HIPAA Privacy & Security Rules
|
|
- Malcolm Paul
- 8 years ago
- Views:
Transcription
1 HIPAA Privacy & Security Rules HITECH Act
2 Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to the Health Insurance Portability and Accountability Act (HIPAA) * * Even if you believe you personally may not have access to Even if you believe you personally may not have access to individually identifiable health information
3 Applicability As a Hybrid Covered Entity under HIPAA, Indiana University has established a HIPAA Privacy and Security Compliance Plan. A part of this Plan, the university has also established policies. Completion of this HIPAA training acts as your acknowledgement of IU's HIPAA Privacy and Security Compliance Plan.
4 Goals Our goal is to provide a secure environment for all health information provided to Indiana University. Also to promote personal responsibility and behaviors to ensure the privacy, security and integrity of sensitive information at Indiana University. Everyone has a role in this responsibility. Without your engagement, sensitive information can be breached or exposed.
5 Objectives The objectives of this module include: Increase your awareness of HIPAA Privacy and Security Rules as well as the HITECH Act Increase your awareness of the Indiana University HIPAA Compliance Plan & Policies Define HIPAA requirements & your responsibilities Identify patient sensitive information Identify privacy and security vulnerabilities Identify privacy and security safeguards
6 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule April 14, 2003 Establishes national standards d to protect t individuals id medical records and other personal health information; Established Patients Rights Requires appropriate Administrative, Physical and Technical safeguards to protect the privacy of personal health information; Sets limits and conditions on the uses and disclosures patients personal health information without an authorization ti 6
7 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Security Rule April 21, 2005 Establishes national standards d to protect t individuals id electronic personal health information; Requires appropriate p Administrative, Physical and Technical safeguards to protect the security of personal health information; Requires a Covered Entity to ensure the confidentiality, integrity, availability and security of electronic protected health information 7
8 Health Insurance Portability and Accountability Act (HIPAA) HITECH Act Signed February, 2009 Improved Enforcement of HIPAA; Increased Civil Monetary Penalties; Provide Notification to Individuals involved in Breach of their personal health information; Requires Business Associates to be in compliance with the HIPAA Privacy and Security Rules; Application of Civil Monetary Penalties to Business Associates 8
9 HIPAA - Terms Covered Entity (CE) Healthcare Organizations who conduct financial and administrative i ti transactions ti electronically ll Includes: Health Plans (Anthem, Medicare, Medicaid, IU's Health Plan, etc.) Healthcare Clearinghouses (Claims Processing) Healthcare Providers (Hospitals, Physicians, Dentists, Optometrists, Chiropractors, Pharmacies, etc.) Examples of a qualified transaction: 1) Electronic claim submitted to Medicare, Medicaid or commercial insurance 2) Submitting member information from IU to the Health Plans 9
10 HIPAA - Terms Workforce HIPAA defines the workforce to include: "employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity. Persons who do not fall in these categories, but nonetheless perform services on behalf of the covered entity, would be considered part of the workforce of a Business Associate 10
11 HIPAA - Terms Business Associate A person or entity that performs certain functions or activities iti that t involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity (CE). Not a member of the CE s workforce; Need a Business Associate Agreement; One CE can be a Business Associate to another CE; Business Associate requirements do not apply to CEs who disclose PHI to providers for treatment purposes 11
12 HIPAA - Terms PII (Personally Identifiable Information) Any data about a patient that could potentially identify them, such as: Name Address Driver license number Payment information Date of birth Social security number Photographic images Other private information that one would generally want to protect from public disclosure 12
13 HIPAA - Terms PHI (Protected Health Information) Any information about a patient s health, such as: Includes PII if collected by a Covered Entity Medical history Test and laboratory results Insurance information Data collected by a healthcare professional to identify an individual and determine appropriate care Data collected by a health plan 13
14 HIPAA - Terms Minimum Necessary HIPAA requires you take reasonable steps to limit the Use of Disclosure of Request for PHI to the Minimum Necessary to accomplish the assigned duty or task or intended purpose Minimum Necessary does not apply to Treatment Only use and disclose PHI when you have a business need to do so 14
