How To Understand The Health Care System In Canada
|
|
- Kelley White
- 3 years ago
- Views:
Transcription
1 Healthcare Interoperability Between Canada and the United States A Presentation to IAPP Canada Privacy Symposium May 9, 2014 Rick Shields - nnovation LLP and Joan Roch Canada Health Infoway 1
2 This is not legal advice... 2
3 Our Agenda Meet the panel EHR backgrounder Canadian health information privacy/security setting What does HIPAA-compliant mean? Buying/selling EHR technology in Canada: Canadianizing the product Canada Health Infoway: Canada s EHR quarterback Q & A 3
4 EHR - What is it? An EHR refers to the systems that make up the secure and private lifetime record of a person s health and health care history. These systems store and share such information as lab results, medication profiles, key clinical reports (e.g., hospital discharge summaries), diagnostic images (e.g., X-rays), and immunization history. The information is available electronically to authorized health care providers. Canada Health Infoway 4
5 EHR A National Plan In Canada, EHR development is being guided by Canada Health Infoway With its partners, Infoway helps accelerate the development, adoption and effective use of digital health solutions across Canada Each jurisdiction has its own EHR Common architecture is accepted across Canada Architecture includes privacy and security requirements Standards resources, tools and education for stakeholders and implementers Infoway Standards Collaborative Canada Health Infoway
6 EHR or EMR? Typically, an EMR is an electronic version of the traditional paper records used to capture patient data Can be quite simple (e.g., geared to a single doctor s office) or more complex (e.g., used by a group medical practice; health facility) A point of service (POS) in the EHR system 6
7 EHR or EMR? an electronic medical record (EMR) is an office-based system that enables a health care professional, such as a family doctor, to record the information gathered during a patient s visit. This information might include a person s weight, blood pressure and clinical information, and would previously have been hand-written and stored in a file folder in a doctor s office. Eventually the EMR will allow the doctor to access information about a patient s complete health record, including information from other health care providers that is stored in the EHR Canada Health Infoway Canada Health Infoway
8 EHR Data Sources EHRs will make personal health information (PHI) from points of service (POS) available to health information custodians/trustees. POS can include: Clinical information systems (CIS)/electronic medical records (EMR) Hospital information systems (HIS) Pharmacy information systems (PIS) Laboratory information systems (LIS) Digital image/picture archiving and communications systems (DI/PACS) 8
9 EHR Architecture Canada Health Infoway
10 Points of care Clinic Homecare Emergency Services Community Care Centre Pharmacy Specialist Clinic Laboratory Hospital Emergency Diagnostic Canada Health Infoway
11 One patient, one record Results and images Patient information Medical alerts Medication history Interactions Problem list Immunization Canada Health Infoway
12 EHR Interoperability Goal is to have systems that are interoperable and that conform with applicable privacy and security standards imposed/suggested by Canadian law/best practices HIPAA-compliant technology is fine, as long as it can meet privacy/security obligations of Canadian customer Many overlaps between US and Canadian privacy and security requirements for PHI 12
13 Canadian PHI Privacy Setting Many laws potentially in play: 7 provincial PHI laws in force (AB, SK, MB, ON, NB, NS and NL); 2 territorial PHI laws passed but not yet in force (YT and NWT); PHI law for PEI introduced April 22, 2014 EHR-specific laws in BC and QC NS law governing international disclosures of PI similar to limitations in BC s FIPPA Provincial/federal public sector laws (all jurisdictions) PIPEDA (note substantial similarity issue) Provincial private sector laws (BC, Alta. and QC) Provincial/territorial health sector laws 13
