Breaches, Business Associates and Texting, Oh My! A HIPAA HITECH Update. Overview
|
|
- Corey Henry
- 8 years ago
- Views:
Transcription
1 Breaches, Business Associates and Texting, Oh My! A HIPAA HITECH Update The Bittinger Law Firm Sutton Park Drive South Suite 201 Jacksonville, Florida January 13, 2015 Ann M. Bittinger, Esq. Ann@bittingerlaw.com 1 Overview 1. Background 2. Enforcement 3. Genetic Information 4. Clinical Research 5. Business Associates 6. Agency Concerns 7. New Breach Notification Standard 8. Individuals Electronic Copies Required Restrictions Marketing Fundraising Sale of PHI Notice of Privacy Practices 2 1
2 BACKGROUND 3 History Congress enacted the Health Insurance Portability and Accountability Act in Goals: Access to health insurance (portability) Protecting privacy of health information Promoting the standardization of health claims/efficiency Privacy Regulations: First proposed November 3, 1999; Finalized April 14, 2002 for most entities, with enforcement to start April 14,
3 HITECH Changes to HIPAA Part of the American Recovery and Reinvestment Act of 2007 (ARRA) Health Information Technology for Economic and Clinical Health Act $36 billion for HIT and HIE 5 Business Associates If an entity that is not a covered entity is doing something on behalf of you, and is not treatment, you need a BA Agreement with them. Applies to payment and health care operations Examples: Consultants to assist with audits Lawyers to assist with lawsuits; claims; collections Data processing Claims processing Accreditation Accounting 6 3
4 Privacy Plan Must have in place a plan to address HIPAA Privacy Nothing mandated: typically address privacy rights, oral communications, the method of handing out and tracking the Notice, document retention Training Designated Privacy Officer 7 Notice of Privacy Practices Must give to all patients at first date of service Explains the uses and disclosures of PHI at the entity Must contain certain language 8 4
5 Use when: Authorization not treatment, payment or health care operations not to a BA; and no other exception applies. Patient signs; must be plain language Must have certain language Cannot condition treatment on signing Must inform patients of their rights 9 Individual Rights Access: General rule: right to access Must act within 30 days Certain ground for denial, which are reviewable 10 5
6 Privacy Compliance and Enforcement A private practice denied an individual access to his records on the basis that a portion of the individual s record was created by a physician not associated with the practice no similar provision limits individuals rights to access their protected health information. Among other steps to resolve the specific issues, OCR required the practice to revise its access policy to affirm that patients have access to their record regardless of whether another entity created information contained within it. 11 Privacy Compliance and Enforcement An outpatient surgical facility disclosed a patient s PHI to a research entity for recruitment purposes without the patient s authorization or an IRB or privacy-board approved waiver of authorization. The outpatient facility reportedly believed that such disclosures were permitted by the Privacy Rule. OCR required the facility to revise its written policies and procedures regarding disclosures of PHI for research recruitment purposes to require valid written authorizations; retain staff; log the disclosure of patient s PHI. 12 6
7 Accounting/Log Individuals have a right to a list of disclosures made in the six years prior to the request (but not before the implementation date). Exceptions: To the patient Incidentals Authorized disclosures (signed authorization) National security Releases to BA s have to be tracked Content: date, name of recipient and address, description of info and purpose of disclosure Must act within 30 days. 13 Breach HITECH: first federal law mandating breach notification Florida does not have such a law; 45 do Applies to covered entities, business associates, PHR vendors and PHR service providers 14 7
8 Example of breach January 2010 BCBS of Tennessee October 2, 2009: alarm at offsite facility storing hard drives Investigation 3 days later reveals 57 missing hard drives containing audio copies of phone calls and video screen images BCBS notified 220,000; up to 500,000 may be affected Spent over $7 million to date Has to notify AGs in 32 states. 15 Background Official Title: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules AKA: The HITECH Final Omnibus Rule 16 8
9 Background Published January 25, pages Available in the Federal Register 78 FR Background Key Terms ARRA: American Recovery & Reinvestment Act BA: Business Associate CE: Covered Entity EHR: Electronic Health Record EPHI: Electronic Protected Health Information HIPAA: Health Insurance Portability and Accountability Act HITECH: Health Information Technology for Economic & Clinical Health PHI: Protected Health Information PHR: Personal Health Record 18 9