15 HIPAA Indiana University IU - Hybrid Covered Entity These Areas must Comply with the IU HIPAA Pi Privacy &S Security Plan Healthcare Components (Covered Components) This means if these areas were not part of IU, they would be a Covered Entity Areas that provide Business Associate type services to the IU Healthcare Components or external Covered Entities Other HIPAA Affected Areas that have access to PHI for Education and Research Purposes 15
16 HIPAA Indiana University IU's Healthcare Components include but are not limited to: School of Medicine School of Dentistry School of Optometry IU s Health Plan Speech & Hearing Health Center - Bloomington & Indianapolis 16
17 HIPAA Indiana University Areas at IU which perform Business Associate type functions include, but are not limited to: School of Nursing UITS (Research Technologies, Intelligent Infrastructure, t etc.) Financial Services/Accounting Research Compliance Internal Audit University Counsel 17
18 HIPAA Indiana University Areas at IU which might access PHI for Education or Research Proposes or act as a Business Associate for outside Covered Entities include but are not limited to: School of Social Work School of Health, Physical Education & Recreation (HPER) School of Health & Rehabilitation Sciences Department of Psychology & Brain Sciences 18
19 HIPAA Notice of Privacy Practices Notice of Privacy Practices is a document that describes how we might use and disclose patient sensitive information and informs patients or members how we might use their health information; It should be provided to all patients upon their first visit to an IU treatment facility; or Provided to all participants in IU's Health Plan 19
20 HIPAA Patients Right to Privacy Sensitive information may be disclosed: To Treat a patient To receive Payment for services provided to a patient To perform daily healthcare Operations aka TPO Patients have the right to (includes but not limited to): Receive a copy of the Notice of Privacy Practices Inspect and request a copy of their health information Request an amendment to their medical record Request restrictions to their health information Request confidential or alternative means of communication 20
21 HIPAA Patients Right to Privacy Never view sensitive patient, family or employee information without a business need-to-know or a provider relationship which h allows for such an action. Access to PHI is only granted for a business purpose not for personal use. Unauthorized access or disclosure of patient information is subject to disciplinary action, up to and including termination of employment. 21
22 HIPAA Major Concepts Safeguard PHI during use & disclosure Administrative Physical Technical HIPAA Awareness Training of Workforce All Forms of PHI Paper Electronic Oral Communication 22
23 HIPAA Safeguards Always place medical records and forms containing patient information face down or away from view; Turn or block your computer monitor screens from public view; Dispose of unnecessary patient information in proper receptacles for shredding; Discuss patient information privately not in elevators, lobbies, Starbucks or other public areas. 23
24 HIPAA Safeguards Use lowered voices and limit access to areas where patient/member information is discussed; Supervise non-employees while in a work area; Request only minimally necessary information for your specific task or purpose (except Treatment); t) Determine appropriate procedures when contacting patients in general, such as verifying identification 24
25 HIPAA Safeguards Any mobile device that may store University sensitive data such as PHI must be encrypted; IU offers PGP encryption software free Encrypt and keep portable storage devices out of public view; DO NOT share system passphrases with ANYONE; Change your passphrase on a regular basis; Select a passphrase p that cannot be easily guessed; DO NOT tape passwords to ID badges, computers, monitors, keyboards, in desk drawers, etc.; DO NOT assume any public area is safe to leave your device, even for just a moment 25
26 HIPAA Safeguards Dispose of storage media in a safe and secure manner; Make sure timeout precautions are active; Always log-off applications or lock your computer if you are going away from your workstation or computer; Save information on secure network drives; Use [secure message], secure message, [confidential] or confidential in the subject line when using IU's exchange to share sensitive information (this will encrypt outgoing s) 26
27 HIPAA Safeguards User sign-on activity is tied to your unique user sign-on identification and passphrase; Your activity may be logged and monitored by Information Services to ensure appropriate uses and disclosures of PHI; Log-off after you have completed your work, so someone e cannot access the system with your log-on. o *You are held responsible for any information access or work completed under your sign-on 27
28 HIPAA Safeguards Be conscious of the information you are carrying with you (electronic or on paper). Do not leave sensitive information unattended d where the information could be viewed or taken by others. Over 60% of breaches involving 500 or more individuals are a result of stolen, unencrypted devices such as: laptops, USB drives, desktops, backup disks 28
