California Orthopaedic Association Annual Meeting April 18, 2013 Don St. Jacques SVP, Business Development/Client Services
|
|
- Melanie Miles
- 8 years ago
- Views:
Transcription
1 Tips for Keeping Electronic Medical Records Secure s/Communications with Claims Adjusters/Electronic Claims and Update for Electronically Submitting Workers Compensation Claims California Orthopaedic Association Annual Meeting April 18, 2013 Don St. Jacques SVP, Business Development/Client Services
2 Jopari Solutions, Inc. A technology leader in establishing end to end connectivity for the Workers Compensation industry, including ebilling, epayment, and Portal solutions Actively involved in standards and regulatory development on a State and Federal level Supporting advocacy programs such as today, to assist the medical community with education and planning to engage in ebilling Well-established partnerships with many of the leading Practice and Revenue Cycle Management Systems and Clearinghouses, Portal Systems, as well as most of the major WC payers and Bill Review platforms
3 Agenda topics Summary Overview HIPAA Security and Privacy Top 2012 Security Breaches HITECH Penalties & Fines Key HIPAA PHI Access and Transmission Requirements HIPAA Compliance Tips for Secure s/ Medical Records Communications with Claims Adjusters/Electronic Claims Update for Electronically Submitting Workers Compensation Claims Questions
4 What are the Major HIPAA Compliance Areas? Privacy Requirements Notices, Authorizations and Consents Accounting of Disclosures Business Associates Breach Notification Security Requirements Physical, Technical and Administrative Safeguards Business Associates Risk Assessment and Compliance Programming Business Associate Changes Breach Notification Other Requirements
5
6 HIPAA in the News Feds Go to Court to Collect First-Ever Fine for HIPAA Violations Featured in Health Business Daily, Aug. 18, 2011, and in Government News of the Week, In February, the Office for Civil Rights imposed a $4.3 million fine on a Maryland medical group that had refused to honor 41 patients requests for their medical records Text Message Use Among Providers Raise HIPAA Concerns Written by Joyce McLaughlin, JD, Senior Counsel, Davis & Wilkerson,August 11, 2011, As the possibilities for electronic communication continue to expand with great speed, use of the technology by hospital employees and physicians without adequate security can expose your facility to HIPAA violations. The increasing use of cell phones and texting Medical Billing Firm Says Personal Information Leaked to Theft Ring December 3, 2012 Advanced Data Processing said that an employee improperly accessed individual account data in the company's ambulance billing system and leaked the information to a theft ring. The worker has admitted to the crime and has been fired 9 Patients' Identities Stolen in Emory Read Healthcare Data Breach Written by Sabrina more: Rodak October 25, les/2012/12/3/medical-billing-firm- Nine patients says-personal-information-leaked-to- theft-ring.aspx#ixzz2lmpz9bx2 of Emory Healthcare's orthopedic clinic in Tucker, Ga., have had fraudulent tax returns filed in their name, according to a Channel 2 report. The nine patients were among 32 Emory orthopedic clinic patients whose hospital bills were stolen in April
7 Source: urenow.com/index.p hp/blog/
8 Location of Breach September December % 16% 16% 1% 2% 25% Computer Electronic Medical Record Laptop Network Server Other Other Portable Devices Paper 7% 8 10%
9 Top 2012 Data Breaches Source: health-data-breach-report-breakdown/
10 HITECH s New Fines and Civil Penalties Significant increase to the penalties for noncompliance of HIPAA s Privacy and Security Rules as well as HITECH provisions. New penalties are effective for violations that occur after February 17, There is no overall cap on civil monetary penalties under HITECH. 10
11 HITECH New Civil Penalties Under HIPAA, criminal penalties are defined as wrongful disclosure of individually identifiable health information. The definition was enhanced to state that an individual may be subject to criminal penalties if a person knowingly obtains and discloses PHI in violation of HIPAA and/or the HITECH privacy and security provisions. Penalties are the following: Tier Fine Imprisonment Knowing Misuse Up to $50,000 Up to 1 year Knowing Misuse under false pretenses Knowing Misuse with intent to sell, transfer, or use PHI for commercial advantage, personal gain or malicious intent Up to $100,000 Up to $250,000 Up to 5 years Up to 10 years
12 ECH Fines for Breaches Tiers Tier A Did not know Per Violation Minimum Per Violation Maximum Max per Calendar Year per Violation $100 $50,000 $1,500,000 Tier B Reasonable Cause Tier C Willful Neglect Corrected Tier D Willful Neglect Not Corrected $1,000 $50,000 $1,500,000 $10,000 $50,000 $1,500,000 $50,000 $1,500,000 $1,500,000
13 Social Networking The Need to Control is Now
14
15 What s the Focus of the Security Rule There are 4 distinct parts to the Security Rule: 1. Administrative Safeguards are administrative actions, including the establishment of policies and procedures, to manage the activities needed to establish security measures that protect ephi. 2. Physical Safeguards are physical measures and policies and procedures, including policies and procedures, to protect electronic information systems and related buildings and equipment from natural and environmental hazards and unauthorized intrusion. 3. Technical Safeguards are the technology, including policies and procedures for its use, that protect ephi and control access to it. 4. Organizational Safeguards are arrangements made between organizations to protect ephi, including Business Associate Agreements.
