HIPAA in an Omnibus World. Presented by

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HIPAA in an Omnibus World. Presented by"

Transcription

1 HIPAA in an Omnibus World Presented by

2 HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters you should consult with your own legal counsel or advisors. HITECH Compliance Associates are not attorneys and do not have an attorney on staff. All recommendations, procedures, etc. are made by HITECH.HIPAA certified specialists and conform to the standards as outlined by the National Institute for Standards and Technology, HHS, CMS and OCR.

3 Known by Many Names The Omnibus Rule The HIPAA MegaRule of 2013 The Final Rule This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. Leon Rodriguez, Director Office of Civil Rights

4 Published in the Federal Register on January 25, Took effect on March 26, Compliance required on September 23, 2013.

5 The Omnibus Rule is comprised of the following 4 rules: 1. Final modifications to the HIPAA regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the HIPAA rules; 2. Final rule adopting changes to the HIPAA Enforcement Rule; 3. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act; and 4. Final rule modifying the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act of 2008 (GINA).

6 Why Should I Take Compliance Seriously Now? OCR Director Rodriguez was clear in his statement yesterday: "This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient's privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates."

7 1 2 3 Avoid Willful Neglect Know & Comply with Patient s Privacy Rights Avoid Breach of 500 Records

8 Willful Neglect means conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated.

9 Willful Neglect 1. Not Performing Risk Assessments on a Regular Basis 2. Not Having a Complete Set of Policies and Procedures a. Privacy Rule b. Security Rule 3. Not Training Your Staff on Your Policies and Procedures

10 RISK ANALYSIS (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]. In the words of the OCR In Summary, Risk analysis is the first step in an organization s Security Rule compliance efforts. Risk analysis is an ongoing process that should provide the organization with a detailed understanding of the risks to the confidentiality, integrity, and availability of e-phi.

11 Five Elements of Risk Analysis (Risk Assessment) 1. Identify and characterize the assets that need protection, including the databases, the applications, etc. 2. Analyzing the relevant threat data focusing on what could adversely affect the assets (ephi) in this case. 3. Modeling the potential losses that could result from the threat actually materializing. 4. Finding the existing vulnerabilities in the current security situation that would increase the odds of the loss actually occurring. 5. Developing appropriate controls to reduce potential loss, reduce existing vulnerabilities and make sure the controls are cost effective.

12 Top Myths of Security Risk Analysis Security Risk Analysis is optional for small providers. Simply installing a certified EHR fulfills the security risk analysis MU requirement. A checklist will suffice for the risk analysis requirement. My security risk analysis only needs to look at my EHR.

13 Privacy Rule Since 2003 Security Rule Since 2005

14 These Are Your Patient s Rights Every Patient Complaint That Comes Into The HHS/OCR Web Site Is Investigated. Over 77,000 In The Past 10 Years.

15 Access to Protected Health Information If an individual requests protected health information that is maintained electronically in a designated record set, the Omnibus Rule provides that the covered entity must provide the individual with electronic access in a form and format requested by the individual, if the information is readily producible in such format. Must also send electronic records if you have the capability to do so. Disclose and document risk accepted..

16 Access to Protected Health Information Faxing and ing of Patient Records

17 Right to REQUEST Amendment The Privacy Rule grants individuals the right to request amendments to their protected health information. If the physician agrees with the request, add an amendment to the record. If the record is deemed to be correct your office can deny this request. You must send the patient a letter stating the reason for the denial. HIPAA gives the patient a right to submit a brief statement of disagreement allowing them to give the reasons they feel their medical records are not accurate or complete.

18 Right to REQUEST Confidential Communications Again, this is a request; however the law states that your practice must accommodate reasonable requests. Without a process in place your office will most likely violate the patient s request and risk a complaint with HHS.

19 Accounting of Disclosures Patients have the right to receive an accounting of disclosures, for the past 3 years. You are not required to provide disclosures for payment, treatment or healthcare operations. These are considered routine disclosures. However you must track and disclose upon request nonroutine disclosures such as state mandated reporting, tissue donation purposes, disclosures required by law (victims of crime, gunshot wounds, court ordered warrant, faxing information to the wrong location and any disclosure of patient information outside of need to know.

