The Case For HIPAA Risk Assessment. Leader s Guide

Size: px
Start display at page:

Download "The Case For HIPAA Risk Assessment. Leader s Guide"

Transcription

1 4547 The Case For HIPAA Risk Assessment Leader s Guide

2 IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements, this curriculum must be presented by a training provider approved by. A list of approved training providers can be found. ACCREDITATION INFORMATION TARGET AUDIENCE This continuing education activity has been developed for HIPAA Covered Entity personnel such as HIPAA privacy and security officers, privacy contacts, risk managers, counsel, information management and information technology personnel, compliance officers and leadership at all levels interested in pursuing and attaining HIPAA compliance. ACCREDITATION PERIOD CE CONTACT HOURS NEVCO designates this educational activity for up to hours of continuing education. OVERALL LEARNING OBJECTIVES Upon completion of this course, participants should be able to: Demonstrate how HIPAA risk assessments can decrease exposure to HIPAA fines, penalties and criminal sanctions Describe several compelling reasons for a HIPAA risk assessment Use a HIPAA risk assessment as a resource for conducting a mock OCR audit Recognize benefits to the Covered Entity beyond HIPAA compliance that HIPAA risk assessments represent Evaluate the Covered Entity s immediate need for HIPAA risk assessments Assess and evaluate readiness for a HIPAA risk assessment THE ROLE OF PROGRAM FACILITATOR This educational activity must be facilitated (conducted) by a training provider approved by who will assume responsibility for the activity requirements detailed in this guide. Failure to conduct this activity accordingly may affect eligibility for CE credit (Registered Nurses), Certificates of Completion (Others), and will not meet Florida state requirements for -hour _. ACTIVITY REQUIREMENTS HOW TO EARN CREDIT The supplemental material contained in this Activity Guide is intended to be used with the enclosed PowerPoint. All elements of the curriculum outline (see next page) must be completed in order to obtain full credit. See Facilitation Guide that follows for further details on how to conduct this activity

3 TRAINING CURRICULUM OUTLINE All elements must be satisfied in order to meet course requirements. TIME DIDACTIC METHOD CONTENT Learning Objectives and Review of Key Terms Pre-Test Powerpoint Discussion Post-Test 30 min. 15 min. 45 min. 30 min. 15 min. Facilitated Discussion Handout Distribution View Instructional Powerpoint Facilitated Discussion Handout Distribution Evolution of HIPAA, HITECH HIPAA and privacy and security rules since Examples of preventable HIPAA violations. Reasons for HIPAA risk assessments. Using HIPAA risk assessments as a resource for a mock OCR audit. Benefits beyond HIPAA compliance of HIPAA risk assessments. Sources of HIPAA exposure. Incentives to bring a HIPAA violation case. HIPAA administrative, civil and criminal penalties. Immediate steps toward HIPAA compliance. HIPAA risk assessment and OCR audit processes. Importance of training and ongoing reviews in HIPAA compliance. Total Time: Part 1 2:

4 _ HIPAA privacy and security Proliferation in the late 1990 s of internet and electronic transmission of healthcare information, together with highly-publicized abuses of medical records, motivated Congress in 1996 to include Administrative Simplification provisions HIPAA in legislation governing portability of health insurance between employers. Far-reaching HIPAA privacy and security rules defined the role and responsibility of HIPAA Covered Entities, implemented significant patient rights and expanded the reach of HIPAA to Business Associates entities using protected health information in work done for Covered Entities. HITECH HIPAA, part of the 2009 stimulus bill represented a seismic shift in HIPAA enforcement by substantially increasing HIPAA civil, criminal and administrative penalties and making them applicable to Business Associates. HIPAA laws HIPAA rules HITECH HIPAA Covered Entity Business Associate HIPAA privacy. HIPAA privacy governs use and disclosure of protected health information. Use is within an organization while disclosure is outside. HIPAA security. HIPAA security governs how health information is protected through administrative, technical and legal requirements called safeguards. HIPAA risk assessment. An accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the Covered Entity. HIPAA risk assessments are required by federal HIPAA rules at 45 CFR (a)(1). OCR HIPAA audit. HIPAA compliance audits of Covered Entities and Business Associates conducted by HHS Office of Civil Rights. Mock OCR audit. A simulated pre-audit of a Covered Entity s HIPAA compliance conducted by the Covered Entity in advance of an OCR HIPAA audit. HIPAA administrative, civil and criminal penalties. Expanded by HITECH HIPAA legislation to include Business Associates, HITECH HIPAA administrative, civil and criminal penalties can reach $1,500,000 per occurrence and prison for up to 10 years. 3