10 Background HITECH Timeline August 8, 1996: HIPAA signed into law. February 27, 2009: ARRA-HITECH signed into law July 14, 2010: Modifications to HIPAA Privacy, Security and Enforcement Rules under HITECH: Proposed Rule January 25, 2013: HIPAA HITECH Omnibus Final Rule Published in Federal Register Effective March 26, 2013 Compliance required by September 23, Background Purpose of Final Omnibus Rule Strengthen the privacy and security protection for individuals' health information; Modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; Modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and Make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities
11 ENFORCEMENT 21 Enforcement Department of Health and Human Services (HHS) AND State Attorney General can enforce HIPAA (e) HIPAA-HITECH Act gave SAG authority to bring civil actions on behalf of state residents for violations of HIPAA Privacy and Security Rules. SAGs may obtain damages on behalf of state residents or to enjoin further violations of HIPAA Privacy and Security Rules. SAGs are required to serve HHS 48 hours prior to filing an action and must include a copy of the complaint
12 Enforcement Mandatory Investigation If a preliminary review of the facts in a complaint or compliance review indicates a possible violation due to willful neglect, the Department of Health and Human Services Secretary (Secretary) is required to investigate the complaint or compliance review. Discretionary Investigation If the facts do not indicate a possible violation, further investigation or review is discretionary. 23 Enforcement Old Rule: Secretary was required to attempt to resolve noncompliance through informal means. New Final Omnibus Rule: Secretary now has discretion to choose between informal and formal resolution of investigations or compliance reviews. Secretary can move immediately to civil monetary penalty (CMP) and formal enforcement without first exhausting informal resolution efforts, especially for willful neglect violations
13 Enforcement Stronger Penalties for Violations December 28, 2000 Penalties ranged from $100 - $25, Federal Register Vol. 64, No. 250 January 25, 2013 Penalties range from $100 - $1,500, Federal Register Vol. 64, No Enforcement Civil Monetary Penalty Levels Violation Each Violation All Identical Violations per Calendar Year Did Not Know $100-$50,000 $1,500,000 Reasonable Cause $1,000-$50,000 $1,500,000 Willful Neglect- Corrected Willful Neglect- Not Corrected $10,000-$50,000 $1,500,000 $50,000-Upward $1,500,
14 Enforcement Factors Used to Determine CMP Amount 1) Nature of the violation Secretary may now consider number of individuals affected. 2) Nature and extent of the resulting harm Secretary may now consider reputational harm. 3) History of prior compliance with HIPAA administrative simplification standards Secretary may now consider previous indications of noncompliance, not just previous violations. 4) Financial condition of the CE or BA 27 Enforcement Affirmative Defenses If a criminal penalty has been imposed on a CE or BA for a violation of HIPAA, Secretary may NOT impose a CMP for the same act. Violation must actually have been punished, not merely punishable For violations PRIOR to February 18, 2009: Secretary may NOT impose a CMP if no willful neglect AND it would have been unreasonable for CE to comply with HIPAA, despite ordinary business care and prudence. For violations AFTER February 18, 2009: Affirmative defense if violation is NOT due to willful neglect AND was corrected within 30 days of learning of the violation, or such additional period as determined by the Secretary
15 GENETIC INFORMATION 29 Genetic Information The Final Omnibus Rule incorporates the Genetic Information Nondiscrimination Act (GINA) into existing regulations. GINA is a 2008 federal law that prohibits health insurance issuers from using genetic information to determine insurance premiums or contributions and restricts the use of genetic information in the employment context
16 Genetic Information Under the Final Omnibus Rule: Genetic information must now be treated as PHI. Group health plans, health insurance issuers, or issuers or Medicare supplemental policies are prohibited from using/disclosing genetic information for underwriting purposes. Discrimination in provision of health insurance based on genetic information is prohibited. 31 CLINICAL RESEARCH 32 16
17 Clinical Research De-identification of PHI New Final Omnibus Rule discusses two methods to satisfy the Privacy Rule s deidentification standard 1) Expert Determination 2) Safe Harbor 33 Clinical Research Compound Authorizations Allows a CE to combine conditioned and unconditioned authorizations for research SO LONG AS the combined authorization clearly: differentiates between the conditioned and unconditioned research components AND allows the individual the option to opt in to the unconditioned research activities
