Library Guide: HIPAA

Size: px
Start display at page:

Download "Library Guide: HIPAA"

Transcription

1 Library Guide: HIPAA

2 Page 2

3 Table of Contents Overview...2 Course Descriptions: Privacy and Security Library: Business Practices to Protect Personal Health Information (HIPAA05)... 3 HIPAA: General Awareness (HIPAA01) HIPAA Privacy: Role Based Training I Incidental PHI Contact (HIPAA06)... 3 HIPAA Privacy: Role Based Training II Internal Uses of PHI (HIPAA07)...4 HIPAA Privacy: Role Based Training III Uses and Disclosures of PHI (HIPAA08)... 4 HIPAA Privacy: Role Based Training IV Managers, Supervisors and Compliance Staff (HIPAA09)... 4 HIPAA: Privacy Standards (HIPAA02)... 5 Information Security (HIPAA10)...5 Page 1

4 Overview: UL EduNeering and our Subject Matter Experts have considerable experience with the practical application of privacy and security laws and regulations, and we provide training as required by Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. Our staff includes regulatory compliance experts, instructional design professionals, software engineers, and information technology specialists. We also partner with nationally-recognized experts and work closely with federal government regulators. In 2009, US Department of Health and Human Services (HHS) Secretary Kathleen Sebelius transferred responsibility for HIPAA security oversight to the Office of Civil Rights (OCR). OCR already had responsibility for HIPAA privacy, underscoring the link between privacy and security. The latest HIPAA requirements were embedded into the Health Information Technology for Economic and Clinical Health (HITECH) portion of the American Recovery and Reinvestment Act (ARRA). The HIPAA Privacy and Security Library consists of three primary components: general training, specialized training for persons interested in greater detail, and training on an organization s own policies and procedures. Please Note: As with all UL instructional materials, you can customize the existing courses by incorporating your own company or site-specific information. Page 2

5 Course Descriptions: Listed Alphabetically Business Practices to Protect Personal Health Information (HIPAA05) This course provides all employees and associates with knowledge of the privacy and security practices for health plans as required by the Health Insurance Portability and Accountability Act (HIPAA) of This course includes updated requirements that were included in the Health Information Technology for Economic and Clinical Health Act (HITECH). Employees will learn the basic principles of health information privacy and security, how they impact the organization and how they apply to everyday work situations. The course also covers patients rights under HIPAA and the consequences for violating privacy and security practices. After completing this course, you will know the basics of our privacy and security practices. More importantly, you will know your roles and responsibilities related to health information. HIPAA: General Awareness (HIPAA01) This course is fully customizable to reflect company or even site-specific information. Employees will learn about the Privacy and Security Standards as well as the Data Standardization rules. Employees will explore HIPAA s impact on their organization and understand how the legislation affects their everyday work activities. After completing this course, you will be able to identify the goals of HIPAA and its Administrative Simplification provisions. You will also be able to identify entities covered under the law and know how the law is enforced. Most importantly, you will be able to identify the key privacy and security requirements that apply to the use and disclosure of protected health information (PHI). HIPAA Privacy: Role Based Training I Incidental PHI Contact (HIPAA06) This course is designed for employees who do not access Protected Health Information (PHI) as part of their regular duties, but need to know what they should do when they do come into contact with PHI. After completing this course, you will be able to apply HIPAA s privacy requirements to situations you are likely to experience. Prerequisite: Before taking this course, learners should complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards Page 3

