ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
|
|
- Marlene Copeland
- 8 years ago
- Views:
Transcription
1 ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1
2 Introduction Welcome to Privacy and Security Training course. This course will help you understand and apply AHCIPA s Privacy and Security policies and procedures. 2 2
3 HIPAA Law(s) Health Insurance Portability and Accountability Act of Public Law The law requires each person who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards. The Privacy Rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). The Health Information Technology for Economic and Clinical Health Act, abbreviated HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub.L ). 3 3
4 HIPAA Law(s) Continued The HITECH Act requires entities covered to report data breaches, which affect 500 or more persons, to US Dept. Health Human Services, The news media, and To the people affected by the data breaches. On November 30, 2009, the regulations associated with the enhancements to HIPAA enforcement took effect. 4 4
5 HIPAA Law(s) Continued Final Omnibus Rule Became effective on March 26, 2013 Enhanced a patient s privacy protections Provided individuals new rights to their health information, and Strengthened the government s ability to enforce the law. 5 5
6 Protected and Confidential Information Everyone is responsible to make sure: We use the Protected Information about the individuals appropriately Protect that information as required by HIPAA and St. of California laws and regulations applicable to the health care industry And by our contracts with our customers, such as health plans 6 6
7 Officers The Privacy Officer serves to oversee the integration of privacy compliance, data protection, and privacy incident management. The Security Officer serves to oversee the establishment, implementation and management of an Information Security Program. This includes creating, administering, and overseeing policies and procedures to ensure the prevention, detection, containment, and correction of security breaches. 7 7
8 Who Does HIPAA Apply to? Covered Entities A covered entity is a health plan, health care clearinghouse, and a health care provider who transmits any health information in electronic form in connection with a transaction. 8 8
9 Types of Information to Protect Protected Health Information (PHI) is individually identifiable and is subject to laws and regulations which place legal restrictions on what can or cannot be done with the information. PHI (including demographics) relates to: Health care/medical claim data An individual s health condition Health records, protected health information (PHI) Personally identifiable information (PII) Social Security Numbers Payment for such care Financial Information Health plan member enrollment and demographic information 9 9
10 Types of Information to Protect Personally Identifiable Information (PII) is a combination of one or more of the following data elements: First name or last name Social Security Number Driver s License Number or State Identification Card Number Account Number, Credit Card or Debit Card Number in combination with any required security code, access code, or password that would permit access to an individual s financial account. PHI & PII can be in any form: Oral/Written/Electronic 10 10
11 USES AND DISCLOSURES 11 11
12 When can PHI be shared without an Authorization? For PHI and ephi (electronic), many accesses, uses, and disclosures within AHCIPA may be permitted for purposes of Treatment, Payment, and Health Care Operations (TPO). The Privacy Rule permits a covered entity to use and disclose protected health information for TPO without restriction or the individuals consent (an authorized disclosure)
13 When can PHI be shared without an Authorization? Treatment means the provision, coordination, or management of health care and related services by one or more health care providers, including coordination of care by a provider with a third party, consultations between providers, and referrals to other providers. Payment means activities undertaken by a health care provider or a health plan to obtain or provide reimbursement for health care
14 When can PHI be shared without an Authorization? Health Care Operations refers to activities operationally undertaken by health plans, health care providers and clearinghouses, including: Quality assessment and improvement activities Case management and coordination of care Credentialing Conducting or arranging for medical review and auditing functions Business planning, business management and general administration 14 14
15 When can PHI be shared without an Authorization? Generally, if the access, use, and/or disclosure is not permitted under TPO, then PHI and PII can only be used or disclosed if the individual or authorized representative has given written authorization. Before accessing, using, or disclosing Protected Information, you must determine whether you are permitted to do so in that particular situation. If you have questions contact the IPA s Privacy Officer