18 Clinical Research Authorizations for Future Research Old Rule Research authorizations needed to be study specific. New Final Omnibus Rule Research authorizations need NOT be study-specific, provided that they describe future uses or disclosures sufficiently to enable individuals to reasonably expect that their PHI could be used or disclosed for future research. 35 BUSINESS ASSOCIATES 36 18
19 Business Associates Expanded Definition A business associate includes a person or entity that creates, receives, maintains, or transmits PHI on behalf of a covered entity. Includes physical storage facilities AND Companies that store electronic PHI in the cloud. 37 Business Associates Expanded Definition (cont.) BAs now expressly include: Health information organizations, E-prescribing gateways, Entities that provide data transmission services to CEs AND routinely require access to PHI PHR vendors that provide services to CEs, Subcontractors 38 19
20 Business Associates BAs Now Subject HIPAA Security Rule s technical, administrative, and physical safeguard requirements now apply to BAs. HIPAA Privacy Rule s use or disclosure limitations now apply to BA s. Criminal and civil liabilities for violations. 39 Business Associates A BA must disclose PHI to: 1) HHS for a compliance investigation, complaint investigation, or compliance review. 2) CE or individual when an individual requests an electronic copy of PHI, in order to satisfy the CE s obligations
21 Business Associates BAs must: 1) Notify CE of a breach of unsecured PHI 2) Make reasonable efforts to limit use and disclosure of PHI and requests for PHI to minimum necessary 3) Provide an accounting of disclosures 4) Enter into agreements with subcontractors that comply with HIPAA Privacy and Security Rules 41 Business Associates All BAs must now: Designate a security official Perform a risk analysis Conduct employee training Create a risk management program Maintain written policies and procedures Document compliance with the statute 42 21
22 Business Associates Agreements Existing Business Associate Agreements (BAAs) may continue to operate for a one year period after the September 23, 2013 compliance date if: 1) Existing BAA currently complies with all prior BAA requirements, and 2) Existing BAA does NOT renew prior to compliance date. 43 Business Associates Pointers Have you identified all BAs? Have you executed/updated business associate agreements (BAA)? Does your BAA identify how quickly the BA should contact the CE in the case of breach? Does your BAA reflect the omnibus changes in liability? If your BA subcontracts, does your BA have an agreement with a subcontractor that complies with BAA provisions? 44 22
23 AGENCY CONCERNS 45 AGENCY CONCERNS Old Rule Exception to liability for civil monetary penalties (CMP) when a HIPAA violation is attributed to a CE. Under this exception, a CE was not responsible for the missteps of BA agents that were unknown to the CE
24 AGENCY CONCERNS New Final Omnibus Rule BOTH CEs and BAs will face potential CMP liability for their agents acts or omissions within the scope of the agency. Existence of agency relationship is determined by a fact specific, totality of the circumstances test. 47 AGENCY CONCERNS Test Factors: 1) Time, place, and purpose of the agent s conduct; 2) Whether the agent is engaged in a course of conduct subject to the principal s control; 3) Whether the agent s conduct is commonly done by an agent to accomplish the service performed on behalf of the principal; 4) Whether or not the principal reasonably expected that an agent would engage in the conduct in question
25 AGENCY CONCERNS Federal Common Law of Agency Under the Final Omnibus Rule: If a BA becomes aware of a breach, and that BA is an agent, knowledge is then imputed to the CE. 49 NEW BREACH NOTIFICATION STANDARD 50 25
26 New Breach Notification Standard Final Omnibus Rule An acquisition, access, use, or disclosure of PHI in a manner not permitted is PRESUMED to be breach unless the CE or BA can demonstrate that there is a low probability that the PHI has been compromised. 51 New Breach Notification Standard Definitions HITECH definition: Breach Acquisition, access, use or disclosure of PHI in a manner not permitted by the Privacy Rule which compromises the security or privacy of PHI Interim definition: Compromise Poses a significant risk of financial, reputational, or other harm. Final Omnibus Rule Does NOT define compromise
27 New Breach Notification Standard So when must the CE or BA notify? 53 New Breach Notification Standard Shift from old subjective harm standard to new objective test of whether PHI has been compromised. New Standard Breach notification is necessary in all situations EXCEPT where the CE or BA demonstrates a low probability that PHI is compromised.* Instead of focusing on harm to the individual, the focus is now on the likelihood that PHI has been improperly accessed or exposed
28 New Breach Notification Standard How do CEs or BAs determine if PHI has been compromised? 55 New Breach Notification Standard Determining probability of compromise requires a risk assessment of at least: 1) Nature and extent of PHI involved 2) Who received/accessed the information 3) Potential that PHI was actually acquired or viewed 4) Extent to which risk to PHI has been mitigated