6 HIPAA Privacy: Role Based Training II Internal Uses of PHI (HIPAA07) This course is designed for employees who are authorized to use PHI as part of their regular duties. After completing this course, you will be able to apply HIPAA s privacy requirements to situations you encounter every day. Prerequisite: Before taking this course, learners should complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards HIPAA Privacy: Role Based Training III Uses and Disclosures of PHI (HIPAA08) This course is designed for employees who are authorized to request, use and disclose Protected Health Information (PHI) as part of their regular duties. After completing this course, learners will be able to apply HIPAA s privacy requirements to situations they encounter every day. After completing this course, you will be able to apply HIPAA s privacy requirements to situations you encounter every day. Prerequisite: Before taking this course, learners must complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards HIPAA Privacy: Role Based Training IV Managers, Supervisors and Compliance Staff (HIPAA09) This course is designed for HIPAA privacy officials, supporting HIPAA compliance staff, and managers, including those who have additional compliance responsibilities, such as ownership of Protected Health Information (PHI) sources or information application and system purchases. After completing this course, learners will be able to apply HIPAA s privacy requirements to situations they encounter every day. Prerequisite: Before taking this course, learners should complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards After completing this course, you will be able to apply HIPAA s privacy requirements to situations in which your experience and knowledge are required to ensure compliance. Page 4

7 HIPAA: Privacy Standards (HIPAA02) This course gives an in-depth look at the Privacy Standards included in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and discusses what these regulations mean for health plans doing business in the United States. This course includes updated requirements that are included in the Health Information Technology for Economic and Clinical Health Act (HITECH). It provides a closer look at the use and disclosure of protected health information and also educates users on identifying when an individual s permission is required and what type of permission is necessary. The course also explains the concept of minimum necessary and how it affects use and disclosure of Protected Health Information (PHI). A discussion of the individual rights that provide members and patients greater control over their health information is also covered. After completing this course, you will be familiar with the rules governing the use and disclosure of protected health information (PHI). You will be able to identify when an individual s permission is required and what type of permission is necessary. You will also be able to define the minimum necessary provision and recognize how it affects our use and disclosure of PHI. Finally, you will be able to identify individual rights specified in the Privacy Standards that allow health plan members greater control over their health information. Information Security (HIPAA10) This course discusses each requirement under the HIPAA Security Standard as well as requirements under other regulations and security guidelines. Information security is critical for any business, and it is the law for Health Care organizations. Through engaging scenarios and interactions, this course trains all employees and associates on the basics required before they begin work, including protection from viruses and other malicious software, password management and use, workstation security and location, and security reminders. More advanced topics are also covered, such as incident reporting and response, emergency measures, security, media controls, and how to select a new password. After completing this course, you will be familiar with the security policies, procedures, and controls that are a part of our daily business routine. You will also be able to identify and respond to suspected security breaches. This course addresses security training for all management and staff, and presents Health Care industry current practices as outlined by the HIPAA regulations, implemented by the Centers for Medicare and Medicaid Services (CMS) CSR rules, supported by the National Institutes for Standards and Technology (NIST) guidelines, and developed by a leading industry/government workgroup and other industry standards groups. Page 5

8 About UL EduNeering UL EduNeering is a business line within UL Life & Health s Business Unit. UL is a global independent safety science company offering expertise across five key strategic businesses: Life & Health, Product Safety, Environment, Verification Services and Enterprise Services. UL EduNeering develops technology-driven solutions to help organizations mitigate risks, improve business performance and establish qualification and training programs through a proprietary, cloud-based platform, ComplianceWire. For more than 30 years, UL has served corporate and government customers in the Life Science, Health Care, Energy and Industrial sectors. Our global quality and compliance management approach integrates ComplianceWire, training content and advisory services, enabling clients to align learning strategies with their quality and compliance objectives. Since 1999, under a unique partnership with the FDA s Office of Regulatory Affairs (ORA), UL has provided the online training, documentation tracking and 21 CFR Part 11-validated platform for ORA-U, the FDA s virtual university. Additionally, UL maintains exclusive partnerships with leading regulatory and industry trade organizations, including AdvaMed, the Drug Information Association, the Personal Care Products Council and the Duke Clinical Research Institute. 202 Carnegie Center Suite 301 Princeton, NJ UL and the UL logo are trademarks of UL LLC uleduneering.com LG/122713/HC

