Understanding HIPAA Regulations and How They Impact Your Organization!
|
|
- Jessie Phelps
- 8 years ago
- Views:
Transcription
1 Understanding HIPAA Regulations and How They Impact Your Organization! Presented by: HealthInfoNet & Systems Engineering! April 25 th 2013!
2 Introductions! Todd Rogow Director of IT HealthInfoNet Adam Victor Director of Operations Systems Engineering 2!
3 What is HealthInfoNet?! HealthInfoNet operates Maine s statewide health information exchange (HIE), a secure, standardized electronic system where providers can share important patient health information.! The use of this system:! Saves time and reduces paperwork! Facilitates more informed treatment decision-making! Leads to improved care coordination, higher quality of care, and better health outcomes!
4 Clinical Exchange Highlights! Hospitals Connected: 34 Hospitals Under Contract: All 38 within Maine Practices Connected: ~400 Others Connected: 2 Long-term Care, 3 Home Health Agencies and 15 Behavioral Health Organizations Individual Lives with Records in the HIE: 1,175,749 Patient s who have opted-out: 1% HIE user accounts: 7,284 User Logins: 1,781 patient lookup & 463 unique users per week Patient Crossover: 64% 4!
5 HIPAA Trivia! What does HIPAA stand for? ü Health Insurance Portability and Accountability Act When did HIPAA start? ü 1996 What is the maximum penalty for a single HIPAA violation? ü $1.5 million per violation category per calendar year 5!
6 Agenda! HIPAA Review Compliance Requirements Omnibus Rule Recommendations/Best Practices Q/A 6!
7 HIPAA Review! The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations (the "Privacy Rule" Dec and the "Security Rule Feb. 2003) protect the privacy of an individual s health information and govern the way certain health care providers and benefits plans collect, maintain, use and disclose protected health information ( PHI ). 7!
8 What is the Privacy Rule?! Establishes national standards to protect individuals medical records and other personal health information. Requires safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. 8!
9 What is the Security Rule?! Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity. 9!
10 Personal Health Information (PHI)! PHI includes all individually identifiable health information (including information in research databases and tissue bank samples with identifiers) relating to the:! Past, present, or future physical or mental condition of an individual! Provision of health care to an individual! Past, present or future payment for the provision of health care to an individual! 10!
11 PHI Eighteen Identifiers! Name! Address -- street address, city, county, zip code (more than 3 digits) or other geographic codes! Dates directly related to patient! Telephone Number! Fax Number! addresses! Social Security Number! Medical Record Number! Health Plan Beneficiary Number! Account Number! Certificate/License Number! Any vehicle identifier! Any device identifier! Web URL! Internet Protocol (IP) Address! Finger or voice prints! Photographic images! Any other unique identifying number, characteristic, or code (whether generally available in the public realm or not)! 11!
12 PHI Continued! ephi: Data in an electronic format that contains any of the 18 identifiers! This may include but is not limited to the following:! Data stored on the network, internet, or intranet! Data stored on a personal computer or personal digital assistant (e.g. a smartphone)! Data stored on a USB drive, DVD, or other external media! Data stored on your HOME computer! Data utilized for research! 12!
13 Recommendations for Compliance! Keep all files containing PHI protected! Place computer screens so they are not readily visible by people passing by! Use of home computers is not a good idea! Ensure your vendors are in compliance with HIPAA regulations! Eliminate all names and other identifiers when doing presentations including PHI! Don t share subject names and other identifiers in conversations with colleagues outside of your department or lab! Don t send PHI by if at all possible. When necessary, be sure it is encrypted!! 13!
14 Who Is Systems Engineering?! Maine s largest IT Services provider, with over 100 employees serving hundreds of businesses throughout northern New England, including numerous Maine health organizations.! A provider of technical security that provides HIPAA-compliance services and documentation! 14!
15 General HIPAA Security Rules! Ensure confidentiality, integrity, and availability of all ephi you create, receive, maintain, or transmit! Identify/Protect against reasonably anticipated threats or hazards to the security or integrity of ephi! Protect against reasonably anticipated uses or disclosures of ephi! Ensure compliance by your workforce! 15!
16 Risk Analysis/Management! CE s Must Conduct a Risk Analysis as Part of Their Security Management Processes. It includes, but is not limited to:!! Evaluation of likelihood and impact of potential risks to ephi! Implementation of appropriate security measures to address identified risks! Documentation of security measures! Maintenance of continuous, reasonable, and appropriate security protections! 16!
17 Administrative Safeguards! Security Management Process! Based on Risk Analysis! Assigned official responsibility for developing/implementing security policies/procedures.! Information Access Management Appropriate process for role-based access to ephi.! Workforce Training and Management! Training isn t optional.! Sanctions must exist for policy violations.! Evaluation Periodic assessment of how procedures comply with HIPAA!! 17!