16 Access Control 45 C.F.R (a)(1) Standard: Access Control. (i)access Control -Section (a)(1) -Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec (a)(4). : Implementation Specifications : (iv)encryption and Decryption. (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.
17 Transmission Security 45 C.F.R (e)(1)Standard: Transmission Security. (i)transmission Security -Section (e)(1) -Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. Implementation Specifications: (ii)encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
18 HHS & OCR Compliance Guidelines Two methodologies to secure PHI by making it unusable, unreadable or indecipherable to unauthorized persons: - Encryption -Destruction May be used to secure data in four commonly recognized data states: - data in motion -data at rest - data in use - data disposed
19 Encryption Guidance Based on NIST and FIPS For data at rest NIST Special Publication , Guide to Storage Encryption Technologies for End User Devices. For data in motion Federal Information Processing Standards NIST Website Reference:
20 HIPAA Compliant Checklist Do you ever Patients? Y /N Do you ever patients PHI ( protected health information )? Y/N Do your patients sign a consent form before you send them ?
21 HIPAA Checklist You need a patient's written consent before sending them . A good consent form will (1) explain the risks of communicating via , (2) explain how and why the provider will use , (3) explain what a patient should do to safeguard his or her computer, and (4) get the patient's signature by way of approval The AMA, OCR and other resources provider " consent form" templates that you can customize for your practice. It also can't hurt to have your lawyer review the form before you start using it. Also, be sure that you have a documented procedure to follow to add/remove patients from your system when they give you (or revoke) consent.
22 HIPAA Checklist Do you other healthcare providers about treatments, diagnoses, test results, or other PHI? Y/N Do you have a written policy that tells employees what they are allowed to send via ? Y/N
23 HIPAA Checklist You need to have a policy about appropriate staff use of . Your policy should define which addresses and devices should be used to send PHI, what information should never be sent via (e.g., mental health and substance abuse info), and who they are allowed to (patients, other providers, etc.).
24 HIPAA Checklist Do you have a privacy message that is appended to the bottom of every outgoing ? Y/N You need to have a privacy statement that is automatically appended to the end of every outgoing . Your statement reminds recipients that is inherently insecure, states that the is privileged and confidential, and tells the recipient who to contact if they are not the right person. Speak with your / IT provider - they should be able to set this up for you
25 HIPAA Checklist How do you send and receive s that contain sensitive info like diagnoses, treatments, and tests? From within our Electronic Health Records (EHR) system Using Microsoft Outlook Using another program installed on my computer (e.g., Thunderbird, Windows Mail ) Using my iphone, ipad, Android device, etc. By logging on to an online service like Gmail, Yahoo Mail, Hotmail, etc. By using a dedicated secure service Other:
26 HIPAA Checklist Does your system automatically scan outgoing s for PHI and then send them securely? If you're using to send and receive PHI, you need to consider adding a Data Loss Prevention (DLP) system. Data Loss Prevention systems automatically scan your outbound for things like social security numbers, member ID numbers, and medical information. When it finds these, it either alerts the sender or sends the message via secure . We strongly recommend that you train your staff aggressively on the proper use of secure . Without the second-check of a DLP system in place, you're taking it on faith that everyone is sending PHI via secure .