29 New Breach Notification Standard Popular Types of Large Breaches 1) Theft 2) Unauthorized Access/Disclosure 3) Loss Popular Locations 1) Laptops/portable electronic devices 2) Paper Records 3) Desktop Computers 57 New Breach Notification Standard Example: Theft of an unencrypted laptop computer containing ephi of 441 patients. Provider notified OCR pursuant to 45 C.F.R. Section OCR found: Provider failed to conduct a risk analysis to safeguard ephi AND Provider did not have policies or procedures in place to address mobile device security pursuant to the HIPAA Security rule. Settlement Agreement: Provider pays HHS $50,000 and enters into a corrective action plan. First settlement agreement involving ephi 58 breach affecting less than 500 individuals. 29
30 ELECTRONIC COPY 59 Electronic Copies Individual CE must provide access in electronic form/format requested by individual if readily producible, otherwise in readable electronic form/format as agreed to by CE and individual. Examples: Disc with PDF file Secure with a Word file Access to secure web-based portal Hard copy acceptable if individual declines to accept any of CE s electronic formats
31 Electronic Copies Clarification If EPHI contains a link to images or data, the images or data must be included in the electronic copy. If medical record is mixed media, the CE can provide a combination of electronic and hard copies. CE is not required to use an individual s personal flash if CE has security concerns. If individual requests a copy of its EPHI be sent via unencrypted , the CE may send it, but must advise the individual of the risk that info may be read by a 3 rd party. 61 Electronic Copies Individual s Designee Request must be in writing and must be signed. Clearly identify designee and where record should be sent
32 Electronic Copies Costs: A CE may charge for: Reviewing the request and producing the copy. i.e. compiling, extracting, scanning, and transferring PHI to media. Cost of portable media device, if requested. i.e. CD, USB drive. Postage if mailed. 63 Electronic Copies Costs: A CE may NOT charge for: 1) Costs of new technology; 2) Maintaining systems for electronic PHI, data access, and storage infrastructure; 3) Retrieval fee 64 32
33 Electronic Copies Time Old Rule: CE has 90 days to respond to requests for access. New Final Omnibus Rule: CE has up to 60 days. CE has 30 days to respond + One 30-day extension upon written notice to the individual including: Reason for delay Expected date of completion 65 REQUIRED RESTRICTIONS 66 33
34 Required Restrictions Out of Pocket Payment Patients who pay for treatment out of pocket now have a right to restrict disclosure of PHI to insurance companies/health plans. So long as the disclosure is for purposes of payment or healthcare operations and is not otherwise required by law. A CE no longer has the ability to terminate its agreement to any Required Restriction. 67 Required Restrictions Compliance 1) Medical Records Flag portions of the record that contain PHI subject to the required restriction. 2) Bundled Services Provider should counsel the patient on the ability/inability of provider to unbundle the services and the consequences of doing so. If provider can NOT unbundle, provider should give patient option to restrict and pay out of pocket for entire bundle. 3) Dishonored Payments Make reasonable attempts to resolve payment issues with patient PRIOR to disclosing PHI to health plan
35 Required Restrictions Compliance (cont.) 4) Downstream Providers Individual has obligation to request restriction from downstream providers. Providers are encouraged to assist individual. 5) Follow-up Care Individual must request restriction for follow-up care. 6) Health Maintenance Organizations Contractual requirements for a provider to submit claims to an HMO do NOT exempt the provider from obligations with respect to required restriction. 7) Mandatory Billing Rules A provider may submit PHI to a govt. health plan as required by law, HOWEVER, provider must utilize mechanisms to avoid such legal mandates 69if possible, to comply with a request for RR. Required Restrictions Pointers 1) Develop and administer proper training regarding RR and protecting restricted PHI. 2) Update electronic systems to ensure that health plans are not billed for items or services subject to an RR
36 MARKETING 71 Marketing Modified definition: Marketing now includes any treatment or healthcare operations communications to individuals about health-related products or services, if the CE or its BA receives financial remuneration in exchange for making the communication from or on behalf of the 3 rd party whose product or service is being described