5 Program Description This program will discuss federally required HIPAA risk assessments, challenges that HIPAA compliance impose on Covered Entities and Business Associates and how a mock OCR audit can become an integral part of a HIPAA risk assessment. Covered Entities and Business Associates are encouraged to perform HIPAA risk assessments before undergoing an external review by OCR, the plaintiff s bar and others. Objectives At the conclusion of this program the participant will be able to: 1. Describe several reasons for HIPAA risk assessments. 2. Use a HIPAA risk assessment as a resource for conducting a mock OCR audit. 3. Recognize benefits beyond HIPAA rule compliance of HIPAA risk assessments. 4. Evaluate the Covered Entity s immediate need for HIPAA risk assessments. 5. Assess and evaluate readiness of the Covered Entity for a HIPAA risk assessment. 6. Identify common compliance failures leading to HIPAA fines and penalties. 7. Understand the importance of HIPAA training and ongoing monitoring of HIPAA compliance. 8. Understand that many HIPAA violations are preventable. 9. State 2 immediate actions that can reduce or eliminate exposure to HIPAA penalties. 10. Understand the Covered Entity s exposure to HIPAA administrative, civil and criminal penalties. 4

6 GLOSSARY OF KEY TERMS Business associate agreements CLIA Compliance gaps Corrective action plan EHR Electronic protected health information Encryption False claims HITECH HIPAA HIPAA HIPAA privacy policies, procedures and forms HIPAA privacy rules HIPAA risk assessment Agreements between Covered Entities and organizations Business Associates - that use PHI in work they perform for Covered Entities Federal laws and rules governing health care laboratories Insufficient compliance by a Covered Entity with federal requirements Formalized remediation plan often required by HHS in connection with HIPAA violations Electronic health records Protected health information created, maintained or transmitted electronically Process of making data unreadable or indecipherable consistent with federal standards State and federal legislation imposing damages and fines for submitting false healthcare claims Part of the 2009 stimulus package that expanded HIPAA to Business Associates and increased penalties for HIPAA violations Federal legislation governing transportability of health insurance among and between employers Suite of Covered Entity documents designed to comply with federal HIPAA privacy requirements Federal rules governing use and disclosure of protected health information Accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information 5

7 GLOSSARY OF KEY TERMS (continued) HIPAA security policies procedures and forms HIPAA security rules Meaningful Use Objectives Milestones Mock OCR audit NIST publications OCR audit protocol Penetration and vulnerability testing Protected health information Remediation Sanction policy Whistleblower Workforce Suite of Covered Entity documents designed to comply with federal HIPAA security requirements Federal rules governing protection of health information though administrative, legal and technical safeguards Federal initiative designed to encourage utilization of electronic health records Scheduled remediation activities Simulated OCR audit conducted by Covered Entity prior to actual OCR audit Instructive privacy and security manuals published by the US Department of Commerce Specific policies and procedures utilized by HHS in conducting OCR audits Electronic testing of a Covered Entity s defenses against unauthorized access Health information about a specific individual Steps to bring Covered Entity policies, procedures and forms into HIPAA compliance Formal policy of a Covered Entity to sanction Workforce members for violations Person permitted to bring an action against a Covered Entity with potential for sharing portion of recovery Personnel acting on behalf of a Covered Entity on a paid or volunteer basis 6