29 BREACH When there is a breach or potential breach (i.e. when equipment or data are lost or stolen), prompt action is critical. Notify your Manager, Supervisor, Privacy Officer immediately and follow IU s sensitive data incident reporting procedures. The faster the breach or vulnerability is investigated and understood, the faster we can respond. t t / it /i id t/ iti dt IU is legally required to notify regulatory agencies and those impacted by a data breach. 29
30 Social Media All IU employees have an obligation to protect the privacy and confidentiality of patients, subjects, their families, & other employees even when not at work. Social Media sites like Facebook, Twitter, MySpace, YouTube, LinkedIn, etc. require extra care to prevent privacy breaches. Never post patients health information on Social Media, even if you believe it to be de-identified Be aware of the threats and associated risks using these services, which include damage to the patient, user and/or organization or risks of media exposure, civil penalties or infection by malicious computer software such as viruses or worms. 30
31 Social Media Sharing any private or confidential patient information on the Internet is a breach of patient confidentiality and a violation of HIPAA and IU policies and other applicable laws; Violators are subject to immediate discipline, up to and including termination; Report any known or suspected activity to your Manager, Supervisor, Privacy Officer or the compliance notification line ; 31
32 Social Networking Reminders Do not take pictures of patients t without t a healthcare purpose and a written consent from the patient on file in the medical record. Do not take pictures of patients with personal cameras, personal cell phones for personal use. Do not post patient pictures or information about patients on any Internet forums or social networking sites (i.e. Facebook, Twitter, professional association blogs, newspaper blogs, etc.) Do not post any pictures of patients received from the patient or their family. Do not discuss patient information on social networking sites. 32
33 Conclusion Protecting patient privacy and maintaining a secure information environment is everyone s job! It is your responsibility to report information privacy and security concerns to your Manager, Supervisor, Privacy Officer. Employees should feel comfortable knowing that IU may not intimidate, threaten, coerce, discriminate against or take retaliatory action when employees file complaints. 33
34 Conclusion Violation of the HIPAA Privacy and Security Rules will be subject to: IU progressive disciplinary procedures, including the possible loss of computer system privileges and/or termination of employment; Possible prosecution by state and federal authorities, fines and jail sentences 34
35 Contact Leslie J. Pfeffer, BS, CHP Interim University HIPAA Privacy Officer ff (317) Eric W. Schmidt, CISSP, CISM Interim University HIPAA Security Officer (317)
36 HIPAA Basic Training Attestation Statement I have reviewed the HIPAA basic training module which includes information regarding the Privacy and Security regulations, the IU HIPAA Privacy and Security Compliance Plan and my responsibilities under those regulations and the Plan. Signature Printed Name Date Please provide a copy of this attestation to the HIPAA Liaison for your department. 36
HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationPROTECTING PATIENT PRIVACY and INFORMATION SECURITY
PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,
More informationHIPAA: Privacy/Info Security
HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure
More information8.03 Health Insurance Portability and Accountability Act (HIPAA)
Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationHIPAA Education Level One For Volunteers & Observers
UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationHIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHealth Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationCompliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians
Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationAnnual Compliance Training. HITECH/HIPAA Refresher
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More informationPrivacy & Information Security Training. For Health Science Workforce Members
Privacy & Information Security Training For Health Science Workforce Members Privacy Program, 4/6/2015 Objectives Understand what information must be protected under state and federal privacy laws Understand
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More informationHIPAA Privacy. September 21, 2013
HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationHealth Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationHIPAA: Bigger and More Annoying
HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL
More informationTHE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL
THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL What is HIPAA? Comprehensive federal legislation regarding health insurance which is comprised of four key areas:
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act of 1996
What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationSt. Elizabeth Healthcare
St. Elizabeth Healthcare Information Security and Privacy Netlearning Module Intended audience: All St. Elizabeth associates and people of interest exposed to corporate or patient information. Author:
More informationHIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationHIPPA Goes HITECH. Data Protection for Agents
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationHIPAA Security Training Manual
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationMCCP Online Orientation
Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationHIPAA In The Workplace. What Every Employee Should Know and Remember
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
More informationDEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES
DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES POLICIES AND PROCEDURES Subject: ADMINISTRATION OF HIPAA Effective Date: 12/15/03 Review Date: 6/8/06 Revision Date: 11/21/06 (All legal citations
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationPrivacy and Security For Managers
Privacy and Security For Managers This self directed learning module contains information all CHS Teammates are expected to know in order to protect our patients, our guests, and ourselves. Target Audience:
More informationPrivacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:
HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates
More informationHIPAA Awareness Training
New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationHealth Insurance Portability and Accountability Act of 1996 (HIPAA) Contents
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents Health Insurance Portability and Accountability Act of 1996 (HIPAA)... 1 Welcome to HIPAA Awareness Training Content... 3 HIPAA
More informationWelcome to the University of Utah Health Sciences HIPAA Privacy and Security Training Program
Welcome to the University of Utah Health Sciences HIPAA Privacy and Security Training Program You cannot have Privacy without Security. Requirements of All UUHS Workforce Members ALL University of Utah
More informationDepartment of Health and Human Services Policy ADMN 004, Attachment A
WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More information2. Begin gathering necessary documents for student (refer to Record Acknowledgement Form)
Dear Colleague, This notice is to share some recent changes we ve made with our Student Onboarding Process. Effective October 1, 2014, our onboarding process is migrating from Public Safety to our Human
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationPrivacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy
Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is broad federal legislation that includes
More informationHIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013
Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative
More informationBy the end of this course you will demonstrate:
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationHIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act.
HIPAA/ HITECH HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT Health Information Technology for Economic and Clinical Health Act Revised 4/4/14 1 Your Accountability Quality Care Compliance Reputation
More informationHIPAA Security. 1 Security 101 for Covered Entities. Security Topics
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationPrivacy & Security Standards to Protect Patient Information
Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine
More informationHealth Insurance Portability and Accountability Act HIPAA Privacy Standards
Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate
More informationHIPAA Privacy Policy & Notice of Privacy Practices
HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the
More informationC.T. Hellmuth & Associates, Inc.
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
More informationELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION
ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationHow To Protect Your Health Information At Uni Of California
HIPAA 101 Privacy and Security Training Privacy and Security Training Privacy and Security for New UCSF Workforce Faculty Post Docs Residents / Fellows Staff Students Trainees Volunteers Contractors /
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationSARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY
SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY Purpose: The following privacy policy is adopted to ensure that the Sarasota County Government Employee Medical Benefit Plan
More informationJoseph Suchocki HIPAA Compliance 2015
Joseph Suchocki HIPAA Compliance 2015 Sponsored by Eagle Associates, Inc. Eagle Associates provides compliance services for over 1,200 practices nation wide. Services provided by Eagle Associates address
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationMEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA
MEDICAL OFFICE COMPLIANCE TOOLKIT The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA MEDICAL OFFICE COMPLIANCE TOOLKIT The Complete Medical Practice Compliance Resource HIPAA HITECH
More informationResearch and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,
Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman, Department of Biomedical Informatics Vanderbilt University School
More informationHIPAA-G04 Limited Data Set and Data Use Agreement Guidance
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related
More information