18 Physical Safeguards! Facility Access and Control! Limit physical access to necessary individuals! Workstation and Device Security! Policies and procedures to specify proper use of and access to workstations and electronic media.! Policies and procedures regarding the transfer, removal, disposal, and reuse of electronic media.! 18!
19 Technical Safeguards! Access Control Reiterating, only authorized personnel have access to ephi! Audit Controls - CE s must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in systems that contain or use ephi.! Integrity Controls Policies/procedures, along with electronic measures to ensure that ephi is not improperly altered or destroyed.! Transmission Security CE s must implement technical security measures that guard against unauthorized access to electronically transmitted ephi.! 19!
20 9/22/2009 to 07/04/2012! Compliance and Safety LLC! 20!
21 The Omnibus Rule! A volume containing several novels or other items previously published separately.! 21!
22 HIPAA Omnibus Final Rule! Final modifications to the HIPAA Privacy, Security, and Enforcement Rules:!! Make Business Associates of Covered Entities directly liable for compliance with certain aspects of the HIPAA Privacy and Security Rules requirements.! Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization.! Expand individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.!! 22!
23 HIPAA Omnibus Final Rule! Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices.! Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to deceased information by family members or others.! Increased and tiered civil money penalty structure provided by the HITECH Act! Course reversal: Guilty until proven innocent for data breaches! Prohibits most health plans from using or disclosing genetic information for underwriting purposes! 23!
24 The Omnibus Rule! Office of Civil Rights (OCR) Director Leon Rodriguez: These changes not only greatly enhance a patient s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections 24!
25 When Does It Take Effect?! The Omnibus Rules are effective as of March 26, 2013! Effective Date: Date on which a rule or regulation becomes law! All CEs and BAs need to be in full compliance by September 23, 2013! Compliance Date: Date by which all affected entities must comply! 25!
26 Business Associates! Old Rule:! The HIPAA Rules define business associate to mean a person who performs functions or activities on behalf of, or certain services for, a CE that involve the use or disclosure of PHI.! New Rule:! The definition of business associate was modified to include a person who creates, receives, maintains, or transmits PHI on behalf of a CE.! Extends to subcontractors 26!
27 Patient Empowerment! Old Rule: Individuals could request a CE to restrict uses or disclosures of their PHI. But, CEs were not required to agree to such restrictions. If the CE did agree, however, than they were required to abide by the restriction. New Rule: Individuals can request a restriction on disclosure of PHI to a health plan and the CE must agree if the restriction applies to PHI that pertains solely to a health care item or service for which the health care provider has been paid out of pocket in full (unless such disclosure is otherwise required by law). 27!
28 Breach Notification! Previously, CEs and BAs were required to perform a risk assessment to determine if there was a significant risk of harm to the individual as a result of the impermissible use or disclosure. Now, an impermissible use or disclosure of PHI is presumed to be a breach unless the CE or BA demonstrates that there is a low probability that the PHI has been compromised. Unless the PHI was unreadable or undecipherable 28!
29 Enforcement! Largest HIPAA fine: $4.3M against Cignet Health in MD in February 2011 ($3M was for willful neglect)! HIPAA jail time: In April 2010 Dr. Huping Zhou of UCLA Health System was sentenced to 4 months in prison! Smallest provider enforcement: In April 2012, a practice owned by 2 physicians paid $100,000 to settle HIPAA violations! 29!
30 Enforcement!!!! Violation! Penalty! Max Calendar Year! Did Not Know! $100 - $50,000! $1,500,000! Reasonable Cause! $1,000 - $50,000! $1,500,000! Willful Neglect (Corrected)! Willful Neglect! (Not Corrected)! $10,000 - $50,000! $1,500,000! $50,000! $1,500,000! A CE or BA may be liable for multiple violations of multiple requirements, and a violation of each requirement may be counted separately.! A CE or BA may be subject to multiple violations of up to a $1.5 million cap for each violation, which would result in a total penalty above $1.5 million.! 30!
31 Suggested Next Steps! Update Notice of Privacy Practices! Review and identify all Business Associates and update Business Associate Agreements! Update breach notification policies and procedures! Develop and train employees on new policies (patient requested PHI restrictions, breach notification, etc.)! Review and update authorization and other forms as necessary! 31!
32 Recommendations! All EHRs will need to be encrypted at rest to be certified in 2014! Encrypt your office computers using a free software, TrueCrypt: Evaluate your technology posture, and seek assistance where necessary! 32!
33 Helpful Resources! For more information on Privacy/Security, go to provider section at: HealthInfoNet s Website:! Sample Risk Assessment! Sample Policy and Procedures Templates! Privacy and Security Guide! Omnibus Press Release: Omnibus Final Rule: pdf BAA Sample Language: coveredentities/contractprov.html 33!