8 Pre Test Circle T if the statement is true, circle F if it is false. T F 1. A HIPAA risk assessment has benefits beyond HIPAA rule compliance. T F 2. A HIPAA risk assessment can be used as a resource for conducting an internal mock OCR audit. T F 3. HIPAA violations do not create exposure to administrative, civil or criminal penalties. T F 4. Training and ongoing reviews are not a part of HIPAA compliance. T F 5. HIPAA privacy rules govern use and disclosure of protected health information. T F 6. HIPAA security rules involve administrative, legal and technical safeguards. T F 7. A HIPAA risk assessment is an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information. T F 8. A whistleblower is a person permitted to bring an action against a Covered Entity with potential for sharing portion of recovery. T F 9. Under HIPAA, workforce includes personnel acting on behalf of a Covered Entity on a paid or volunteer basis. T F 10. HIPAA fines are capped at $10,000 per occurrence. T F 11. An OCR audit does not involve any on-site visits by auditors. T F 12. A HIPAA risk assessment satisfies at least 2 federal HIPAA rule requirements. T F 13. A Covered Entity s HIPAA suites of privacy and security policies, procedures and forms are the only types of documentation examined during an OCR audit. T F 14. HHS Office of Civil Rights does not give Covered Entities notice of OCR audits. 7

9 THE CASE FOR HIPPA RISK ASSESSMENTS Pre Test (continued) T F 15. State attorneys general have no authority to bring HIPAA actions against Covered Entities. T F 16. HHS often requires a Corrective Action Plan from Covered Entities for HIPAA violations. T F 17. HITECH HIPAA significantly expanded the reach of HIPAA requirements and increased HIPAA fines and penalties. T F 18. There are no immediate steps a Covered Entity can take to reduce or eliminate exposure to HIPAA violations. T F 19. Failure to completely implement policies and procedures often leads to HIPAA fines and sanctions. T F 20. HIPAA laws were enacted in 1996 in legislation governing portability of employees health insurance. 8

10 Post Test Circle the response that best answers each question. 1. HIPAA security involves safeguards that include: a. administrative b. legal c. technical 2. HIPAA privacy rules govern: a. use and disclosure of protected health information b. administrative safeguards c. legal safeguards d. technical safeguards 3. HIPAA violations create exposure to the following penalties: a. administrative b. civil c. criminal 4. HIPAA workforce includes the following personnel: a. paid and volunteer staff b. US Postal Service c. Federal Express d. b and c but not a 5. HIPAA fines per occurrence are capped at: a. $ 10,000 b. $ 20,000 c. $ 100,000 d. none of the above 6. A HIPAA risk assessment satisfies HIPAA rules requiring: a. risk assessment b. periodic reviews and updates c. administrative safeguards d. a and b but not c 9

11 Post Test (continued) 7. The following types of Covered Entity documentation can be expected to be reviewed during an OCR audit: a. Covered Entity s suites of HIPAA privacy and security policies, procedures and forms b. Covered Entity s paper and website Notice of Privacy Practices c. Covered Entity s sanction policy d. Covered Entity s document retention policy e. all of the above 8. Sources of HIPAA exposure include: a. present and former employees b. security breaches c. theft of medical records 9. Maximum prison term for a HIPAA violation is: a. 1 year b. 5 years c. 10 years d. none of the above 10. Benefits of a HIPAA risk assessment include: a. placing Covered Entity in best possible legal position to defend against HIPAA violations b. helps the Covered Entity qualify for network liability and privacy insurance c. reduce or avoid adverse publicity e. none of the above 11. A HIPAA risk assessment includes: a. on-site interviews with key leadership and management staff b. facility and data center review c. pre and post-assessment briefings of key leadership and management personnel e. none of the above 12. Review and possible update of HIPAA privacy and security policies and procedures should occur after which of the following: a. installing new computer equipment b. adding additional software c. hiring of additional staff e. none of the above 10