LIBRARY GUIDE: Pharmaceutical Sales & Marketing

LIBRARY GUIDE: Pharmaceutical Sales & Marketing LIBRARY GUIDE: Pharmaceutical Sales & Marketing Page 2 Pharmaceutical Sales and Marketing Course Library Table of Contents: Courses Listed by Functional Area... 4 Basics of the PhRMA Code (PHSM01)...5

More information

Custom Course Development Services

Custom Course Development Services Custom Course Development Services Turn Your Training into a Competitive Advantage Other than your people, your organization s greatest competitive advantage resides in your unique processes, systems and

More information

Best Practices for Deploying a Learning Management System

Best Practices for Deploying a Learning Management System Best Practices for Deploying a Learning Management System Best Practices for Deploying a Learning Management System As many of today s regulated companies continue to expand globally and focus on outsourcing

More information

Clinical Training Management

Clinical Training Management Clinical Training Management Learning and Compliance for Clinical Research Helping to Fuel the Growth of CROs and Service Providers According to clinical researcher CenterWatch, the FDA and global regulatory

More information

Learning Management System Evaluation Guide

Learning Management System Evaluation Guide Learning Management System Evaluation Guide With more than 400 companies with sites in 30 countries, and over 35 million training assignments completed, UL EduNeering is in a unique position to share best

More information

LIBRARY GUIDE: Medical Device Sales & Marketing

LIBRARY GUIDE: Medical Device Sales & Marketing LIBRARY GUIDE: Medical Device Sales & Marketing Page 2 Table of Contents Overview... 2 About Our Health Care Compliance Solution... 2 Our Relationship With AdvaMed... 2 Course Descriptions: Basics of the

More information

Making SOP Training More Effective

Making SOP Training More Effective By David Peterson, Director, GMP and Quality Systems, UL EduNeering SOPs are critical to efficient operations, quality control and regulatory compliance. This paper reviews best practices for the Life

More information

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies By Rob Sims, Director, Life Science, UL EduNeering When a Life Science

More information

How Companies Can Reduce Costs with Cloud-Based Training

How Companies Can Reduce Costs with Cloud-Based Training How Companies Can Reduce Costs with Cloud-Based Training How Companies Can Reduce Costs with Cloud-Based Training Today s volatile economic climate has many regulated companies thinking differently about

More information

Custom Courses THAT SATISFY BOTH YOUR BUSINESS AND BUDGET NEEDS

Custom Courses THAT SATISFY BOTH YOUR BUSINESS AND BUDGET NEEDS Custom Courses THAT SATISFY BOTH YOUR BUSINESS AND BUDGET NEEDS It is important to create great training courses that are cost effective, yet meet an organization s business drivers and training requirements.

More information

A Quality and Compliance Training Road Map for Emerging FDA-Regulated Companies

A Quality and Compliance Training Road Map for Emerging FDA-Regulated Companies A Quality and Compliance Road Map for Emerging FDA-Regulated Companies A Quality and Compliance Road Map for Emerging FDA-Regulated Companies Quality and compliance leaders within emerging Life Science

More information

Using Training Data to Drive Up Quality Metrics SURVEY OF QUALITY ASSURANCE EXECUTIVES

Using Training Data to Drive Up Quality Metrics SURVEY OF QUALITY ASSURANCE EXECUTIVES Using Training Data to Drive Up Quality Metrics SURVEY OF QUALITY ASSURANCE EXECUTIVES SURVEY OF QUALITY ASSURANCE EXECUTIVES The FDA s Push for Data and Metrics For the US FDA investigator, the single

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

A Model for Training/Qualification Record Validation within the Talent Management System

A Model for Training/Qualification Record Validation within the Talent Management System A Model for Training/Qualification Record Validation within the Talent Management System IN THIS PAPER: Meeting 21 CFR Part 11 and Annex 11 Requirements Delivering Qualification Transcripts During Audits

More information

LIBRARY GUIDE: Clinical Medical Device

LIBRARY GUIDE: Clinical Medical Device LIBRARY GUIDE: Clinical Medical Device Table of Contents Overview... 3 Clinical Curriculum Core Program Course Descriptions: A Tour of Health Canada (PHDV89)...5 A Tour of Health Europe (PHDV90)...5 A

