to Medicines (TEAM) initiative. 8 The TPP TEAM initiative aims to achieve the following goals: Expedite access to innovative and generic medicines through a TPP access window Enhance legal certainty for manufacturers of generic medicines Eliminate tariffs on medicines Reduce customs obstacles to medicines Curb trade in counterfeit medicines Reduce internal barriers to distribution of medicines Promote transparency and procedural fairness Minimize unnecessary regulatory barriers Reaffirm TPP parties commitment to the Doha Declaration on Trade-Related Aspects of Intellectual Property Rights (TRIPS) and Public Health 9 Although many of these goals may be welcomed within the US healthcare industry, some fear that such protections will result in longer patent terms, data exclusivity, and increased prices. Compliance professionals who focus on intellectual property and traderelated issues should monitor the progress of the TPP. In short, the laws and the proposed statutes and trade agreement described above should be on every compliance officer s radar. While it s easy to get bogged down with HIPAA, HITECH and PPACA, time should be devoted to exploring whether your organization could be impacted by the ECPA, CISPA, CFAA, and the TPP. 1. Public Law No , 100 Stat (1986) (codified as amended at 18 U.S.C , , 3117, ). Available at 2. Cyber Intelligence Sharing and Protection Act, H.R. 3523, 112 th Cong. (2011). 3. Cyber Intelligence Sharing and Protection Act, H.R. 624, 113 th Cong. (2013). 4. H.R. 624, 113 th Cong. (2013) U.S.C U.S.C. 1029(e)(5). 7. Office of the United States Trade Representative: The United States in the Trans-Pacific Partnership. Nov Available at 8. Office of the United States Trade Representative: Trade Enhancing Access to Medicine Available at 9. World Health Organization: The Doha Declaration on the TRIPS Agreement and Public Health Available at Upcoming HCCA Web Conferences 9/19 9/25 9/26 Behavioral Health Documentation & Billing: Compliance Pitfalls, Challenges, and Solutions Vonda K. Moon and Georgia D. Rackley to Motivate the Physician: Why, Who, How, and When James S. Dunnick Understanding the Attorney Client Privilege and its Role in Compliance Amy Fehn learn more and register at
COMPUTER FRAUD AND ABUSE ACT. US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers
COMPUTER FRAUD AND ABUSE ACT US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers (a) Whoever - (1) having knowingly accessed a computer without authorization
More informationCyber Legislation & Policy Developments 2014
Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal
More informationPolicies and Procedures SECTION:
PAGE 1 OF 5 I. PURPOSE The purpose of this Policy is to fulfill the requirements of Section 6032 of the Deficit Reduction Act of 2005 by providing to Creighton University employees and employees of contractors
More informationWhen Can We Expect a Federal Data Breach Notification Law?
When Can We Expect a Federal Data Breach Notification Law? The Trials and Tribulations of Getting a DBN Bill through Congress. Alexi Madon Director of State Government Affairs, Midwest Cybersecurity Overview
More informationOutlines of the Trans-Pacific Partnership Agreement
Page 1 of 5 Outlines of the Trans-Pacific Partnership Agreement ENHANCING TRADE AND INVESTMENT, SUPPORTING JOBS, ECONOMIC GROWTH AND DEVELOPMENT: OUTLINES OF THE TRANS-PACIFIC PARTNERSHIP AGREEMENT On
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationThe following presentation was based on the
Fraud Waste and Abuse Presentation The following presentation was based on the Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training developed by the Centers for Medicare
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationExhibit A. Federal Statutes Impacting Data Security
Exhibit A Federal Statutes Impacting Data Security Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 Federal Law Citation
More informationPrivacy Issues Airports
Privacy and Data Breaches A GROWING AIRPORT CONCERN Dominic Nessi Los Angeles World Airports Privacy in General There is none Google and other search engines, cookies Growth of on-line commerce Social
More informationCybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws
Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer
More informationThe first round of TPP negotiations was held in Melbourne in March 2010.