20 Request For Restrictions Restriction requests made by patients should be honored when possible, but are not required under HIPAA.

21 Request For Restrictions Covered entities must agree to restrict disclosures of protected health information about the individual if the disclosure is for payment or healthcare operations purposes, is not required by law, and the protected health information pertains solely to a healthcare item or service for which the individual, or someone on the individual's behalf other than the health plan, has paid the covered entity in full. Questions?? Must keep records hidden from chart review. Patient must sign new request each visit. How do you share files without risking exposure?

22 Notice of Privacy Practices The Privacy Rule identifies certain information that must be included in a covered entity s NPP, including a statement advising individuals that any use or disclosure of PHI other than those permitted by the Privacy Rule will be made only with written authorization of the individual, and that the individual has the right to revoke an authorization.

23 Notice of Privacy Practices Fundraising. If the covered entity uses PHI for fundraising, its NPP must inform individuals that they have the right to opt out of fundraising solicitations and explain the process for the opt-out right. Marketing. Covered entities NPP now must contain a statement indicating that uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI require an individual s written authorization. Use or Disclosure of Psychotherapy Notes. The NPP must inform the individual that an authorization is required if the covered entity intends to use or disclose psychotherapy notes. Breach Notice. The NPP must inform individuals of the covered entity s obligation to notify them following a breach of their unsecured protected health information. Right to Request Restrictions for Disclosures Related to Self-Payment. The NPP must include a statement that the covered entity is required to comply with a request not to disclose health information to a health plan for treatment where the individual has paid in full out-of-pocket for a health care item or service.

24 Notice of Privacy Practices Post Notice of Privacy Practices You May Post Summary of Privacy Practices Only if the full copy is nearby. OCR states it is too burdensome to have the patient request a copy from the receptionist.

25 The Minimum Necessary Standard, is a key protection of the HIPAA Privacy Rule. It is based on accessing or disclosing protected health information only when it is medically necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities and business associates evaluate their practices to enhance safeguards that limit unnecessary or inappropriate access to and disclosure of protected health information. Minimum necessary and proper safeguards are required for the incidental disclosure rule.

26 New Limitations On PHI Disclosure Limits on Fundraising and Marketing Fundraising communications must include a clear and conspicuous opportunity to opt out of receiving further communications. Marketing: The financial remuneration received by the covered entity must be reasonably related to the covered entity's costs associated with making the communication. The sale of PHI must have authorization by the patient before being sent.

27

28 The Value of Your Records Medical Identity Theft IRS Tax Refund Fraud Medicare Fraud

29 Culture of Compliance Compliance down to workstation. Regular Patching Reviews Passwords Encryption

30 Mobile Devices Best Practices 4 Digit PIN Wipe after 10 failed passcode attempts Remote wipe capability Never store over 500 text messages with PHI Be Careful with access to EHR (User&Password)

31 ENCRYPTION New Guidelines Option 1 Encrypt all devices. Option 2 Have a documented plan in place to encrypt all devices.

32 Windows XP All Windows XP computers must be upgraded by April 8 th of No more security updates by Microsoft.

33 Do Not Forget About Your Copier Hard Drives. Affinity Health Plan estimated that up to 344,579 individuals may have been affected by this breach. OCR s investigation indicated that Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives. In addition, the investigation revealed that Affinity failed to incorporate the electronic protected health information (ephi) stored on photocopier hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the photocopiers to its leasing agents. In addition to the $1,215,780 payment, the settlement includes a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and to take certain measures to safeguard all ephi.

34 Compliance is Your Ongoing Job. Build a Culture of Compliance within Your Organization. Idaho State University who agreed to pay $400,000 in May stemming from an incident where it disabled its firewall protections for nearly one year, compromising the protected health information of 17,500 patients.

35 Specific to Your Policies and Procedures Role Specific Before Given Access to PHI or ephi Reminders throughout the year. Document

36 OCR HIPAA Audit Findings 1) Systems are not being monitored. 2) Practices are not implementing security measures for mobile devices. 3) Many offices do not meet the HIPAA Security and Privacy Rule requirements, i.e. no Policies and Procedures.