34 Helpful Webinar! HIT "ASK THE EXPERTS" ROUNDTABLE WEBINAR SERIES! HIPAA Rules Have Changed: Are You Ready?! HIPAA covered entities and business associates have until September 23, 2013, to become compliant with changes to the Privacy and Security Rules.! Join us on Thursday, May 9 at 12N to learn about the modifications to the HIPAA law, including:! What are the Key Changes Under the Omnibus Rule?! Who do the Changes Affect?! What Action is Required?! What's at Stake?! What are the Mechanisms for Minimizing the Risk of HIPAA Liability?! ABOUT OUR SPEAKER: Kathleen Healy, a Partner with the law firm Verrill Dana! 34!
35 Questions?! 35!
36 Contact Information! Todd Rogow, Director of IT, HealthInfoNet! HealthInfoNet Website: Adam Victor, Director of Operations, Systems Engineering, Inc.! Systems Engineering Website: 36!
Presented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com
HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationTHE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE
THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE The Speakers Cinda Velasco Attorney, Manager, Privacy Officer Patient Safety and Risk Management Trish Lugtu Senior Manager MMIC
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationOCR UPDATE Breach Notification Rule & Business Associates (BA)
OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationHIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS
HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS James J. Eischen, Jr., Esq. November 2013 San Diego, California JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher & Mack, LLP 26+ years of experience
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationProtecting Patient Information in an Electronic Environment- New HIPAA Requirements
Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act of 1996
What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationKey HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences
Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationTools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits
Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer
More informationHHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule
JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On
More informationHIPAA in an Omnibus World. Presented by
HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationM E M O R A N D U M. Definitions
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
More informationHIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )
HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationHIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013
HIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013 Federal and Texas Privacy & Security Requirements Minimizing Your Risk of Violations DISCLAIMER The information contained in this document
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationLegislative & Regulatory Information
Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy
More informationPrivacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:
HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationLessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit. Iliana L. Peters, J.D., LL.M. April 23, 2014
Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit Iliana L. Peters, J.D., LL.M. April 23, 2014 OCR RULEMAKING UPDATE What s Done? What s to Come? What s Done: Interim Final Rules
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationHIPAA/HITECH: A Guide for IT Service Providers
HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationInformation Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationHIPAA WEBINAR HANDOUT
HIPAA WEBINAR HANDOUT OCR Enforcement Tools Voluntary corrective action Resolution Agreement and Payment CMPs Referral to DOJ for criminal investigation Resolution Agreements Contract signed by HHS and
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationThe HIPAA Audit Program
The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance
More informationOCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA
Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationHIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.
HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationDeveloping HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant
Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationHIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule
HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why
More informationBreaches. Complying with the HIPAA Omnibus Final Rule. Important Definitions. Protected Health Information Includes HIPAA PRIVACY 3/2/2014
Breaches Complying with the HIPAA Omnibus Final Rule You Can Be Successful! Advocate Medical Group in Chicago had 4 desktop computers taken in a burglary that contained the personal information of over
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationCreating Stable Security & Compliance Relationships
Creating Stable Security & Compliance Relationships David Holtzman JD, CIPP/G VP, Compliance CynergisTek, Inc. James Wieland JD Principal Ober Kaler Welcome The slides for today s webinar are available
More informationHealthcare Compliance Solutions
Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human
More informationHHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI
January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationSaaS. Business Associate Agreement
SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationHIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationOFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)
Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract
More informationHIPAA Update Focus on Breach Prevention
HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process
More informationHIPAA Training Study Guide July 2015 June 2016
Contents HIPAA Overview... 2 Who must comply?... 2 Privacy Standard... 3 Protected Health Information (PHI)... 3 Minimum Necessary Rule... 4 Requests for PHI... 5 Acceptable PHI Releases... 5 Special Circumstances...
More informationImplementation Business Associates and Breach Notification
Implementation Business Associates and Breach Notification Tony Brooks, CISA, CRISC, Tony.Brooks@horne-llp.com Clay J. Countryman, Esq., Clay.Countryman@bswllp.com Stephen M. Angelette, Esq., Stephen.Angelette@bswllp.com
More informationSECURITY RISK ASSESSMENT SUMMARY
Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected
More informationBusiness Associate Considerations for the HIE Under the Omnibus Final Rule
Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is
More informationSurviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell. Topics Covered Part One. Topics Covered Part Two.
Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell President & CEO Carosh Compliance Solutions & Liz Mayer, RHIA Director, Organizational Integrity HCI Care Services and VNS
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More informationYou Probably Don t Even Know
You Probably Don t Even Know That You Need To Comply With HIPAA In Collaboration With: About ERM About The Speaker Stephen Siegel, Esq., Of Counsel, Broad and Cassel Board Certified Health Law Over 25
More information