37 Marketing Authorization Authorization is now REQUIRED for any CE or BA receiving financial remuneration from a 3 rd party in exchange for making a communication about a product or service. *Exception for Refill reminders, Information on generic substitutes, or Instructions for taking the drug. In person discussions. 73 Marketing Authorization Must state that the communication is paid for. Must state that the individual may revoke the authorization at any time. Authorization s Scope Need not be limited to single product/service or products/services of one 3 rd party
38 Marketing How does this affect my Notice of Privacy Practices? The Final Rule explains that the NPP does NOT have to include a statement informing individuals that the CE is being paid for certain communications. If the CE is getting paid for sending communications, the CE needs to notify the individual through an authorization. If the CE is not getting paid for the communication, the purposes are adequately captured in the NPP s discussion of treatment and health care operations. 75 Marketing Financial Remuneration for Refill Reminders/Drug Communications Must be reasonable in amount to qualify for exception. Must be reasonably related to the CE s cost of making the communication. E.g. labor, supplies, postage
39 FUNDRAISING 77 Fundraising Old Rule: CEs can use and disclose demographic information relating to the individual and dates of health care provided to the individual for fundraising. Demographic information includes: Names, addresses, other contact information, age, gender, date of birth
40 Fundraising New Rule: CE may now use the following information to target fundraising communications: Demographic information Dates of service Health insurance status Department of service (NEW) e.g. Oncology, cardiology, pediatrics Treating physician (NEW) Outcome information (NEW) e.g. Includes death, or sub-optimal 79 results Fundraising An individual s ability to opt out of fundraising communications must be clear and conspicuous. CE may not condition treatment or payment on individual s decision
41 Fundraising How does this affect my Notice of Privacy Practices? Your NPP must inform individuals that A CE may contact them to raise funds for the CE and An individual has a right to opt out of receiving such communications. 81 SALE OF PHI 82 41
42 Sale of PHI New Final Omnibus Rule prohibits the sale of PHI without authorization. Authorization must state that disclosure will result in remuneration. Includes financial AND non-financial remuneration. 83 Sale of PHI Exceptions to Prohibition on Unauthorized Sale of PHI Public health activities Disclosure required by law Research, if remuneration limited to reasonable, costbased fee to prepare and transmit PHI Treatment & payment Sale of business Remuneration to BA for services rendered Providing access or accounting to individual Any other permitted disclosure where only a reasonable, cost-based fee will be received to prepare and transmit PHI 84 42
43 Sale of PHI Pointers 1) Update Policies and Procedures 2) Train employees on the prohibition of PHI without express written authorization 85 NOTICE OF PRIVACY PRACTICES 86 43
44 Notice of Privacy Practices of the Privacy Rule sets out the requirements for most covered entities to have and distribute a notice of privacy practices (NPP). The NPP must describe: Permitted uses and disclosures of PHI CE s legal duties and privacy practices with respect to PHI, and The individual s rights concerning PHI. 78 FR 17 at Notice of Privacy Practices 1) The NPP must contain a statement indicating that: most uses and disclosures of psychotherapy notes (where appropriate), uses and disclosures of protected health information for marketing purposes, and disclosures that constitute a sale of protected health information require authorization, as well as a statement that other uses and disclosures not described in the NPP will be made only with authorization from the individual. 78 FR 17 at CFR (b)(1)(ii)(E)
45 Notice of Privacy Practices 2) The Final Rule treats all subsidized treatment communications as marketing. Therefore, the Final Rule did NOT adopt the proposal to require a statement in the NPP about such communications and the ability of an individual to opt out. 78 FR 17 at CFR Notice of Privacy Practices 2) The Final Rule DID adopt the proposed requirement for a statement in the NPP regarding fundraising communications and an individual s right to opt out of receiving such communications, if a covered entity intends to contact an individual to raise funds for the covered entity. 78 FR 17 at CFR (b)(1)(iii)(A) The final rule does not require covered entities to send pre-solicitation opt outs to individuals prior to the first fundraising communication. The individual will be on notice of the opportunity to opt out of receiving fundraising communications through the notice of privacy practices and the first fundraising communication itself will contain a clear and conspicuous opportunity to opt out, there is no need to require covered entities to incur the additional burden and cost of sending pre-solicitation opt outs. 78 FR 17 at