12 Post Test (continued) 13. An external review of a Covered Entity s suite of HIPAA privacy and security policies, procedures and forms can occur in the context of a: a. security breach b. whistleblower complaint c. OCR audit e. none of the above 14. Prominent OCR audit protocols include: a. risk assessment b. review and update HIPAA policies, procedures and forms periodically c. development and deployment of information system activity review process d. sanction policy e. all of the above f. none of the above 15. OCR audits can be expected to involve the following: a. no notice b. no request for documentation c. no interviews of key personnel e. none of the above 16. Reasons for OCR HIPAA audits include: a. assess Covered Entity compliance efforts b. examine mechanisms for compliance c. identify best practices e. none of the above 17. Recent Court cases hold that a Covered Entity is exposed to damages for: a. negligence and negligence per se b. breach of contract and implied contract c. breach of implied covenant of good faith and fair dealing e. none of the above 11

13 Post Test (continued) 18. A HIPAA risk assessment can: a. significantly reduce exposure to HIPAA fines and penalties b. guarantee that no whistleblower suits will be filed c. prevent state attorneys general from filing actions on behalf of residents d. eliminate the possibility of an OCR audit 19. HIPAA violations can lead to: a. administrative penalties b. civil penalties c. criminal penalties d. corrective action plans e. all of the above 20. OCR audit process includes the following: a. 30 to 90 days notice before a site visit b. site visit c. interviews with key personnel e. none of the above 12

14 Discussion Questions 1. Explain why many HIPAA violations are preventable. 2. Describe the benefits of a HIPAA risk assessment. 3. Describe how you might combine a HIPAA risk assessment with a mock OCR audit. 4. Describe the possible consequences of a HIPAA violation. 5. Discuss the OCR audit process. 6. Describe the importance of training and updating HIPAA policies, procedures and forms in terms of HIPAA compliance. 7. Discuss the level of internal effort required to attain and maintain HIPAA compliance. 8. Discuss the necessity for a HIPAA risk assessment and how a mock OCR audit might help prepare a Covered Entity for an external HIPAA review. 9. Discuss whether the Covered Entity should form a risk assessment/ocr audit response team. 10. Discuss what leadership personnel should be responsible for HIPAA compliance in the Covered Entity. 13

15 Answer Sheet Pre Test Post Test 1. T d 2. T a 3. F d 4. F a 5. T d 6. T d 7. T d 8. T d 9. T d 10. F d 11. F d 12. T d 13. F d 14. F e 15. F e 16. T d 17. T d 18. F a 19. T e 20. T d 14

16 Resource Advisor JAMES M. BARCLAY Received his bachelor of science degree from the University of Florida and his JD from Florida State University. He has worked with HIPAA privacy and security since their inception and has advised healthcare clients about HIPAA compliance. He has written and lectured about HIPAA issues extensively. NEVCO video educational programs are prepared using specific criteria designed by National Educational Video, Inc. All educational programs are coordinated and reviewed under the direction of the NEVCO Director of Education, who is a master s prepared nurse. 15

17 References HIPAA Administrative Simplification. U.S. Department of Health and Human Services, Office of Civil Rights OCR Audit Protocols. U.S. Department of Health and Human Services, Office of Civil Rights. Retrieved from website: Guide for Conducting HIPAA Risk Assessments, Information Security. NIST special publication , U.S. Department of Commerce, National Institute of Standards and Technology, September OCR HIPAA Enforcement. U.S. Department of Health and Human Services, Office of Civil Rights. Retrieved from website: 16

18 Participant Evaluation of Objectives Please evaluate this program by circling the number that best represents how well this program met the following objectives: 4=Excellent 3=Good 2=Average 1=Poor 1. Usefulness of HIPAA violation examples Understand HIPAA administrative, civil and criminal penalties Understand benefits of HIPAA risk assessment Understanding processes of OCR audit and HIPAA risk assessment 5. Learning immediate steps to reduce or eliminate common HIPAA violations Learning preventability of many HIPAA violations Understand importance of training and ongoing reviews in HIPAA compliance 8. Understanding levels of Covered Entity effort involved with HIPAA compliance 9. Understanding how a HIPAA risk assessment can reduce or eliminate HIPAA violations 10. Understanding how a mock OCR audit and a HIPAA risk assessment dovetail Do you feel you met your personal objectives? Time required to complete this program minutes COMMENTS: Please return this form to the facilitator who distributed the learning materials. Thank you!!! 17

