Business Associate Considerations for the HIE Under the Omnibus Final Rule



Similar documents
Business Associates, HITECH & the Omnibus HIPAA Final Rule

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences

OCR UPDATE Breach Notification Rule & Business Associates (BA)

Business Associate Liability Under HIPAA/HITECH

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS

Business Associates: HITECH Changes You Need to Know

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by.

Creating Stable Security & Compliance Relationships

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

Implementation Business Associates and Breach Notification

Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell. Topics Covered Part One. Topics Covered Part Two.

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.

Legislative & Regulatory Information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

DHHS POLICIES AND PROCEDURES

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

Covered Entities and Business Associates: An Evolving Relationship

The Challenges of Applying HIPAA to the Cloud. Adam Greene, Partner Davis Wright Tremaine LLP

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective

Data Breach, Electronic Health Records and Healthcare Reform

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

Use & Disclosure of Protected Health Information by Business Associates

HIPAA Compliance Guide

Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist.

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE

HIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Regulatory Update with a Touch of HIPAA

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

HIPAA Compliance Guide

New HIPAA regulations require action. Are you in compliance?

New HIPAA Rules: A Guide for Radiology Providers

Breaches, Business Associates and Texting, Oh My! A HIPAA HITECH Update. Overview

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement (BAA) Guidance

My Docs Online HIPAA Compliance

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

HIPAA BUSINESS ASSOCIATE AGREEMENT

Am I a Business Associate?

University Healthcare Physicians Compliance and Privacy Policy

Department of Health and Human Services. No. 17 January 25, Part II

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives

Finally! HHS Issues Proposed Rule Implementing Changes to the HIPAA Privacy, Security and Enforcement Rules under HITECH

OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Sample Business Associate Agreement Provisions

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

Local public health options. Legal Update for NC Public Health Nurse Administrators LOCAL PUBLIC HEALTH IN NORTH CAROLINA 12/6/2013

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel

Breach Notification Decision Process 1/1/2014

New Rules on Privacy, Security, Breach Reporting and Enforcement: Not Just for HIPAA-chondriacs

Business Associates under HITECH: A Chain of Trust

HIPAA Final Rule Changes

FAQ: HIPAA AND CLOUD COMPUTING (v1.0)

BUSINESS ASSOCIATE AGREEMENT. Recitals

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

Privacy & Security The HHS Rule is Out What s New and What s Next. Mary Jo Carden, RPh, JD Director, Regulatory Affairs AMCP mcarden@amcp.

New HIPAA Rules and EHRs: ARRA & Breach Notification

SAMPLE BUSINESS ASSOCIATE AGREEMENT

HIPAA Privacy. Business Associates 101

Shipman & Goodwin LLP All rights HARTFORD STAMFORD GREENWICH WASHINGTON, DC

Headaches and Pitfalls in Business Associate Contract Management

Lawyers as HIPAA Business Associates

Isaac Willett April 5, 2011

Understanding HIPAA Regulations and How They Impact Your Organization!

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

Signed into law on February 17, 2009, the Stimulus Package known

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA Compliance: Are you prepared for the new regulatory changes?

Definitions. Catch-all definition:

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

How To Write A Community Based Care Coordination Program Agreement

Datto Compliance 101 1

Dissecting New HIPAA Rules and What Compliance Means For You

The Patient Portal Ecosystem: Engaging Patients while Protecting Privacy and Security

Philip L. Gordon, Esq. Littler Mendelson, P.C.

October 22, CFR PARTS 160 and 164

HIPAA Privacy and Information Security Management Briefing

HIPAA/HITECH Rules Proposed: Major Changes Looming for Business Associates and Subcontractors

BUSINESS ASSOCIATE AGREEMENT

HIPAA Compliance in 2013:

Transcription:

Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair

Agenda Who is a Business Associate? Omnibus Final Rule Impacts to Business Associates Business Associate Agreements under HITECH Role of Governance of HIEs as Business Associates Page 2

Who is a Business Associate?? Final Rule: An entity that creates, receives, maintains, or transmits [PHI] for a function or activity regulated by [HIPAA] on behalf of a Covered Entity Final Rule expanded the definition of Business Associates to include: Health Information Organizations (HIEs and RHIOs) E-prescribing Gateways PHR providers on behalf of a CE Patient Safety Organizations Subcontractors that create, receive, maintain, or transmit PHI on behalf of BAs Subcontractor means a person whom a BA delegates a function, activity, or service, other than in the capacity of a member of the workforce of such BA Mere Conduit vs. Business Associate with Routine Access to PHI Page 3

Summary of Impacts to Business Associates Under HITECH Omnibus Final Rule The Final Rule requires BAs to comply with the HIPAA Security Rule in the same manner as a CE Disclosure of PHI must be kept to limited data set or minimum necessary BA must comply with the certain HITECH Privacy requirements to the extent applicable to BA s services and access to PHI on behalf of CE Health Provider must honor a request by an individual to restrict disclosure of PHI to a Health Plan if the individual pays for associated service out-of-pocket in full Individual has right to a copy of PHI in an electronic format Sale of PHI prohibited unless authorized by individual Certain marketing communications require authorizations Let s not forget Breach Notification Obligations BAs subject to direct enforcement by HHS Office for Civil Rights Page 4

Business Associate Agreements Final Rule clarified the required additional HITECH BAA provisions: BA required to comply with Security Rule obligations BA must report to CE any breach of unsecured PHI as required by the Breach Notification Rule BA must enter into BAAs with subcontractors imposing the same obligations that apply to BA BA must comply with the Privacy Rule to the extent the BA is carrying out a CE s obligations under the Privacy Rule Other Considerations Agency Relationship a CE (or BA) is liable for the acts or omissions of its downstream entity acting within the scope of agency Implementation Time-Line - Up to one additional year 9/22/2014 Data Security Agreements Page 5

HIE Governance for Nationwide Health Information Exchange ONC s Documented Framework for HIE Governance Increase interoperability Increase trust among participants of the HIE Decrease cost and complexity Organizational Principles identify general approaches for good self governance Trust Principles Guide entities on patient privacy, data access and data management Business Principles financial and operational policies and transparency Technical Principles use of standards to support Trust and Business principles as well as promoting interoperability Resource: http://www.healthit.gov/policy-researchers-implementers/healthinformation-exchange-governance Page 6

Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. joseph.mcclure@siemens.com 610-219-9101 Page 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information