14 Privacy and health information laws LEGEND Provincial health information laws (deemed substantially similar to PIPEDA) Provincial health information protection laws/provisions Provincial private sector privacy laws (deemed substantially similar to PIPEDA) YK NT NU Federal private sector privacy law ( PIPEDA ) Federal public sector access to information and privacy laws Provincial public sector freedom of information and privacy laws BC AB SK MB QC ON PE NL * ON - Bill 78 second reading November 20, 2013 NB YK - Bill 61 assented December 12, 2013 NS NWT - Bill 4 assented March 13, 2014 PEI - Bill 42 first reading April 22, 2014 April 2014 Canada Health Infoway
15 Canadian PHI Privacy Setting (cont d) Inter-jurisdictional efforts being made to harmonize rules governing electronic PHI, but no uniform law(s) on horizon As result, regional variations exist that can impact relationship between custodian/trustee and technology providers Key is to know and apply relevant laws in jurisdiction(s) in which you operate Privacy/security obligations of technology vendors/agents/ information managers should be established by contract 15
16 US PHI Privacy Rules Focus on federal laws/rules pre-emption of conflicting State laws Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Privacy Rule (2003) as amended The Security Rule (2003) as amended The Enforcement Rule (2006) as amended Privacy section of the Health Information Technology for Economic and Clinical Health Act (HITECH) (2009) The Breach Notification Rule (2009) as amended The Final Omnibus Rule (2013) Complex rules applicable to covered entities and business associates /subcontractors 16
17 Meaning of HIPAA-compliant HIPAA-compliant refers to systems that possess certain administrative, physical and technical features/safeguards as specified in the Rules made under HIPAA/HITECH: Access control (access levels and user roles) Password management Log-in monitoring Unique user identification Automatic logoff 17
18 Meaning of HIPAA-compliant (cont d) Audit logging/reporting Security incident tracking PHI backup/storage Encryption/decryption PHI integrity controls Emergency access procedure Disaster recovery plan Network/transmission security features Facilitated access by individuals to PHI in EHR 18
19 Meaning of HIPAA-compliant (cont d) If processing data for covered entity/business associate: Facility security plan, including facility/system access controls Business associate agreement and downstream agreement with subcontractor(s) Security incident response and reporting process Workforce authorization/clearance, supervision and termination procedures Electronic media re-use/disposal PHI retention, disposal/return processes 19
20 Canadian EHR Contracts In Canada, rules/policies/best practices typically key on same features as those required under HIPAA, so those features should be reflected in contract with vendor But may also want/need to contract for additional features or functionalities: Express consent capture feature Documentation and management of patient privacy preferences and a related data masking/ lock-box feature 20
21 Canadian EHR Contracts (cont d) Capacity to display/print entire patient record chronologically and produce same in readily comprehensible format if requested Jurisdiction-specific retention/disposal controls PHI accuracy/correction/annotation/notification feature Data redaction capability ISO 27002/ISO 27799/ISO conformity Training module(s) 21
22 Canadian EHR Contracts (cont d) Confidentiality acknowledgement/notices at initial log-in, at periodic intervals and/or on printed reports Regional/facility limits on access to PHI within defined user roles Enhanced threat detection/protection features Means of preventing unauthorized copying of PHI to portable media In some jurisdictions (e.g., BC and NS), limits on international disclosure of PHI 22
23 Canadian EHR Contracts (cont d) Interoperability with specified existing/planned jurisdictional EHRs to facilitate PHI transfers Can produce electronic signatures as per applicable Canadian law Audit features that Capture date, time, user identity re. PHI access, input, amendment Preserve original content of record Permit printing of patient-specific audit report that doesn t include other PHI from patient file 23
24 Other Considerations May need to perform/participate in PIA Focus on present and future needs for interoperability with other systems (e.g., EHRs) don t want to have to replace expensive system prematurely Define all key terms e.g., PHI, EMR, EHR, etc. Always confirm ownership and/or control of PHI Address PHI sharing, service levels, installationrelated impacts on operations Lots of guidance materials available: CHI, COACH, CMPA, Commissioners 24