46 NOTICE OF PRIVACY PRACTICES 2) However: If a covered entity uses a public directory to mail fundraising communications to all residents in a particular geographic service area, the notice and opt out requirements are not applicable. 78 FR 17 at NOTICE OF PRIVACY PRACTICES 3) RIGHT TO RESTRICT DISCLOSURES The Final Rule adopts the proposal that the NPP inform individuals of their new right to restrict certain disclosures of PHI to a health plan where the individual pays out of pocket in full for the health care item or services. Only health care providers are required to include such a statement in the NPP; other covered entities may retain the existing language indicating that a covered entity is not required to agree to a requested restriction FR 17 at
47 NOTICE OF PRIVACY PRACTICES 4) BREACH NOTIFICATION The Final Rule requires CEs to include in their NPP a statement of the right of affected individuals to be notified following a breach of unsecured PHI. A simple statement in the NPP that an individual has a right to or will receive notifications of breach of his or her unsecured PHI will suffice. 78 FR 17 at Notice of Privacy Practices 6) GINA The Final Rule adopts the requirement for health plans that perform underwriting to include in their NPPs a statement that they are prohibited from using or disclosing genetic information for such purposes, except with regard to issuers of long term care policies, which are not subject to the underwriting prohibition. 78 FR 17 at
48 NOTICE OF PRIVACY PRACTICES 7) AVAILABILITY & PUBLICATION The Final Rule retains the requirement that when a health care provider with a direct treatment relationship with an individual revises the NPP, the health care provider must make the NPP available upon request on or after the effective date of the revision and must have the HPP available at the delivery site and post the notice in a clear and prominent location. 78 FR 17 at CFR (c)(2)(iii). 95 NOTICE OF PRIVACY PRACTICES 8) PUBLICATION To the extent that some CEs have already revised their NPPs in response to the enactment of the HITECH Act or State law requirements, as long as a CE s current NPP is consistent with the Final Rule and individuals have been informed of all material revisions made to the NPP, the CE is not required to revise and distribute another NPP upon publication of this Final Rule. The Privacy Rule permits CEs to distribute their NPPs or notices of material changes by , provided the individual has agreed to receive an electronic copy. 78 FR 17 at
49 NOTICE OF PRIVACY PRACTICES 9) Comments A CE may satisfy the NPP provisions by providing the individual with both a short notice that briefly summarizes the individual s rights, as well as other information, and a longer notice, layered beneath the short notice that contains all the elements required by the Rule. The CE must take reasonable steps to ensure meaningful access for Limited English Proficient persons to the services of the covered entity, which could include translating the NPP into frequently encountered languages. Currently, there is no model language. 78 FR 17 at TEXTING Survey: 73% of physicians text physicians about work Is it PHI? Must have a policy BAA with cellular provider? 98 49
50 TEXTING Policy: Lost phone Password or fingerprint Workforce training Vendor-supplied secure messaging ap How to coordinate into the medical record and supply to patients 99 POINTERS Revise Policies and Procedures Include a breach notification response plan using the new presumption of breach standard. Train Employees on Updated Policies and Procedures Document attendance Conduct a Risk Analysis Identify locations of PHI Anticipate threats Assign levels of risk
51 Questions? Thank you for attending! The Bittinger Law Firm Sutton Park Drive South Suite 201 Jacksonville, Florida Ann M. Bittinger, Esq
HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )
HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationOCR UPDATE Breach Notification Rule & Business Associates (BA)
OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the
More informationProtecting Patient Information in an Electronic Environment- New HIPAA Requirements
Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA
More informationKey HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences
Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates
More informationLegislative & Regulatory Information
Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationWhat Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act
What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationHHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule
JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On
More informationHITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers
HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers Disclaimer: The following questions and answers are not legal advice or opinion. They
More informationHIPAA in an Omnibus World. Presented by
HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters
More informationHIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.
HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September
More informationHIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013
HIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013 Federal and Texas Privacy & Security Requirements Minimizing Your Risk of Violations DISCLAIMER The information contained in this document
More informationTHE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE
THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE The Speakers Cinda Velasco Attorney, Manager, Privacy Officer Patient Safety and Risk Management Trish Lugtu Senior Manager MMIC
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationNew HIPAA Rules: A Guide for Radiology Providers
New HIPAA Rules: A Guide for Radiology Providers Adrienne Dresevic, Esq and Clinton Mikel, Esq The credit earned from the Quick Credit TM test accompanying this article may be applied to the AHRA certified
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationNew HIPAA Rules and EHRs: ARRA & Breach Notification
New HIPAA Rules and EHRs: ARRA & Breach Notification Jim Sheldon-Dean Director of Compliance Services Lewis Creek Systems, LLC www.lewiscreeksystems.com and Raj Goel Chief Technology Officer Brainlink
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More informationHIPAA Compliance in 2013:
HIPAA Compliance in 2013: National Association for Home Care & Hospice March on Washington March 18, 2013 1 Marcia Augsburger Partner, DLA Piper, LLP (US) Firm HIPAA Officer and HIPAA Working Group Co-Chair
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationFinal Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and HITECH Act Breach Notification Rules, 78 Fed. Reg. 5566 (Jan.
AIS Special Report 1 AIS Special Report Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and HITECH Act Breach Notification Rules, 78 Fed. Reg. 5566 (Jan. 25, 2013) By Francie Fernald,
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More informationNew Rules on Privacy, Security, Breach Reporting and Enforcement: Not Just for HIPAA-chondriacs
New Rules on Privacy, Security, Breach Reporting and Enforcement: Not Just for HIPAA-chondriacs Executive Summary After years of waiting for all of the anxious HIPAA-chondriacs out there, the HHS Office
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationDepartment of Health and Human Services. No. 17 January 25, 2013. Part II
Vol. 78 Friday, No. 17 January 25, 2013 Part II Department of Health and Human Services Office of the Secretary 45 CFR Parts 160 and 164 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach
More informationLong-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates
Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationA How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1
A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register
More informationJanuary 25, 2013. 1 P a g e
Analysis of Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information
More informationHIPAA/HITECH Rules Proposed: Major Changes Looming for Business Associates and Subcontractors
Health Care ADVISORY July 16, 2010 HIPAA/HITECH Rules Proposed: Major Changes Looming for Business Associates and Subcontractors On July 8, 2010, the Office for Civil Rights (OCR) of the Department of
More informationUPDATES FOR MEDICAL PRACTICES: RED FLAGS AND IDENTITY THEFT AND HIPAA PRIVACY CHANGES (FROM HITECH)
UPDATES FOR MEDICAL PRACTICES: RED FLAGS AND IDENTITY THEFT AND HIPAA PRIVACY CHANGES (FROM HITECH) March 2011 Presentation by Jennifer L. Cox, J.D. Red Flags Rollback Red flags is going going and not
More informationHIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com
HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health
More informationHHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI
January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative
More informationBusiness Associate Liability Under HIPAA/HITECH
Business Associate Liability Under HIPAA/HITECH Joseph R. McClure, JD, CHP Siemens Healthcare WEDI Security & Privacy SNIP Co-Chair Reece Hirsch, CIPP, Partner Morgan Lewis & Bockius LLP ` Fifth National
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationShipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS
Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationHIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS
HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS James J. Eischen, Jr., Esq. November 2013 San Diego, California JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher & Mack, LLP 26+ years of experience
More informationBusiness Associate Considerations for the HIE Under the Omnibus Final Rule
Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationBusiness Associates: HITECH Changes You Need to Know
Business Associates: HITECH Changes You Need to Know Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 Who Is a Business Associate? A
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationHIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act
International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky
More informationHIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013
HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 Orchard Creek Health Care is required by law to maintain the privacy of protected health information (PHI) of our residents. If you feel
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES
ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective
More informationGUIDE TO PATIENT PRIVACY AND SECURITY RULES
AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist
More informationOCR Issues Final Modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to Implement the HITECH Act
OCR Issues Final Modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to Implement the HITECH Act February 20, 2013 Boston Brussels Chicago Düsseldorf Frankfurt Houston
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationSigned into law on February 17, 2009, the Stimulus Package known
Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationPhilip L. Gordon, Esq. Littler Mendelson, P.C.