37 Reviewing the EHR Audit Logs Perform Best Effort Attempt to Comply Retain Audit Logs For 6 Years Burden of Proof is Yours Looking for Inappropriate Access Unusual or Suspicious Behavior Start by Defining Your Audit Plan

38 Audit Plan Be Realistic thousands of lines per day Give PHI a Risk Rating based on Possible Harm to Patient Automated Processes v. Random Audits HIPAA Compliance Officer or IT Professional Review Both Internal and External Threats

39 Business Associates Expanded Definition of Business Associates More Agreements. Makes your business associates subcontractors directly liable under HIPAA. You are now fully liable for the actions of business associates acting as your agent. Business Associate Agreements must be updated with the Omnibus changes.

40 Business Associates Some of the many requirements Use and disclose PHI only as permitted or required under BAA or required by law; Expressly prohibited from using or disclosing PHI in a manner that would violate the Privacy Rule if done by a covered entity; Must disclose only the minimum necessary PHI; Must take reasonable steps to cure a subcontractor's breach; Must track for Accounting of Disclosures.

41 Business Associates By September 23, 2013, BUSINESS ASSOCIATES MUST Perform a risk assessment Have a risk management plan in place Breach notification compliance program Contingency Plan in place Have a set of Security & Privacy policies and procedures Designate a Security Officer Enter into written contracts with subcontractors (BAA) & CEs Train, train, train With Documentation of all the above.

42 Questions for Business Associates How critical is the business associate to my organization? Do I have an updated agreement in place with each business associate? Has our organization performed due diligence to ensure our business associate is HIPAA compliant. Does the business associate have an incident detection and management process? What are the legal and contractual requirements for offshore business associates and sub-contractors?

43 Breach There is a default presumption that an acquisition, access, use of disclosure of PHI that violates the Privacy Rule is a Breach. Even a suspected breach, is an actual breach, until such time as the entity performs a security risk assessment to determine that there is a low probability of compromise.

44 Breach You must now perform a Risk Assessment for each breach you do not report to the patient and HHS. The focus of the risk assessment is no longer on the harm to the patient but whether the information has been compromised. The burden of proof is clearly on the covered entity. If it cannot be clearly determined that there is a low probability the information has been compromised, the covered entity has to treat it as a breach.

45 Breach Risk Assessment Required Four factors that must be considered in a risk assessment used to determine whether protected health information has been compromised are set forth in the definition of a "breach" (new version of 45 CFR ) and include: 1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification. 2. The unauthorized person who used the protected health information or to whom the disclosure was made. 3. Whether the protected health information was actually acquired or viewed. 4. The extent to which the risk to the protected health information has been mitigated.

46 Breach Common Causes of Small Breaches Misdirected Communications - clinical or claims record of one individual was mistakenly mailed or faxed to another individual. Test results were sent to the wrong patient. Files were attached to the wrong patient record. s were sent to the wrong addresses. Information released to the incorrect patient or person not authorized to receive such information. Glitches in software that incorrectly compiled lists of patient names and contact information. Employee snooping. Improper disposal. Incentive to over-report will be strong.

47 Breach Notification Requirements Covered entities must notify affected individuals of a breach of unsecured protected health information without unreasonable delay and in no case later than 60 calendar days following discovery of the breach. Reports of breaches involving fewer than 500 individuals are due to the Secretary no later than 60 days after the end of the calendar year in which the breaches occurred. 45 CFR Covered entities must notify the Secretary by filling out and electronically submitting a breach report form on the OCR web site at

48 Breach The Office of Civil Rights (OCR) still recognizes that there are situations where an unauthorized use, disclosure, access or acquisition is very inconsequential and may not warrant notification. Covered entities and business associates will have to consider each situation carefully. We expect more guidance on this in the future, however this will lead to more expense, increased breach reporting and additional exposure for your practice to audits and fines.

49 Breach Protect Yourself Now is the time to encrypt everything. We Love Encryption Leon Rodriguez Start with mobile devices, Then Servers and workstations, Don t forget and text messaging.