More information

Top Seven Risks to Consider When Selecting a Life Science LMS

Top Seven Risks to Consider When Selecting a Life Science LMS Top Seven s to Consider When Selecting a Life Science LMS THE UNINTENDED CONSEQUENCES OF UNINFORMED DECISIONS IN THIS PAPER: Identifying and avoiding gaps in LMS functionality that may lead to critical

More information

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

Quality and Compliance: The Core of the Life Science Learning System

Quality and Compliance: The Core of the Life Science Learning System Quality and Compliance: The Core of the Life Science Learning System Quality and Compliance The Core of the Life Science Learning System By Rob Sims, Director, Life Science, UL EduNeering Within today

More information

ComplianceWire COMPLIANCE MANAGEMENT FOR LIFE SCIENCE ORGANIZATIONS

ComplianceWire COMPLIANCE MANAGEMENT FOR LIFE SCIENCE ORGANIZATIONS ComplianceWire COMPLIANCE MANAGEMENT FOR LIFE SCIENCE ORGANIZATIONS COMPLIANCE. PROFICIENCY. PERFORMANCE. ComplianceWire, the best-in-class solution for regulated industries, is a powerful, Part 11 compliant

More information

How CMOs are Turning Their Training Programs into Market Differentiators

How CMOs are Turning Their Training Programs into Market Differentiators How CMOs are Turning Their Training Programs into Market Differentiators How CMOs are Turning Their Training Programs into Market Differentiators A Contract Manufacturing Organization (CMO) has as much

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

HIPAA Privacy and Business Associate Agreement

HIPAA Privacy and Business Associate Agreement HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)

More information

Our Commitment to Information Security

Our Commitment to Information Security Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as

More information

Joe Dylewski President, ATMP Solutions

Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare

More information

LIBRARY GUIDE: Clinical Pharmaceutical

LIBRARY GUIDE: Clinical Pharmaceutical LIBRARY GUIDE: Clinical Pharmaceutical Table of Contents Overview...2 Course Descriptions Core Knowledge: A Tour of the FDA (PHDV60)...4 A Tour of Health Canada (PHDV89)...4 A Tour of Health Europe (PHDV90)...4

More information

HIPAA COMPLIANCE PLAN FOR 2013

HIPAA COMPLIANCE PLAN FOR 2013 HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS PRIVACY 27.0 BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

HIPAA Privacy Rule Policies

HIPAA Privacy Rule Policies DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

ComplianceWire COMPREHENSIVE TRAINING SOLUTIONS FOR OPERATIONALLY EXCELLENT ORGANIZATIONS

ComplianceWire COMPREHENSIVE TRAINING SOLUTIONS FOR OPERATIONALLY EXCELLENT ORGANIZATIONS ComplianceWire COMPREHENSIVE TRAINING SOLUTIONS FOR OPERATIONALLY EXCELLENT ORGANIZATIONS COMPREHENSIVE TRAINING SOLUTIONS FOR OPERATIONALLY EXCELLENT ORGANIZATIONS ComplianceWire provides enterprise-wide

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Sample Business Associate Agreement Provisions

Sample Business Associate Agreement Provisions Sample Business Associate Agreement Provisions Words or phrases contained in brackets are intended as either optional language or as instructions to the users of these sample provisions. Definitions Catch-all

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

HIPAA Enforcement Training for State Attorneys General

HIPAA Enforcement Training for State Attorneys General : State Attorneys General Enforcement of Federal Health Privacy Law HIPAA Enforcement Training for State Attorneys General Module Introduction : Introduction This module of the HIPAA Enforcement Training

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996 HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties: PRIVACY 1.0 FACILITY PRIVACY OFFICER Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities

More information

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into as of [Date] (hereinafter Effective

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES

DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES POLICIES AND PROCEDURES Subject: ADMINISTRATION OF HIPAA Effective Date: 12/15/03 Review Date: 6/8/06 Revision Date: 11/21/06 (All legal citations