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

INTRODUCTION TO HIPAA COMPLIANCE UNDERSTAND YOUR PATHWAY TO HIPAA COMPLIANCE

INTRODUCTION TO HIPAA COMPLIANCE UNDERSTAND YOUR PATHWAY TO HIPAA COMPLIANCE INTRODUCTION TO HIPAA COMPLIANCE UNDERSTAND YOUR PATHWAY TO HIPAA COMPLIANCE INTRODUCTION TO HIPAA COMPLIANCE 2 ABOUT HIPAA COMPLIANCE Health Insurance Portability and Accountability Act (HIPAA) compliance

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

The Facts About Advanced Directives. Leader s Guide

The Facts About Advanced Directives. Leader s Guide 4548 The Facts About Advanced Directives Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS ACCREDITATION INFORMATION TARGET AUDIENCE These 13 webinar sessions, taught

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

2016 OCR AUDIT E-BOOK

2016 OCR AUDIT E-BOOK !! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

what your business needs to do about the new HIPAA rules

what your business needs to do about the new HIPAA rules what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Building Trust and Confidence in Healthcare Information. How TrustNet Helps Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

What Virginia s Free Clinics Need to Know About HIPAA and HITECH What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability

More information

View the Replay on YouTube

View the Replay on YouTube View the Replay on YouTube Privacy Implications of Texas HB 300: What Should You Be Doing Now? FairWarning Executive Webinar Series December 18, 2012 Agenda Privacy Implications of Texas HB 300: What Should

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

HIPAA Overview. 3. Security Standards Standards developed to protect electronic protected health

HIPAA Overview. 3. Security Standards Standards developed to protect electronic protected health HIPAA Overview HISTORY OF HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was submitted to Congress in 1992 as part of Public Law 104-191. The underlying purpose of HIPAA

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

HIPAA Enforcement Training for State Attorneys General

HIPAA Enforcement Training for State Attorneys General : State Attorneys General Enforcement of Federal Health Privacy Law HIPAA Enforcement Training for State Attorneys General Module Introduction : Introduction This module of the HIPAA Enforcement Training

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

Somansa Data Security and Regulatory Compliance for Healthcare

Somansa Data Security and Regulatory Compliance for Healthcare Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

HIPAA Privacy Summary Kelly McLendon, RHIA

HIPAA Privacy Summary Kelly McLendon, RHIA HIPAA Privacy Summary Kelly McLendon, RHIA This document is intended to summarize the latest HIPAA Privacy Rules in a format that is understandable by record managers and all of the stakeholders of protected

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose

2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Dr. Mark Burns, FNP, RN Dr. Nadine Connor, FNP, RN Dr. Colleen Morgan, CNL, RN

Dr. Mark Burns, FNP, RN Dr. Nadine Connor, FNP, RN Dr. Colleen Morgan, CNL, RN Dr. Mark Burns, FNP, RN Dr. Nadine Connor, FNP, RN Dr. Colleen Morgan, CNL, RN Objectives for Teaching HIPAA By the end of this presentation you will be able to: Define HIPAA Explain the historical background

More information

Privacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol

Privacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol Privacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol 1 Learning Objectives Understand Privacy and Security Requirements Understand the new OCR audit protocol Learn how to prepare

More information

Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300)

Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Ricky Link, Coalfire ISACA North Texas and IIA Fort Worth Chapters The Petroleum Club of Fort Worth March 4, 2014 1 About Coalfire Coalfire

More information

OCR Update. HIPAA Summit West September 20, Michael F. Kruley and Michael Leoz HHS Office for Civil Rights