27 HIPAA References HIPAA Academy HHS Health Information Privacy: Breach Notification Final Rule Update. update.html Federal Register August 24, CFR Parts 160 and 164 Breach Notification for Unsecured Protected Health Information; Interim Final Rule HHS Health Information Privacy: Breach Notification Rule ml HHS HIPAA Enforcement AHIMA E-Alert October 20 - OIG releases HIPAA compliance Target areas
28 Status Update Workers Compensation ebilling California DWC regulations required Employers to be able to accept medical bills and attachments electronically as of October 18, 2012 Payer participation has been relatively high, albeit smaller payers or employers handling their own WC claims may still not be ready Overall provider traffic has been steadily increasing
29 WC Industry Medical EDI Perception Electronic Data Interchange d i g i t a l Health Care Provider Insurance Carrier Used with permission from the Texas DWC s 2008 ebill Stakeholder Meeting 29
30 Medical EDI Connectivity - Reality Provider /PMS/Billing Services Payers ebill Agents Clearinghouses Used with permission from the Texas DWC s 2008 ebill Stakeholder Meeting 30
31 ebill / eremit / EFT compliance activities All lines Legislation EFT Pending Activity No Activity Confidential and Proprietary Mitchell International, Inc.
32 Regulatory/Jurisdictional Adoption Jurisdictions Adopted IAIABC Guidelines Workers compensation e- bill legislation Workers compensation e- bill activity/discussions- Jurisdiction EDI Health Care Discussion-* Illinois X X-Effective Date 6/30/2012 Louisiana X X-Effective Date 7/1/2013 North Carolina X X Oregon X X X X California X X-Effective Date 10/18/2012 Texas X- Revised 2011 X Effective Date 1/1/2008 Minnesota X Effective Date 7/1/2009 Georgia X X Effective Date 7/1/2011 New Mexico X X Effective Date 1/1/14 X South Carolina X New Mexico X X Effective Date 1/1/14 X Tennessee X Florida X New Jersey X- P&C-auto Connecticut X X New Hampshire X X Utah X X Colorado X X Delaware X X Kentucky X Maine X Nebraska X-HIE effort to include WC X Additional States that are engaged in HIE activity are looking at initiatives to include WC- will follow up with information. * The list is based on state survey information from the IAIABC, AMA as well as from State HealthCare Information Exchanges that have presented at WEDI.
33
34 Resources and Contacts American Medical Association (AMA) Workers Compensation ebill Toolkit Jopari Solutions: or Don St. Jacques, SVP-Business Development & Client Services Jennifer Nereu, Manager, Provider and Remittance Management Products
35 Questions
36 Thank you!
HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients
HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and
More informationNew HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010
New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationThursday, March 28, 2013 2:00-3:00 PM ET
Property and Casualty Electronic Medical Bill (ebill) Subworkgroup- Bringing Automation into the Property & Casualty Industry: Overview of ebilling and How it Works Thursday, March 28, 2013 2:00-3:00 PM
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationHIPAA Email Compliance & Privacy. What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationHIPAA & HITECH AND THE DISCOVERY PROCESS
HIPAA & HITECH AND THE DISCOVERY PROCESS HEATHER L. HUGHES, J.D. U.S. Legal Support, Inc. 363 North Sam Houston Parkway East, Suite 900 Houston, Texas 77060 (713) 653-7100 State Bar of Texas 8 th ANNUAL
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationHealthcare Compliance Solutions
Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human
More informationUnderstanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule
Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationUNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHow To Understand And Understand The Benefits Of A Health Insurance Risk Assessment
4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,
More informationElectronic Billing, EFT and other EDI Initiatives for Workers Compensation
Electronic Billing, EFT and other EDI Initiatives for Workers Compensation Presentation to North Carolina MGMA Workers Compensation Committee September 10, 2014 Don St. Jacques, SVP Business Development
More informationM E M O R A N D U M. Definitions
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
More informationwhat your business needs to do about the new HIPAA rules
what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationSecurity Compliance, Vendor Questions, a Word on Encryption
Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org
More informationPRIVACY REGULATIONS FOR BEHAVIORAL HEALTH PROVIDERS WHAT YOU NEED TO KNOW
PRIVACY REGULATIONS FOR BEHAVIORAL HEALTH PROVIDERS WHAT YOU NEED TO KNOW September 10, 2013 AGENDA The Changing Privacy Climate Overlapping Laws & Regulations Health Insurance Portability & Accountability
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationPC Encryption Regulatory Compliance
PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy SOLUTION BRIEF Table of Contents Personal Information at Risk... 1 Legislating the threat Three New Categories of Law...