AN INTRODUCTION History The Trans-Pacific Partnership (TPP) builds from the Trans-Pacific Strategic Economic Partnership Agreement (P4) between Brunei, Chile, New Zealand and Singapore which entered into
More informationComputer Fraud & Abuse Act
Computer Fraud & Abuse Act Computer Fraud and Abuse Act (18 USC 1030) COMPUTER FRAUD AND ABUSE STATUTE ' 1030. Fraud and related activity in connection with computers (a) Whoever (1) knowingly accesses
More information2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S. 2012 Revised
2012-2013 MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S 2012 Revised 1 Introduction CMS Requirements As of January 1, 2011, Federal Regulations require that Medicare Advantage Organizations (MAOs) and
More informationSummary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum
Summary of Privacy and Data Security Bills- 112 th Congress Prepared for September 15, 2011 CT Privacy Forum GEOLOCATION TRACKING The Location Privacy Protection Act of 2011 (S. 1223)- introduced by s
More informationFraud, Waste, and Abuse
These training materials are divided into three topics to meet the responsibilities stated on the previous pages: Fraud, Waste, Compliance Program Standards of Conduct Although the information contained
More informationDEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)
DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners
More informationPCPCC National Briefing/Webinar
PCPCC National Briefing/Webinar O V E R C O M I N G B A R R I E R S T O C O L L A B O R A T I O N A M O N G B E H A V I O R A L H E A L T H A N D P R I M A R Y C A R E P R O V I D E R S D A Y N A B O W
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationJeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM
Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL
More informationHealth Insurance Portability and Accountability Act of 1996 (HIPAA) Contents
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA)... 1 Welcome to HIPAA Awareness Training Content... 3 HIPAA
More informationFraud, Waste and Abuse Prevention Training
Fraud, Waste and Abuse Prevention Training The Centers for Medicare & Medicaid Services (CMS) requires annual fraud, waste and abuse training for organizations providing health services to MA or Medicare
More informationELECTRONIC HEALTH RECORDS
ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability
More informationWilliam Rusty Huseman 3733 University Blvd. West, Suite 305-A Jacksonville, FL 32217
William Rusty Huseman est, Email: Rusty@husemanhealthlaw.com 1 Audit & Compliance Audit Who can audit your practice? What to expect? What to do if you are audited? Compliance 2 What you MUST have in place
More informationCompliance Training for Medicare Programs Version 1.0 2/22/2013
Compliance Training for Medicare Programs Version 1.0 2/22/2013 Independence Blue Cross is an independent licensee of the Blue Cross and Blue Shield Association. 1 The Compliance Program Setting standards
More informationThe University of Toledo. Corporate Compliance and HIPAA Training
Disclaimer This document is not intended to be copied, reproduced, altered, or disseminated for training purposes on the departmental level. It is only intended to be used as a resource. ALL HIPAA training
More informationHIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011
HIPAA Considerations for Small Non-Profits Jill M. Girardeau July 20, 2011 Mission of Pro Bono Partnership of Atlanta: To provide free legal assistance to community-based nonprofits that serve low-income
More informationLegislative Language. Law Enforcement Provisions Related to Computer Security
Legislative Language Law Enforcement Provisions Related to Computer Security Part 1: Specific Criminalization of Damaging Critical Infrastructure Computers Title 18, United States Code, is amended to add
More informationEDUCATION ABOUT FALSE CLAIMS RECOVERY
Type: MGI Corporate Policy Number: M 700 Effective Date: June 2014 Supersedes: AP 201, 4/12 Revised: 6/14 EDUCATION ABOUT FALSE CLAIMS RECOVERY I. PURPOSE This policy is intended to ensure compliance with
More informationEMR: Electronic Medical Records Security: International Law Review
EMR: Electronic Medical Records Security: International Law Review HCCA 11 th Annual Compliance Institute, April 2007 Jill Nelson, RN, MBA, JD, CPC, CHC Cleveland Clinic, Director of Corporate Compliance
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationSCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005
Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Approver Approval Stage Date Chris Zorn Approval Event (Authoring) 12/09/2013 Nancy Monk Approval Event
More informationFraud, Waste and Abuse Page 1 of 9
Page 1 of 9 Overview It is the policy of MVP Health Care, Inc. and its affiliates (collectively referred to as MVP ) to comply with all applicable federal and state laws regarding fraud, waste and abuse.
More informationHow To Get A Medical Bill Of Health From A Member Of A Health Care Provider
Neighborhood requires compliance with all laws applicable to the organization s business, including insistence on compliance with all applicable federal and state laws dealing with false claims and false
More informationFraud, Waste & Abuse. UPMC Health Plan Quality Audit, Fraud, Waste & Abuse Department
Fraud, Waste & Abuse UPMC Health Plan Quality Audit, Fraud, Waste & Abuse Department Definitions of Fraud, Waste & Abuse FRAUD: An intentional deception or misrepresentation made by a person or entity,
More informationSection 10. Compliance
Section 10. Compliance Fraud, Waste, and Abuse Introduction Molina Healthcare of [state] maintains a comprehensive Fraud, Waste, and Abuse program. The program is held accountable for the special investigative
More informationCompliance and Program Integrity Melanie Bicigo, CHC, CEBS mlbicigo@uphp.com 906-225-7749
Compliance and Program Integrity Melanie Bicigo, CHC, CEBS mlbicigo@uphp.com 906-225-7749 Define compliance and compliance program requirements Communicate Upper Peninsula Health Plan (UPHP) compliance
More informationBUSINESS ASSOCIATE ADDENDUM
BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.