50 Enforcement The HIPAA Enforcement Rule, 45 CFR Part 160, Subparts C through E, establishes rules regarding enforcement processes, such as the establishment of an amount of the penalty for a violation. The Final Rule clarifies that the HHS Secretary will investigate any complaint where a preliminary review of the facts indicates a possible violation due to willful neglect and also conduct a compliance review with discretion to investigate any other complaints.

51 Enforcement Violation Category CMP For Each Violation Total CMP for Violations of a Identical Provision in a Calendar Year Unknowing $100 $50,000 $1,500,000 Reasonable Cause $1,000 $50,000 $1,500,000 Willful Neglect Corrected $10,000 $50,000 $1,500,000 Willful Neglect Not Corrected At least $50,000 $1,500,000 The Final Rule does not allow violations due to willful neglect to be resolved through informal means without also imposing a CMP.

52 Enforcement Resolution Agreement Between the Office of Civil Rights and Hospice of North Idaho II. Terms and Conditions 7. Payment. HONI agrees to pay HHS the amount of $50,000 (the Resolution Amount ). HONI agrees to pay the Resolution Amount by electronic funds transfer pursuant to written instructions to be provided by HHS. HONI agrees to make this payment on or before the Effective Date of this Agreement. 8. Corrective Action Plan. HONI has entered into and agrees to comply with the Corrective Action Plan (CAP) attached hereto as Exhibit A, which is incorporated into this Agreement by reference. If HONI breaches the CAP, then HONI will be in breach of this Agreement and HHS will not be subject to the terms and conditions in the Release set forth in Paragraph 9 of the Agreement.

53 Enforcement OCR s investigation indicated that the following conduct occurred : (A) HONI did not conduct an accurate and thorough analysis of the risk to the confidentiality of ephi on an on-going basis as part of its security management process from the compliance date of the Security Rule to January 17, (B) HONI did not adequately adopt or implement security measures sufficient to ensure the confidentiality of ephi that it created, maintained, and transmitted using portable devices to a reasonable and appropriate level from the compliance date of the Security Rule to May 1, 2011.

54 Time is of the Essence If you have not done so already, perform the following: 1. Perform a Security Risk Assessment 2. Inventory Business Associates, update Business Associate Agreements and perform due diligence on their HIPAA compliance. 3. Develop and Implement a full set of policies and procedures for the HIPAA Security and Privacy Rules. 4. Train all staff on a yearly basis on HIPAA and patient privacy. 5. Develop a Breach Response Plan using the updated Breach definition. 6. Have a Contingency Plan in place that meets the requirement of the HIPAA Security Rule. 7. Use the proper forms to document all of your HIPAA compliance. 8. Work on your Risk Management Plan weekly.

55 Time is of the Essence Put Special Emphasis On: 1. Business Associates 2. Training 3. Reviewing and reporting on Audit Log activity. 4. Mobile Device Security 5. Encryption

56 HIPAA Is A Cost of Doing Business HHS estimates that these new regulations will cost covered entities and business associates between $114 million and $225.4 million during the first year of implementation, and approximately $14.5 million each year thereafter.

57 The Real Cost of HIPAA Violations Loss of Trust Between You and Your Patients Loss of Reputation.

58 HIPAA Is A Valve, Not A Blockage. Leon Rodriguez, Director Office of Civil Rights.

59 Patient Is At The Top of The Pyramid Do not let security trump patient preference. HIPAA should not get in the way of the best interests of the patient. Patient Leon Rodriguez, Director Office of Civil Rights.