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

SCDA and SCDA Member Benefits Group

SCDA and SCDA Member Benefits Group SCDA and SCDA Member Benefits Group HIPAA Privacy Policy 1. PURPOSE The purpose of this policy is to protect personal health information (PHI) and other personally identifiable information for all individuals

More information

Business Associates and HIPAA

Business Associates and HIPAA Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BAA ) is by and between the National Association of Boards of Pharmacy

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

The OCR Audit Protocol a first look

The OCR Audit Protocol a first look The OCR Audit Protocol a first look On June 26, 2012, the Office for Civil Rights published its Audit Protocols for HIPAA Security, HIPAA Breach and Privacy at http://ocrnotifications.hhs.gov/hipaa.html.

More information

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between The Board of Trustees of the University of Alabama, on behalf of INTERMACS Registry ( Business Associate

More information

HIPAA: AN OVERVIEW September 2013

HIPAA: AN OVERVIEW September 2013 HIPAA: AN OVERVIEW September 2013 Introduction The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996. The overall goal was to simplify and streamline

More information

New Developments in Safeguarding Protected Health Information During 2014

New Developments in Safeguarding Protected Health Information During 2014 New Developments in Safeguarding Protected Health Information During 2014 Submitted to the House Public Health Committee and the Senate Health and Human Services Committee by the Health and Human Services

More information

HIPAA Security Compliance Reviews

HIPAA Security Compliance Reviews HIPAA Security Compliance Reviews Elizabeth S. Holland, MPA Office of E-Health Standards and Services Centers for Medicare & Medicaid Services U.S. Department of Health and Human Services 1 2 What is HIPAA?

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum; BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement

More information

HIPAA Compliance Manual

HIPAA Compliance Manual HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said

More information

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax Please Read This business associate audit questionnaire is part of Apgar & Associates, LLC s healthcare compliance resources, Copyright 2014. This questionnaire should be viewed as a tool to aid in evaluating

More information

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

A Playbook for FCPA and Anti-Bribery Compliance Training & Communication

A Playbook for FCPA and Anti-Bribery Compliance Training & Communication A Playbook for FCPA and Anti-Bribery Compliance Training & Communication Training & Communication By Ellen Leinfuss, SVP, Life Science, UL EduNeering The list of anti-corruption laws, regulations and guidance

More information

REQUEST FOR BOARD ACTION

REQUEST FOR BOARD ACTION REQUEST FOR BOARD ACTION HENDERSON COUNTY BOARD OF COMMISSIONERS MEETING DATE: 23 March 2005 SUBJECT: ATTACHMENT(S): HIPAA 1. Proposed Resolution adopting policies 2. Proposed policies SUMMARY OF REQUEST:

More information

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

HIPAA Employee Compliance Program TRAINING MANUAL

HIPAA Employee Compliance Program TRAINING MANUAL HIPAA Employee Compliance Program TRAINING MANUAL Training Manual to Assist Employees in HIPAA Compliance January 2013 Program For HIPAA Compliance Plan Goal The purpose of this manual is to instruct our

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule) BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule) This Business Associate Agreement (the Agreement ), dated September 9, 2013, is entered into by and between ( Covered Entity ) and Schuster

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

Getting Hip to the HIPAA and HITECH Act Compliance

Getting Hip to the HIPAA and HITECH Act Compliance Getting Hip to the HIPAA and HITECH Act Compliance NaNotchka M. Chumley, D.O., M.P.H. Family Medicine Physician Los Angeles, CA Integrating Global Trade & Logistic and Cybersecurity Westin St. Francis,

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

The benefits you need... from the name you know and trust

The benefits you need... from the name you know and trust The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices

More information

Achieving HIPAA Security Rule Compliance with Lumension Solutions

Achieving HIPAA Security Rule Compliance with Lumension Solutions Achieving HIPAA Security Rule Compliance with Lumension Solutions Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online.

More information