HIPAA Training 2010. For Research Investigators and Study Staff

Similar documents
HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA The Law Explained. Click here to view the HIPAA information.

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5

Whitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

HIPAA Privacy Overview

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

MYTHS AND FACTS ABOUT THE HIPAA PRIVACY RULE PART 1

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

BUSINESS ASSOCIATE AGREEMENT

HIPAA and Privacy Policy Training

HIPAA: Privacy/Info Security

BUSINESS ASSOCIATE AGREEMENT

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

HIPAA Privacy at SCG...

Frequently Asked Questions About the Privacy Rule Under HIPAA

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc HIPAA Hotline

Limited Data Set Background Information

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

HIPAA. August 12, 2008

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HIPAA-P01 Uses and Disclosures of Protected Health Information Policy

HIPAA Security Training Manual

By the end of this course you will demonstrate:

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. Recitals

Privacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of HIPAA

HIPAA Privacy Summary for Fully-insured Employer Groups

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

BUSINESS ASSOCIATE AGREEMENT

Department of Health and Human Services Policy ADMN 004, Attachment A

Health Insurance Portability and Accountability Act (HIPAA)

University Healthcare Physicians Compliance and Privacy Policy

Healthcare Compliance and Hybrid Entity Designation

SCDA and SCDA Member Benefits Group

Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy

HIPAA Employee Training Guide. Revision Date: April 11, 2015

HIPAA Security Rule Compliance

HIPAA BUSINESS ASSOCIATE AGREEMENT

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HIPAA BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

HIPAA Compliance for Students

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

HIPAA Privacy & Security Training for Clinicians

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

HIPAA Overview. Health Insurance Portability and Accountability Act of 1996 (PL )

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

The HIPAA Privacy Rule: Overview and Impact

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

HIPAA Privacy Summary for Self-insured Employer Groups

HIPAA In The Workplace. What Every Employee Should Know and Remember

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist.

Appendix : Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE ADDENDUM

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

ELECTRONIC HEALTH RECORDS

The benefits you need... from the name you know and trust

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Orientation. Health Insurance Portability and Accountability Act

BUSINESS ASSOCIATE AGREEMENT ( BAA )

University of California Policy

COMPLIANCE ALERT 10-12

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

HIPAA Policies and Procedures

Connecticut Carpenters Health Fund Privacy Notice

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

HIPAA Privacy & Security Rules

BUSINESS ASSOCIATE AGREEMENT

HIPAA: In Plain English

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

SDC-League Health Fund

HIPAA Privacy Overview

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

HIPAA Privacy Regulations: Frequently Asked Questions

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

Detailed Notice of Privacy Practices Effective Date: September 20, 2013

Health Information Privacy Refresher Training. March 2013

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

Texas Medical Records Privacy Act

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Education Level One For Volunteers & Observers

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

Transcription:

HIPAA Training 2010 For Research Investigators and Study Staff

HIPAA IS... THE HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 Portability Created to ensure access to health coverage Allows for continuity in health coverage Prevents denial due to a pre-existing condition(s) Accountability Healthcare fraud is a federal crime Fines and/or jail time may apply Individuals and organizations could face sanctions

Privacy Rule HIPAA s Privacy rule focuses on the safeguarding of a patient s Protected Health Information (PHI) PHI = Any form of information that can identify, relate, or be associated with an individual obtaining health care services. IIHI = Individually Identifiable Health Information are data elements that make up PHI, e.g.; Name, Address, SSN, Phone Number, Medical Record Number, Diagnosis, Test Results, Photographs, Doctors notes, Health Plan Information, etc.

Who, at SBU, is required to protect PHI in Research? - All SBU investigators, who conduct research where individually identifiable health information is used, generated, or disclosed. - Investigators who provide health care as part of their research and are involved in standard electronic transactions. - All UH faculty and staff must additionally comply with SBUH policies and procedures pertaining to the HIPAA Privacy and Security Rules.

When does HIPAA not apply? When the health information is properly de-identified by either: 1) Written attestation provided to CORIHS by an expert in deidentification methods that there is very minimal risk the information being generated, used or disclosed can be used to identify the subject, or 2) The SBU investigator certifies to CORIHS, utilizing the HIPAA De-Identification Form, that all of the 18 identifiers are removed and that the remaining information can not practicably be used to identify the subject.

Rights of University Hospital Patients Who Become Research Subjects at SBU To receive a copy of the Stony Brook Organized Health Care Arrangement (SBOHCA) or Joint Notice of Privacy Practices (NOPP) which informs them how their health information is going to be generated, used and disclosed. To have access to their health information you have gathered for research purposes (generally once their participation has ended); To be notified of possible third party disclosures that may be made for research purposes. This is done via the research consent form.

Waiver of Subject HIPAA Authorization When the research Is deemed minimal risk, or Involves only deceased subjects, or Involves only a limited data set then a waiver from obtaining HIPAA Authorization from the subject can be granted. Minimum Necessary and Accounting of Disclosure Requirements may apply (refer to Standard Operating Procedures which can be found at https://web.stonybrook.edu/research/humans-sop/shared%20documents/section16.aspx)

Security: what do I need to know? No PHI in outgoing e-mail (including file attachments). All individually identifiable health information must be stored in a password protected application/program/file. Sharing of user names and passwords (user access) is strictly prohibited. Storage of IIHI or Protected Health Information on mobile devices that are not encrypted and password protected is strictly prohibited and a violation of the HIPAA Security Rule. There are several secure methods of transmitting PHI electronically consultation with the Information Security Officer is highly recommended.

Violations SBU faculty, staff and students are required to report to CORIHS either potential or actual violations of a subject s privacy rights as defined by SBU CORIHS Standard Operating Procedures found at: https://web.stonybrook.edu/research/humans-sop/shared%20documents/section16.aspx SBUH faculty and staff are required to report to their supervisor or the SBUH Privacy Officer either potential or actual violations of a patient s privacy rights as defined by SBUH Policy and Procedure (SBUH Administrative Policy RI: 0038 Confidentiality of Protected Health Information) Health Care Providers who violate HIPAA Privacy and Security regulations may be subject to potential criminal and civil penalties.

Who/What are my resources when I have? s Judy Matuk, Assistant Vice President, Research Compliance 632-9036 (2-9036) Stephanie Musso, SBUH Privacy Officer 444-5796 (4-5796) Tom Consalvo, Information Security Officer 444-6730 (4-6730) Standard Operating Procedures found at: https://web.stonybrook.edu/research/humans-sop/shared%20documents/section16.aspx

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information