25 Infoway as Quarterback Project Agreements Privacy Impact Assessment policy for Infoway funded programs Certification Services 9 program areas Privacy and security are key components Canada Health Infoway
26 Infoway as Quarterback EHR Blueprint Privacy & Security Requirements 2014 refresh underway Privacy & Security Conceptual Architecture Emerging Technology Group (ETG) Cloud computing 2 papers on mobile computing Big Data Each paper addresses P&S Projects Consent Management solutions Canada Health Infoway
27 Infoway as Quarterback Bringing people together to find potential solutions - The Privacy Forum - The Health Information Privacy Group Privacy and EHR Information Flows in Canada: Common Understandings of the Pan-Canadian Health Information Privacy Group V1 released June 2010 V2 released July 2012 Canada Health Infoway
28 Resources Canada Health Infoway, Electronic Health Records Privacy and Security Requirements; online: Canada Health Infoway, v1.1, 2005, Electronic Health Record Infostructure (EHRi) Privacy and Security Conceptual Architecture; online: Canada Health Infoway, 2008, A Conceptual Privacy Impact Assessment (PIA) on Canada s Electronic Health Record Solution (EHRS) Blueprint Version 2; online: Canada Health Infoway, 2012, Business and Architecture Considerations for Interoperable Consent Solutions A Discussion Document; online: business-and-architecture-considerations-for-interoperableconsent-solutions-a-discussion-document 28
29 Resources Canada Health Infoway, 2012, Privacy and EHR Information Flows in Canada, Version 2; online: 26-privacy-and-ehr-information-flows-in-canada-version-2-0 Canada Health Infoway, 2010, Privacy and EHR Information Flows in Canada, Version 1; online: 6-privacy-and-ehr-information-flows-in-canada Canadian Health Informatics Association (COACH), Putting It into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records: 2013 Guidelines; online: ts/putting-it-into-practice_privacysecurityhealthcareproviders.pdf 29
30 Canadian Medical Protective Association (CMPA), Electronic Records Handbook; online: _handbook-e.pdf Cavoukian, A. & Rossos, P., Personal Health Information: A Practical Tool for Physicians Transitioning from Paper-Based Records to Electronic Health Records; online: Sawatsky, E., Information Sharing Agreements for Disclosure of EHR Data within Canada; online: 30
31 Q & A 31
32 Contact Joan Roch Chief Privacy Strategist Canada Health Infoway Rick Shields Partner nnovation LLP
Privacy and EHR Information Flows in Canada. EHIL Webinar Series. Presented by: Joan Roch, Chief Privacy Strategist, Canada Health Infoway
Privacy and EHR Information Flows in Canada EHIL Webinar Series Presented by: Joan Roch, Chief Privacy Strategist, Canada Health Infoway March 1, 2011 Outline 1. Background 2. Infoway s privacy mandate
More informationThe EHR Agenda in Canada
The EHR Agenda in Canada IHE Workshop June 28, 2005 Dennis Giokas, Chief Technology Officer Agenda Background on Canadian Healthcare System About Canada Health Infoway Interoperable EHR Solution Definitions
More informationPrivacy and Security within an Interoperable EHR
1 Privacy and Security within an Interoperable EHR Stan Ratajczak Director Privacy and Security Solutions Architecture Group November 30, 2005 Electronic Health Information and Privacy Conference Ottawa
More informationFor ONC S&I DS4P. Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012
For ONC S&I DS4P Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012 1 Outline EHR Business Architecture EHR Solution Blueprint EHR Privacy and Security Summary & Conclusion
More informationCanada Health Infoway
Canada Health Infoway EHR s in the Canadian Context June 7, 2005 Mike Sheridan, COO Canada Health Infoway Healthcare Renewal In Canada National Healthcare Priorities A 10-year Plan to Strengthen Healthcare
More informationSOA in the pan-canadian EHR
SOA in the pan-canadian EHR Dennis Giokas Chief Technology Officer Solution Architecture Group Canada Health Infoway Inc. 1 Outline Infoway EHR Solution EHRS Blueprint Approach EHR Standards Oriented Architecture
More information2009 Progress in Comprehensive Care for Rare Blood Disorders Conference
gordon point informatics www.nformatics.com 2009 Progress in Comprehensive Care for Rare Blood Disorders Conference Health Informatics Primer Topics 1. Background 2. Health Informatics 3. EHR, EMR, PHR...