More informationHIPAA Security Compliance Reviews
HIPAA Security Compliance Reviews Elizabeth S. Holland, MPA Office of E-Health Standards and Services Centers for Medicare & Medicaid Services U.S. Department of Health and Human Services 1 2 What is HIPAA?
More informationPresented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com
Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationHIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS
HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationHealthcare Compliance Solutions
Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationBusiness Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule
Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationHHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI
January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationBarnes & Thornburg LLP HIPAA Update: HITECH Act Breach Notification Rule
HEALTHCARE October 2009 Barnes & Thornburg LLP HIPAA Update: HITECH Act Breach Notification Rule This HIPAA Update provides a detailed description of the new breach notification requirements for HIPAA
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More informationHIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule
HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationDisclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
More informationNACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA. March 2010
NACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA March 2010 Prepared By: Marisa Guevara and Marcie H. Zakheim Feldesman Tucker Leifer Fidell, LLP 2001
More informationBuilding Trust and Confidence in Healthcare Information. How TrustNet Helps
Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationSomansa Data Security and Regulatory Compliance for Healthcare
Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationReporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
More informationHackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common
Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass
More informationELECTRONIC HEALTH RECORDS
ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability
More informationImplications of HIPAA Requirements on Healthcare Payment Processing
Implications of HIPAA Requirements on Healthcare Payment Processing Linda M Wolverton Vice President, Compliance, TEAMHealth Lynne Pearson Vice President, National Healthcare Treasury Management Fifth
More informationBREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS
BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License
More informationHealth Homes Implementation Series: NYeC Privacy and Security Toolkit. 16 February 2012
Health Homes Implementation Series: NYeC Privacy and Security Toolkit 16 February 2012 1 Agenda What are the New York ehealth Collaborative (NYeC) and the Regional Extension Center? What are Health Homes?
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationOCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013
ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationHIPAA Compliance and the Protection of Patient Health Information
HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance
More informationViolation Become a Privacy Breach? Agenda
How Does a HIPAA Violation Become a Privacy Breach? Karen Voiles, MBA, CHC, CHPC, CHRC Senior Managing Consultant, Compliance Agenda Differentiating between HIPAA violation and reportable breach Best practices
More informationTexas Medical Records Privacy Act (a.k.a. Texas House Bill 300)
Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Ricky Link, Coalfire ISACA North Texas and IIA Fort Worth Chapters The Petroleum Club of Fort Worth March 4, 2014 1 About Coalfire Coalfire
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationSECURITY RISK ASSESSMENT SUMMARY
Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected
More informationSolutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson
Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the
More informationEnsuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services
Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability
More informationHIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act
HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and
More informationHIPAA COMPLIANCE AND
INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery
More informationUpdates on HITECH and State Breach Notification and Security Requirements Robin Campbell
Who s Afraid Of A Big Bad Breach?: Updates on HITECH and State Breach Notification and Security Requirements Robin Campbell Overview Identifying the laws that protect personal information and protected
More informationHIPAA Final Rule Changes
HIPAA Final Rule Changes What you need to know and do now Presented by Lucy A. Homans, Ed.D WSPA Director of Professional Affairs Prepared by the APA Practice Organization Introduction January 2013: U.S.
More informationHIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.
HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationHIPAA Education Level One For Volunteers & Observers
UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act
More informationC.T. Hellmuth & Associates, Inc.
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur
More informationHIPAA BREACH NOTIFICATION REQUIREMENTS. Heman A. Marshall, III July 25, 2014
1 HIPAA BREACH NOTIFICATION REQUIREMENTS Heman A. Marshall, III July 25, 2014 2 SCENARIO FOR VBA SUMMER MEETING The Medical Marijuana Growers Association (MMGA) Health Plan, which is a self-fund plan,
More information