More informationIntroduction to HIPAA Privacy
Introduction to HIPAA Privacy is published by HCPro, Inc. Copyright 2003 HCPro, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, in any
More informationOSF HEALTHCARE FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTIONS
OSF HEALTHCARE FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTIONS POLICY: CC-109 It is the policy of OSF HealthCare (OSF) that false, inaccurate or improper claims will not be submitted to any payer.
More informationNATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR. Version 1.0 08/08/05
NATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR Version 1.0 08/08/05 VERSION HISTORY Version # Implemented By Revision Date Reason 1.0 James Tolson 08/08/05 Page 2 of 12 TABLE OF CONTENTS 1 INTRODUCTION...
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationNOTICE OF PRIVACY PRACTICES
THE PHYSICIAN PRACTICE, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
More informationGrand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationRegulatory Update with a Touch of HIPAA
Regulatory Update with a Touch of HIPAA Cloud Communications Alliance Quarterly Meeting Miami, January 2015 Glenn S. Richards, Partner Pillsbury Winthrop Shaw Pittman LLP Phone: 202.663.8215 glenn.richards@pillsburylaw.com
More informationUpdated Administration Proposal: Law Enforcement Provisions
Updated Administration Proposal: Law Enforcement Provisions [Changes to existing law are in shown in italics, bold, and strikethrough format] SEC. 101. Prosecuting Organized Crime Groups That Utilize Cyber
More informationOFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)
Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationProviders are expected to conduct their business activities in full compliance with all applicable state and federal laws.
8. Compliance KP strives to demonstrate high ethical standards in its business practices. The Agreement details specific laws and contractual provisions with which you are expected to comply. This section
More informationPrepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014
Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.
More informationS. ll IN THE SENATE OF THE UNITED STATES A BILL
TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information
More informationData Privacy & Security in the Cloud: Legal Basics and New Developments
Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data
More informationDeveloped by the Centers for Medicare & Medicaid Services
Developed by the Centers for Medicare & Medicaid Services Every year millions of dollars are improperly spent because of fraud, waste, and abuse. It affects everyone. Including YOU. This training will
More informationCompliance with False Claims Act
MH Policy and Procedure Document Number: MH-COMPLY-001 Document Owner: Corporate Compliance Officer Date Last Author: Corporate Compliance Officer General Description Purpose: To establish written guidelines
More informationCategory: Patient Information Number: 4.003.3. Use and Disclosure of Protected Health Information
Applies: All Staff and Clients/Caregivers Page: 1 of 11 Purpose: To ensure that all THS Staff and Caregivers understand the permissible and required uses and disclosure of protected health information.
More information109TH CONGRESS 1ST SESSION. discourage spyware, and for other purposes. To amend title 18, United States Code, to AN ACT H. R. 744
09TH CONGRESS 1ST SESSION H. R. 7 AN ACT To amend title 18, United States Code, to discourage spyware, and for other purposes. 09TH CONGRESS 1ST SESSION H. R. 7 AN ACT To amend title 18, United States
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationCompliance Program Code of Conduct
Compliance Program Code of Conduct INTRODUCTION All personnel must not only act in compliance with all applicable legal rules and regulations, but also strive to avoid even the appearance of impropriety.
More informationPolicy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE
Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE Kurt Wimmer I. The Need for Reform: A 1986 Act Doesn t Fit the
More informationCHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES
1. PURPOSE CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES Champaign County Nursing Home ( CCNH ) has established anti-fraud and abuse policies to prevent fraud, waste, and abuse
More informationTitle V Preventing Fraud and Abuse. Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions
Title V Preventing Fraud and Abuse Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions Sec. 501. Health and Human Services Senior Advisor There
More informationACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT
ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between Franciscan Health System ( Hospital ), and ( Community Partner ). RECITALS
More informationRecent Developments in Cybersurveillance
David W. Opderbeck New Jersey Law Journal, May 16, 2016 Over the past few months, there has been a flurry of sometimes contradictory activity concerning the government's ability to access electronic information
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationPHI Air Medical, L.L.C. Compliance Plan
Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation
More informationFraud Waste and Abuse Training First Tier, Downstream and Related Entities. ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009
Fraud Waste and Abuse Training First Tier, Downstream and Related Entities ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009 Overview Purpose Care1st/ ONECare Compliance Program Definitions
More informationTouchstone Health Training Guide: Fraud, Waste and Abuse Prevention
Touchstone Health Training Guide: Fraud, Waste and Abuse Prevention About the Training Guide Touchstone is providing this Fraud, Waste and Abuse Prevention Training Guide as a resource for meeting Centers
More informationPlease see Section IX. for Additional Information:
The Florida Senate BILL ANALYSIS AND FISCAL IMPACT STATEMENT (This document is based on the provisions contained in the legislation as of the latest date listed below.) BILL: CS/CS/SB 222 Prepared By:
More informationBUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.
BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More information2010 Fraud, Waste, and Abuse Training Materials
2010 Fraud, Waste, and Abuse Training Materials UnitedHealthcare Medicare Plans Medicare Advantage AARP MedicareComplete Erickson Advantage Evercare Sierra Spectrum Sierra Village Health SM SecureHorizons
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationHealthcare Compliance and Hybrid Entity Designation
[New OP initial posting 8/28/14] Operating Policy and Procedure : Healthcare Compliance and Hybrid Entity Designation DATE: August 28, 2014 PURPOSE: The purpose of this Texas Tech Operating Policy and
More informationCompliance, Code of Conduct & Ethics Program Cantex Continuing Care Network. Contents
Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network Contents Compliance, Code of Conduct & Ethics Program 1 What is the CCCN Code of Conduct? 2 Operating Philosophies 2 Employee
More informationFraud, Waste and Abuse Prevention and Education Policy
Corporate Compliance Fraud, Waste and Abuse Prevention and Education Policy The Compliance Program at the Cortland Regional Medical Center (CRMC) demonstrates our commitment to uphold all federal and state
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationREFERENCE 5. White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry
REFERENCE 5 White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry Shannah Koss, Program Manager, IBM Government and Healthcare This
More informationFrom 1984 to 1990, Congress established
U.S. Sentencing Commission One Columbus Circle, N.E. Suite 2-500 Washington, DC 20002-8002 REPORT SUMMARY Summary of Findings Computer Fraud Working Group From 984 to 990, Congress established six new
More informationACO Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security It s a Team Sport.
ACO Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security It s a Team Sport. Robby Gulri VP, Product Marketing gulri@echoworx.com 8/28/13 1 Industry leading Educa1on Cer1fied
More informationRules of the Engagement: Compliance, Legalities and Ethics in Audiology Today. 2011 AAA Convention Chicago, IL
Rules of the Engagement: Compliance, Legalities and Ethics in Audiology Today 2011 AAA Convention Chicago, IL 1. Ignorance is NOT a defense 2. Rules, regulations, guidance and laws do not have to be interpreted
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act of 1996
What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other
More informationSTATE OF OKLAHOMA. 2nd Session of the 53rd Legislature (2012) AS INTRODUCED
STATE OF OKLAHOMA nd Session of the rd Legislature () SENATE BILL AS INTRODUCED By: Crain An Act relating to Medicaid fraud; amending O.S., Sections 0 and 0, which relate to the Oklahoma Medicaid Program
More informationNotice of Health Information Privacy Practices Radiology Associates of Norwood, Inc.
Notice of Health Information Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE
More informationCORPORATE COMPLIANCE POLICY AND PROCEDURE
Title: Fraud Waste and Abuse Laws in Health Care Policy # 1011 Sponsor: Corporate Compliance Approved by: Carleen Dunne, Director, Corporate Compliance and Privacy Officer Issued: Page: 1 of 7 June 25,
More informationPreservation of longstanding, roles and missions of civilian and intelligence agencies
Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationGovernment Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution
Government Focus on Cybersecurity Elevates Data Breach Legislation by Experian Government Relations and Experian Data Breach Resolution Will Congress pass data breach legislation in 2015/2016? Recent high-profile
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationHarris County - Texas HIPAA Notice of Privacy Practices
Harris County - Texas HIPAA Notice of Privacy Practices Effective Date: September 23, 2013. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationHIPAA Enforcement Training for State Attorneys General
: State Attorneys General Enforcement of Federal Health Privacy Law HIPAA Enforcement Training for State Attorneys General Module Introduction : Introduction This module of the HIPAA Enforcement Training
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationTo: All Vendors, Agents and Contractors of Hutchinson Regional Medical Center
To: All Vendors, Agents and Contractors of Hutchinson Regional Medical Center From: Corporate Compliance Department Re: Deficit Reduction Act of 2005 Dear Vendor/Agent/Contractor: Under the Deficit Reduction
More informationA summary of administrative remedies found in the Program Fraud Civil Remedies Act
BLACK HILLS SPECIAL SERVICES COOPERATIVE'S POLICY TO PROVIDE EDUCATION CONCERNING FALSE CLAIMS LIABILITY, ANTI-RETALIATION PROTECTIONS FOR REPORTING WRONGDOING AND DETECTING AND PREVENTING FRAUD, WASTE
More informationpolicy (C) Deficit Reduction Act of 2005 and the Federal False Claims Act
Name of Policy: Detecting and Preventing Fraud, Waste and Abuse Policy Number: 3364-15-02 Issuing Office: President Responsible Agent: Compliance/Privacy Officer Revision date: July 5, 2011 Original effective
More information