16 Other Authorized Disclosures Disclosures to Business Associates Disclosures to Brokers, Agents and Consultants Disclosures to Law Enforcement and Public Health Disclosure of abuse, neglect, and domestic violence to a state or local authority, as required or permitted by law Disclosure of PHI to law enforcement, but only if the request is accompanied by a court order Disclosure of PHI to health oversight agencies Disclosures related to legal actions, if the information has been requested in a court order or the information has been requested by means of a subpoena 16 16
17 Other Authorized Disclosures Continued Disclosure of PHI to coroners, medical examiners and funeral directors Disclosure of PHI to organ procurement agencies Disclosure of PHI for purposes of Research Disclosure of PHI needed to prevent or lessen a serious or imminent threat to the health or safety of a person or the public Disclosures to Family Members, Relatives and Close Personal Friends
18 Accounting of Disclosures Upon written request, an individual has the right to receive a written accounting of certain disclosures of PHI made by AHCIPA spanning a period of up to 6 years. The identity of a person making a request for an accounting of disclosures of PHI must be authenticated. AHCIPA tracks disclosure of PHI/PII other than for the purposes of TPO. Any request for PHI/PII, other than for the purpose of TPO, must be authorized by the Privacy Office
19 Authorization for Disclosure of PHI/PII An individual may provide a written authorization for the release of information. The authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, other than TPO, or to disclose protected health information to a third party specified by the individual. An individual can revoke their authorization at any time. 19
20 Marketing and Use of PHI/PII AHCIPA may generally use and disclose PHI for purposes of Marketing upon receipt of an authorization from any individual whose PHI may be used or disclosed for such purposes. In certain instances, however, AHCIPA may not be required to obtain an authorization from affected individuals
21 INDIVIDUAL RIGHTS 21 21
22 Members Right to Inspect and Copy PHI Individuals have the right to inspect and obtain a copy and request amendment of medical information used to make decisions about their care and billing information. Individuals have the right to access and request that AHCIPA amend PHI/PII in the Designated Record Set (DRS)
23 Members Right to Confidential Communications AHCIPA must permit individuals to request and must accommodate reasonable requests by individuals to receive communications of PHI by alternative means and/or at alternative locations. Also, AHCIPA accommodate an individual request concerning health care communications regarding certain sensitive services to be sent to an alternate address if the individual had, has, or will receive services that fall under the new law s definition of sensitive services. Sensitive Services - Types of services in which a member could feel are potentially embarrassing, if disclosed
24 ADMINISTRATIVE REQUIREMENTS 24 24
25 Privacy Safeguards AHCIPA must have appropriate administrative, technical, and physical safeguards in place to protect the privacy of PHI/PII. All employees and contractors are required to maintain physical, technical, and administrative safeguards of systems and tools to ensure the security and availability of confidential information or PHI
26 Improper Use or Disclosure The risk of organizational or member harm includes: Identity theft Embarrassment Loss of goodwill Payment of penalties and fines Negative impact to the company s business and reputation Personal liability of employees and contractors Criminal penalties A breach of contract 26 26
27 Rules To Protect Information It is critical to safeguard physical property and information technology systems
28 Physical Security Physical security means that we do not let unauthorized people into our facilities and that we keep our tools and documents containing PHI secure. Wear your photo identification badge at all times. Keep your desk clean! Make sure documents and other protected materials are securely stored. Paper documents containing PHI or confidential information should be discarded in a secure destruction container
29 Information Security Desktop and laptop security means that we do not let unauthorized people use our computers and that we secure our computers appropriately when we are away from our work station. Information security means that we protect systems containing data with strong passwords and only send data outside of our system using appropriate and secure (encrypted) processes
30 Computer Desktop/Laptop Security Rules You may not install or store unauthorized computer applications and material (games, music, data, etc.) on company-provided information technology systems. Always use Ctrl+Alt+Del and select Lock Computer when leaving your desk. Never leave your laptop in your car or somewhere unattended or unsecured. The use of removable storage media (e.g., external hard drives, CDs/DVDs, USB flash/thumb drives or memory cards) is prohibited without a security exception from Information Technology