60 Stay Informed More Updates and Guidance Expected in the Near Future. 1. Accounting of Disclosures 2. Bulletins on how to implement the new Breach Reporting

61 We offer full HIPAA Compliance Services and specialize in small practice risk assessments and HIPAA Compliance Products. HITECH Compliance Associates Michael McCoy

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule ) HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative

More information

HIPAA Privacy, Security, Enforcement, and Breach Notification Rules

HIPAA Privacy, Security, Enforcement, and Breach Notification Rules HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Brought To You Today By: + 200 Garden City Plaza, Suite 500 Garden City, NY 11530 Jennifer@kirschenbaumesq.com Presented by: Jennifer

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates

Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates After a very long wait, the Department of Health and Human Services ( HHS ) has issued a final HIPAA/HITECH

More information

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014 HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Presented by: Gina L. Campanella, JD, MHA Rules that Control Privacy A collection of laws and regulations including:

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE The Speakers Cinda Velasco Attorney, Manager, Privacy Officer Patient Safety and Risk Management Trish Lugtu Senior Manager MMIC

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

HIPAA/HITECH Omnibus Final Rule - January 23, 2013

HIPAA/HITECH Omnibus Final Rule - January 23, 2013 HIPAA Omnibus Rule Please note: these slides are intended to provide an overview of general information, not an exhaustive review. No legal advice is being offered or intended. Do not rely on this information

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

Regulatory Changes to HIPAA under HITECH and GINA

Regulatory Changes to HIPAA under HITECH and GINA HIPAA FINAL OMNIBUS RULE Fact Sheet Regulatory Changes to HIPAA under HITECH and GINA The U.S. Department of Health and Human Services released the Health Insurance Portability and Accountability Act (HIPAA)

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

Legislative & Regulatory Information

Legislative & Regulatory Information Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation WHY YOU NEED TO COMPLY. HIPAA UPDATE 2014: WHY AND HOW YOU MUS T C OMPL Y 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its longawaited Omnibus Rule 2 implementing regulations

More information

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why

More information

HIPAA Notice of Privacy Practices - Sample Notice. Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520)

HIPAA Notice of Privacy Practices - Sample Notice. Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520) HIPAA Notice of Privacy Practices - Sample Notice Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520) The information provided in this document does not constitute, and is no substitute

More information

The Institute of Professional Practice, Inc. Business Associate Agreement

The Institute of Professional Practice, Inc. Business Associate Agreement The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

Breach Notification Policy

Breach Notification Policy 1. Breach Notification Team. Breach Notification Policy Ferris State University ( Ferris State ), a hybrid entity with health care components, has established a Breach Notification Team, which consists

More information

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( the Agreement ) is entered into this day of, 20 by and between the Tennessee Chapter of the American Academy of Pediatrics ( Business Associate

More information

FINAL HIPAA HITECH REGULATIONS RELEASED

FINAL HIPAA HITECH REGULATIONS RELEASED FINAL HIPAA HITECH REGULATIONS RELEASED On January 25, 2013, the United States Department of Health and Human Services (HHS) published final regulations implementing changes to the Health Insurance Portability

More information

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

Notice of Privacy Practices. Human Resources Division Employees Benefits Section Notice of Privacy Practices Human Resources Division Employees Benefits Section THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

Breaches, Business Associates and Texting, Oh My! A HIPAA HITECH Update. Overview

Breaches, Business Associates and Texting, Oh My! A HIPAA HITECH Update. Overview Breaches, Business Associates and Texting, Oh My! A HIPAA HITECH Update The Bittinger Law Firm 13500 Sutton Park Drive South Suite 201 Jacksonville, Florida 32224 January 13, 2015 Ann M. Bittinger, Esq.

More information

TTUHSC HIPAA Privacy Changes HITECH Act August 28, 2009

TTUHSC HIPAA Privacy Changes HITECH Act August 28, 2009 New "Defined" Terms Breach; Electronic health record (different from electronic PHI); Personal Health Record (different from PHI); Vendor of Personal Health Records; Unsecured PHI Electronic Health Record

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515 Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 HIPAA NOTICE OF PRIVACY PRACTICES PLEASE REVIEW THIS NOTICE CAREFULLY. IT DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

GUIDE TO PATIENT PRIVACY AND SECURITY RULES AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist

More information

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Talksoft is BA with Covered Entity BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is made this day of, and entered into between, ( Covered Entity ) having its principal place of

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 Orchard Creek Health Care is required by law to maintain the privacy of protected health information (PHI) of our residents. If you feel

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual.

Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. HIPAA/HITECH Policies and Procedures Please read this in its entirety. Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. Give a copy of this to all staff to read and ask

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a

More information