More informationPrivacy & Security Requirements: from EHRs to PHRs
Privacy & Security Requirements: from EHRs to PHRs Oct 28, 2010 Presented by André Carrington, P.Eng, CISSP, CISM, CISA, CIPP/C Director, Implementation, Privacy & Security, SPS Purpose As suggested by
More informationElectronic Health Record (EHR) Privacy and Security Requirements
Draft for discussion Electronic Health Record (EHR) Privacy and Security s Reviewed with Jurisdictions and Providers V1.1 Montreal November 30, 2004 Revised February 7, 2005 Preface This version 1.1 of
More informationBetter Healthcare with Electronic Health Records
Better Healthcare with Electronic Health Records The Nursing Profession s Leadership Role Nurses & Informatics: Transforming Healthcare Conference Toronto, Ontario September 15, 2005 Richard Alvarez, President
More informationSOA in the pan-canadian EHR
SOA in the pan-canadian EHR Dennis Giokas Chief Technology Officer Solutions Products and Group Canada Health Infoway Inc. 1 Outline Infoway EHR Solution EHRS Blueprint Overview Oriented Architecture Business
More informatione-health: Privacy Compliance and the Electronic Health Record
e-health: Privacy Compliance and the Electronic Health Record Paulette Lacroix, RN, MPH, CMC, CIPP/C September 21, 2010 BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 1 What we will cover Overview of the
More informationAnnual Review Breakfast with the Chiefs Vancouver, B.C. April 20, 2006 Richard Alvarez, President and CEO
Annual Review Breakfast with the Chiefs Vancouver, B.C. April 20, 2006 Richard Alvarez, President and CEO Last Year, In Canada 35 million Diagnostic Images 440 million Laboratory Tests 2.8 million Inpatient
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationCanada Health Infoway Update
Canada Health Infoway Update Presentation to North East LHIN ehealth Advisory Committee May 9, 2013 Terry Moore, Executive Regional Director, Canada Health Infoway Canada Health Infoway Created in 2001
More informationSelected Annotated Bibliography Personal Health Information, Privacy and Access
A. National Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 canlii.org/en/ca/laws/stat/sc-2000-c-5/latest/sc-2000-c-5.html Privacy Act, R.S.C. 1985, c. P-21 canlii.org/en/ca/laws/stat/rsc-1985-c-p-21/latest/rsc-1985-c-p-21.html
More informationElectronic Health Record Infostructure (EHRi)
Electronic Health Record Infostructure (EHRi) Privacy and Security Conceptual Architecture Version 1.1 June 2005 Privacy and Security Conceptual Architecture Version 1.1 Copyright 2005 Canada Health Infoway
More informationHealth: Electronic Health Records
Performance Audits 2 Electronic Health Records Summary Nova Scotia is working towards the development of a provincial electronic health record system known as SHARE. The province is participating in and
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationCreating a national electronic health record: The Canada Health Infoway experience
Creating a national electronic health record: The Canada Health Infoway experience Presentation by Dennis Giokas Chief Technology Officer, Canada Health Infoway October 11, 2007 Overview The need for EHR
More informationBLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT
BLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 1 of 29 TABLE OF CONTENTS BLUEPRINT FOR THE...4 Executive Summary...4 FEDERATION OF IDENTITY
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationManitoba s Electronic Health Record Project
Manitoba s Electronic Health Record Project Manitoba Nursing Informatics Association May 17 2010 Presented by: Rick Guerard, Project Director, Electronic Health Record Project Manitoba s Electronic Health
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationHEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS
HEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS KEY HIA CONCEPTS AND PROVISIONS Q. What is the purpose of the legislation? To protect clients personal health information. To set rules on the collection,
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationPan-Canadian Nursing Electronic Health Record (EHR)Business and Functional Elements to Support Clinical Practice
Pan-Canadian Nursing Electronic Health Record (EHR)Business and Functional Elements to Support Clinical Practice Reference Document Canada Health Infoway 2014 Cindy Hollister CNIA July 17, 2014 Webinar
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationHIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationProvincial Forum on Adverse Health Event Management
Provincial Forum on Adverse Health Event Management Using Information Systems for the Management of Adverse Events WORKSHOP 1 Salon B May 26, 2008 WORKSHOP 1 Salon B Using Information Systems for the Management