31 Misdirected Information There are three common ways in which information can be misdirected: Paper Documents Faxing Information ing Information 31 31
32 Paper Documents Ways that misdirected or unattended paper documents might create a privacy incident: Incorrect mailing address Improper disposal of documents Leaving documents unattended 32 32
33 Faxing Information Faxing might create a privacy incident by: Sending a fax to the wrong number Sending a fax without a cover page Sending a fax without verifying that the receiver is available 33 33
34 ing Information ing information might create a privacy or security incident by: Sending an to the wrong person(s), (avoid using Reply All if unnecessary). Sending an externally without using Secure Delivery (encryption) Sending to your home/personal web mail 34 34
35 Reporting Requirements and Incident Management You are required to report an actual or suspected privacy or security incident IMMEDIATELY regardless of how many members are involved. AHCIPA strictly enforces a non-retaliation policy for employees and contractors who, in good faith, report suspected incidents
36 36 Resources for Reporting A Supervisor/Manager The Privacy Officer at: , ext. 350 The Security Officer at: , ext
37 Data Security Risks There are several different types of attacks to manipulate people into performing actions or divulging confidential information. Phishing Whale Phishing Spear Phishing Pretexting Trojan Horse 37 37
38 Data Security Risks Continued Phishing is the activity of defrauding an online account holder of financial information by posing as a legitimate company. Typically, the messages appear to come from well-known Web sites. Whale Phishing (Whaling) describes a phishing attempt where the target is a wealthy individual or senior leadership of an organization. Spear Phishing describes a phishing attempt that targets a specific organization seeking unauthorized access to confidential data. These attempts are not typically initiated by random hackers, but are more likely to be conducted by perpetrators out for financial gain or trade secrets
39 Data Security Risks Continued Pretexting is when an individual lies or tells a phony story to obtain privileged data. Pretexting often involves a scam where the liar pretends to need information. After establishing trust with the targeted individual, the pretexter might ask a series of questions designed to confirm key individual identifiers such as the individual s Social Security Number, mother s maiden name, place or date of birth, or account number. Trojan Horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. A Trojan Horse may be widely redistributed as part of a computer virus
40 40 Consequences of HIPAA Breaches The Department of Health and Human Services Officer of Civil Rights health information privacy rights of members who participate in Federal Healthcare Programs. Their duties include: investigations, voluntary dispute resolution, technical assistance, and enforcement. New York and Presbyterian Hospital and Columbia University- Data breach results in $4.8 million HIPAA settlements: disclosure of the ephi of 6,800 individuals, including patient status, vital signs, medications, and laboratory results. QCA Health Plan, Inc., of Arkansas- Stolen Laptops Lead to Important HIPAA Settlements in the amount of $1,725,220. Affinity Health Plan, Inc. settlement agreement resulted in a payment of $1,215,780 for impermissibly disclosing the PHI of up to 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives. 40
41 Consequences of HIPAA Breaches OCR compliance issues investigated most are, in order of frequency: 1. Impermissible uses and disclosures of protected health information; 2. Lack of safeguards of protected health information; 3. Lack of patient access to their protected health information; 4. Lack of administrative safeguards of electronic protected health information; and 5. Use or disclosure of more than the minimum necessary protected health information
42 Consequences of HIPAA Breaches The OCR may impose Civil Monetary Penalties for violations in the amount of: 1. Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation. 2. The HIPAA violation had a reasonable cause and was not due to willful neglect. 3. The HIPAA violation was due to willful neglect but the violation was corrected within the required time period. 4. The HIPAA violation was due to willful neglect and was not corrected. $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year. $1,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year. $10,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year. $50,000 or more for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year
43 Consequences of HIPAA Breaches Criminal penalties: Tier Unknowingly or with reasonable cause Under false pretenses For personal gain or malicious reasons Potential jail sentence Up to one year Up to five years Up to ten years 43 43
HIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationNOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC.
NOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationPrivacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA
Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationNotice of Privacy Practices
Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationDETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan
DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationUnderstanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule
Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability
More informationHIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act
HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and
More informationHIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule
HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why
More informationNOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationHIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014 Introduction The HIPAA Privacy Rule establishes the conditions under which Covered Entities
More informationCompliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians
Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationMetropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
More informationUNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
More informationHIPAA Privacy and Security
HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationGetting Hip to the HIPAA and HITECH Act Compliance
Getting Hip to the HIPAA and HITECH Act Compliance NaNotchka M. Chumley, D.O., M.P.H. Family Medicine Physician Los Angeles, CA Integrating Global Trade & Logistic and Cybersecurity Westin St. Francis,
More informationDetailed Notice of Privacy Practices Effective Date: September 20, 2013
Detailed Notice of Privacy Practices Effective Date: September 20, 2013 Purpose of This Notice: This Notice describes your legal rights, advises you of our privacy practices, and lets you know how Butler
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationHIPAA Employee Training Guide. Revision Date: April 11, 2015
HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationReporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationHIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act.
HIPAA/ HITECH HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT Health Information Technology for Economic and Clinical Health Act Revised 4/4/14 1 Your Accountability Quality Care Compliance Reputation
More informationPopulation Health Management Program Notice of Privacy Practices
Population Health Management Program Notice of Privacy Practices Premier Health provides population health management services to its health plan members. Services include wellness program tools and technology,
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationGenworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES
Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationHIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.
HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationHIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.
HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September
More informationIntroduction to HIPAA Privacy
Introduction to HIPAA Privacy is published by HCPro, Inc. Copyright 2003 HCPro, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, in any
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationBy the end of this course you will demonstrate:
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
More informationGuilford Medical Associates, P.A.
Page 1 Guilford Medical Associates, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE
More informationThe Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More informationHIPAA in an Omnibus World. Presented by
HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationHIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the
More informationNC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
More informationDepartment of Health and Human Services Policy ADMN 004, Attachment A
WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationThe Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationNotice of Privacy Practices
Notice of Privacy Practices THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationHIPAA Orientation. Health Insurance Portability and Accountability Act
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
More informationSarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995
Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY
More informationHIPAA: Privacy/Info Security
HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationNOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES
SCHOOL DISTRICT OF BLACK RIVER FALLS 523.5 Exhibit NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how
More informationACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES
ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective
More informationHIPAA initially went into effect April 14, 2003. HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.
HIPAA Health Insurance Portability and Accountability Act HIPAA initially went into effect April 14, 2003 HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationHIPAA Update Focus on Breach Prevention
HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationHealth Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.
More informationTexas Medical Records Privacy Act
A COALFIRE PERSPECTIVE Texas Medical Records Privacy Act Texas House Bill 300 (HB 300) Rick Dakin, CEO & Co-Founder Rick Link, Director Andrew Hicks, Director Overview The State of Texas has pushed ahead
More informationPrivacy Compliance Health Occupations Students
Privacy Compliance Health Occupations Students Health Occupations Students The information in this power point is the same information provided to new SCHS caregivers at their orientation. We cannot stress
More informationAdd a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual.
HIPAA/HITECH Policies and Procedures Please read this in its entirety. Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. Give a copy of this to all staff to read and ask
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationCompliance Training for Medicare Programs Version 1.0 2/22/2013
Compliance Training for Medicare Programs Version 1.0 2/22/2013 Independence Blue Cross is an independent licensee of the Blue Cross and Blue Shield Association. 1 The Compliance Program Setting standards
More informationACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information
NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides
More informationPopulation Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.
Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc. Piedmont WellStar HealthPlans, Inc. (PWHP) provides population health management services to its
More informationState of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY
State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services Bureau
More informationPROTECTING PATIENT PRIVACY and INFORMATION SECURITY
PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,
More informationPopulation Health Management Program Notice of Privacy Practices from Evolent Health
Population Health Management Program Notice of Privacy Practices from Evolent Health MedStar Health, Inc., a Maryland not-for-profit corporation, has contracted with Evolent Health, Inc., a Delaware corporation
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationHIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012
HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More information