OCR Update. HIPAA Summit West September 20, Michael F. Kruley and Michael Leoz HHS Office for Civil Rights Office of the Secretary Office for Civil Rights () Update HIPAA Summit West September 20, 2011 Michael F. Kruley and Michael Leoz HHS Office for Civil Rights REGULATORY STATUS Status of Regulatory Activities

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

HIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13

HIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized

More information

BNA s Health Law Reporter

BNA s Health Law Reporter BNA s Health Law Reporter Reproduced with permission from BNA s Health Law Reporter, 20 HLR 1272, 08/18/2011. Copyright 2011 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com HHS

More information

OCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013

OCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013 ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

General HIPAA Implementation FAQ

General HIPAA Implementation FAQ General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,

More information

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

Business Associate Management Methodology

Business Associate Management Methodology Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

What Is A Geriatric Care Manager? Leader s Guide

What Is A Geriatric Care Manager? Leader s Guide 4552 What Is A Geriatric Care Manager? Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS ACCREDITATION INFORMATION TARGET AUDIENCE These 13 webinar sessions, taught

More information

Our Commitment to Information Security

Our Commitment to Information Security Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

The benefits you need... from the name you know and trust

The benefits you need... from the name you know and trust The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices

More information

HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply

HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and

More information

Use, Disclosure, and Access Policy & Procedure Compliance Tools: What 2016 OCR Audit Protocols Require

Use, Disclosure, and Access Policy & Procedure Compliance Tools: What 2016 OCR Audit Protocols Require Use, Disclosure, and Access Policy & Procedure Compliance Tools: What 2016 OCR Audit Protocols Require by Edward D. Jones III CEO, Cornichon Healthcare Select, LLC June 23, 2016 Presented In HIPAA Integrity

More information

Georgia Regional Academic Community Health Information Exchange (GRAChIE) Breach Notification Policy Effective Date: May, 2012 Revision Date: New

Georgia Regional Academic Community Health Information Exchange (GRAChIE) Breach Notification Policy Effective Date: May, 2012 Revision Date: New Objective The objective of this policy is to provide guidance for breach notification by Georgia Regional Academic Community Health Information Exchange (hereafter referred to as GRAChIE) when unauthorized

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit Setting the Health Care Table: Politics, Economics, Health November 20-22, 2013 Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,

More information

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

White Paper #6. Privacy and Security

White Paper #6. Privacy and Security The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

HIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC

HIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC HIPAA Summit March 10, 2011 Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC The Secretary shall provide for periodic audits to ensure that covered entities and business associates

More information

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164]

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164] GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164] OCR HIPAA Privacy The following overview provides answers to

More information

SECURETexas Health Information Privacy & Security Certification Program FAQs

SECURETexas Health Information Privacy & Security Certification Program FAQs What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare

More information

ERP Software HIPAA Concerns for Health Care Providers

ERP Software HIPAA Concerns for Health Care Providers Research Paper ERP Software HIPAA Concerns for Health Care Providers December 17, 2014 Updated 12/21/2014 Prepared by Tad W. Remington 1, CMA 1 LinkedIn, Tad W. Remington profile, http://www.linkedin.com/pub/tad

More information

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project Privacy & Security Matters: Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as Kennedy-Kassebaum Act Legislation

More information

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)

More information

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) Use and Disclosure of PHI: Protected Health Information ( PHI ) may not be used or disclosed in violation of the Health Insurance

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and Provided by Benefits By Choice HIPAA Rules: Privacy, Security and Electronic Data Interchange The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad federal law regarding health

More information

Key HITECH & Omnibus Rule Challenges Enforcement: Thinking Like OCR Audits, Audits & More Audits Hot Issues for 2015 Wrap Up

Key HITECH & Omnibus Rule Challenges Enforcement: Thinking Like OCR Audits, Audits & More Audits Hot Issues for 2015 Wrap Up David Holtzman, JD CIPP/G Vice President for Compliance CynergisTek, Inc. 1 Vice President, Compliance, CynergisTek, Inc. Subject matter expert in policy and compliance issues involving the HIPAA Privacy,

More information