Beyond The Legal Requirements: Key Practical Issues in Negotiating Business Associate Agreements, Responding to a Breach of Unsecured PHI, and Understanding HHS Enforcement Philip L. Gordon, Esq. Littler
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationImplementation Business Associates and Breach Notification
Implementation Business Associates and Breach Notification Tony Brooks, CISA, CRISC, Tony.Brooks@horne-llp.com Clay J. Countryman, Esq., Clay.Countryman@bswllp.com Stephen M. Angelette, Esq., Stephen.Angelette@bswllp.com
More informationPrivacy & Security The HHS Rule is Out What s New and What s Next. Mary Jo Carden, RPh, JD Director, Regulatory Affairs AMCP mcarden@amcp.
Privacy & Security The HHS Rule is Out What s New and What s Next Mary Jo Carden, RPh, JD Director, Regulatory Affairs AMCP mcarden@amcp.org Disclosure Mary Jo Carden is an employee of the Academy of Managed
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationModel Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationAm I a Business Associate?
Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have
More informationHIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule
HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why
More informationREPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.
REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationTerms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013
Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations
More informationBusiness Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule
Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under
More informationHIPAA privacy and security toolkit: Helping your practice meet new compliance requirements
HIPAA privacy and security toolkit: Helping your practice meet new compliance requirements These materials do not constitute legal advice and are for educational purposes only. The information in this
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationPresented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com
Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationSurviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell. Topics Covered Part One. Topics Covered Part Two.
Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell President & CEO Carosh Compliance Solutions & Liz Mayer, RHIA Director, Organizational Integrity HCI Care Services and VNS
More informationHIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.
HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results
More informationThe MC Academy The Employee Benefits and Executive Compensation Series. HIPAA PRIVACY AND SECURITY The New Final Regulations
The MC Academy The Employee Benefits and Executive Compensation Series HIPAA PRIVACY AND SECURITY The New Final Regulations June 18, 2013 Overview Background Recent Changes to HIPAA Identifying Business
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationHIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012
HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually
More informationNACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA. March 2010
NACHC Issue Brief Changes to the Health Insurance Portability and Accountability Act Included in ARRA March 2010 Prepared By: Marisa Guevara and Marcie H. Zakheim Feldesman Tucker Leifer Fidell, LLP 2001
More informationHIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act
HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationNOTICE OF PRIVACY PRACTICES (NPP)
NOTICE OF PRIVACY PRACTICES (NPP) This Notice contains information about how your medical information may be used and/or disclosed and how you can get access to this information. Please read this Notice
More informationRaymond: Beyond Basic HIPAA - GSHA Convention 2-28-15 1 HIPAA HIPAA HIPAA. Financial. Carol Ann Raymond, MBA, Ed.S., CCC-SLP
Carol Ann Raymond, MBA, Ed.S., CCC-SLP Associate Clinical Professor/Clinic Director Department of Communication Sciences and Disorders Financial o Employed by the University of Georgia o Non-Financial
More informationAdd a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual.
HIPAA/HITECH Policies and Procedures Please read this in its entirety. Add a section in the back of your HIPAA Privacy Manual and HIPAA Security Manual. Give a copy of this to all staff to read and ask
More informationHIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality
HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.
More informationHIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996
HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title
More informationBreaches. Complying with the HIPAA Omnibus Final Rule. Important Definitions. Protected Health Information Includes HIPAA PRIVACY 3/2/2014
Breaches Complying with the HIPAA Omnibus Final Rule You Can Be Successful! Advocate Medical Group in Chicago had 4 desktop computers taken in a burglary that contained the personal information of over
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More information