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationCustomer & Market Analysis. Sample Report (actual data)
Customer & Market Analysis Sample Report (actual data) Introduction This Customer & Market Analysis is intended to provide you with a modeled view of your customers, based on statistical analysis. This
More informationHealthcare Insurance Portability & Accountability Act (HIPAA)
O C T O B E R 2 0 1 3 Healthcare Insurance Portability & Accountability Act (HIPAA) Secure Messaging White Paper This white paper briefly details how HIPAA affects email security for healthcare organizations,
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability
More informationWhat Virginia s Free Clinics Need to Know About HIPAA and HITECH
What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics
More informationEHR as the Platform for Interoperability
EHR as the Platform for Interoperability Introduction: Simon Hagens, Canada Health Infoway Susan Anderson, Orion Health Perry Poulsen, Manitoba ehealth Laura White, Provincial Health Services Authority
More informationCanada Health Infoway Inc. White Paper on Information Governance of the Interoperable Electronic Health Record (EHR)
Canada Health Infoway Inc. White Paper on Information Governance of the Interoperable Electronic Health Record (EHR) March 2007 Document History Date January 2007 March 2007 Description of Revision Original
More informationChapter 2 Standards for EHRs 1 Chapter 2 Content: LO 2.1 Describe EHR Standards History LO 2.2 Identify basic HIPAA regulations LO 2.3 List basic CHI regulations LO 2.4 Summarize IOM s Core Functions LO
More informationPRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES
PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES TABLE OF CONTENTS A. Overview of HIPAA Compliance Program B. General Policies 1. Glossary of Defined Terms Used in HIPAA Policies and Procedures 2. Privacy
More informationHow To Write An Ehr Blueprint
A Blueprint for Digital Health Beyond the EHR Presented by: Ron Parker Group Director Emerging Technologies Canada Health Infoway Inc. ehealth 2014 June 4, 2014 The EHRS Blueprint The EHR Solutions (EHRS)
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More informationInternational HL7 Interoperability Conference - IHIC 2010
International HL7 Interoperability Conference - IHIC 2010 National ehealth Initiatives: Global Health Information Technology Standards Serving Local Needs Building Interoperability across many localities
More informationElectronic Health Records: A Global Perspective. Overview
Electronic Health Records: A Global Perspective Overview Steve Arnold, MD, MS, MBA, CPE Joseph Wagner, MPA, FHIMSS Susan J Hyatt, BSc (PT), MBA Gary M. Klein, MD, MPH, MBA And the Global EHR Task Force
More informationFuture Directions for Digital Health in Canada
Future Directions for Digital Health in Canada ITAC Health Presentation, Trevor Hodge, September 24, 2013 Paths to Better Health 1998 - The Canada Health Infoway report set out a vision for a pan-canadian
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More informationElectronic health records (EHR) landscape in Canada: current state of adoption, benefit and factors driving them
Electronic health records (EHR) landscape in Canada: current state of adoption, benefit and factors driving them Sukirtha Tharmalingam Benefits Realization Leader, Clinical Adoption Acknowledgements: Bobby
More informationTable 1. A description of Canada s public dental health care system
Table 1. A description of Canada s public dental health care system Public delivery Types of care Direct Indirect Preventive Clinical Federal Government finance care for: - Military personnel - Those with
More informationHIPAA Audits and Compliance: What To Expect From Regulators and How to Comply
HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationIdentity Management: Securing Information in the HIPAA Environment
Identity Management: Securing Information in the HIPAA Environment Mark Dixon Chief Identity Officer North American Software Line of Business Sun Microsystems 1 Agenda Challenges we Face Identity and Access
More informationHeadaches and Pitfalls in Business Associate Contract Management
Headaches and Pitfalls in Business Associate Contract Management ISACA Puget Sound Chapter September Monthly Luncheon Meeting September 17, 2013 2013 Christiansen IT Law Presenter CV John R. Christiansen,
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationHosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE
Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationBREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS
BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License
More informationPlease Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax
Please Read This business associate audit questionnaire is part of Apgar & Associates, LLC s healthcare compliance resources, Copyright 2014. This questionnaire should be viewed as a tool to aid in evaluating
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationBig Data, Big Risk? Data Management and Privacy. Presented by: Timothy Banks, Heather Innes, and Colonel Vihar Joshi
Big Data, Big Risk? Data Management and Privacy Presented by: Timothy Banks, Heather Innes, and Colonel Vihar Joshi Data Management & Privacy Compliance Heather Innes Chief Privacy Officer, General Motors
More informationLessons Learned from HIPAA Audits
Lessons Learned from HIPAA Audits October 29, 2012 Tony Brooks, CISA, CRISC Partner - IT Assurance and Risk Services HORNE LLP AGENDA HIPAA/HITECH Regulations Breaches and Fines OCR HIPAA/HITECH Compliance
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationEmpowering Patients and Enabling Providers
Empowering Patients and Enabling Providers WITH HEALTH INFORMATION PRIVACY Terry Callahan - Managing Director Agenda About HIPAAT Provider of consent management and auditing for personal/protected health
More informationPrimary Health Care Measurement in Canada
Primary Health Care Measurement in Canada 2012 Accelerating Primary Care Conference / Tuesday, November 20, 2012 Greg Webster Director, Primary Health Care Information & Clinical Registries gwebster@cihi.ca
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationPrivacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:
HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates
More informationFaster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions
Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More informationHIPAA Email Compliance & Privacy. What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES
ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationTHE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
More informationHIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com
HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions
More informationIdentifying Health Information Management (HIM) to Consumers and other Healthcare Professionals. Sandra Cotton, BA, CHIM
Identifying Health Information Management (HIM) to Consumers and other Healthcare Professionals Sandra Cotton, BA, CHIM Discipline that focuses on health care data and the management of health care information,
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationWHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE
WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from
More informationAlberta Electronic Health Record Regulation Section 5 Framework September 2011 Version 1.1
Alberta Electronic Health Record Regulation Section 5 Framework September 2011 Version 1.1 Acknowledgements The College of Physicians & Surgeons of Alberta thanks the following stakeholders for their valuable
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationUnderstanding HIPAA Regulations and How They Impact Your Organization!
Understanding HIPAA Regulations and How They Impact Your Organization! Presented by: HealthInfoNet & Systems Engineering! April 25 th 2013! Introductions! Todd Rogow Director of IT HealthInfoNet Adam Victor
More informationBusiness Associate Liability Under HIPAA/HITECH
Business Associate Liability Under HIPAA/HITECH Joseph R. McClure, JD, CHP Siemens Healthcare WEDI Security & Privacy SNIP Co-Chair Reece Hirsch, CIPP, Partner Morgan Lewis & Bockius LLP ` Fifth National
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More information4.0 Health Expenditure in the Provinces and Territories
4.0 Health Expenditure in the Provinces and Territories Health expenditure per capita varies among provinces/territories because of different age distributions. xii Population density and geography also
More informationOCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information
OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult
More informationPrivacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual
Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer
More informationTable of Contents. Page 1
Table of Contents Executive Summary... 2 1 CPSA Interests and Roles in ehealth... 4 1.1 CPSA Endorsement of ehealth... 4 1.2 CPSA Vision for ehealth... 5 1.3 Dependencies... 5 2 ehealth Policies and Trends...
More informationTools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits
Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer
More information2010 National Physician Survey :
2010 National Physician Survey : Family Physician Usage of Electronic Medical Records Inese Grava-Gubins, Artem Safarov, Jonas Eriksson College of Family Physicians of Canada CAHSPR, Montreal, May 2012
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More information