Getting Hip to the HIPAA and HITECH Act Compliance

Similar documents
ELECTRONIC HEALTH RECORDS

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA Compliance Annual Mandatory Education

The Basics of HIPAA Privacy and Security and HITECH

HIPAA Security Rule Compliance

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

HIPAA PRIVACY AND SECURITY AWARENESS

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

HIPAA In The Workplace. What Every Employee Should Know and Remember

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

Why Lawyers? Why Now?

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles

Security Is Everyone s Concern:

OCR UPDATE Breach Notification Rule & Business Associates (BA)

New HIPAA regulations require action. Are you in compliance?

HIPAA Privacy Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Health Information Privacy Refresher Training. March 2013

HIPAA Privacy at SCG...

HIPAA 101. March 18, 2015 Webinar

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

Community First Health Plans Breach Notification for Unsecured PHI

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

PHI- Protected Health Information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist.

HIPAA and HITECH Compliance for Cloud Applications

MOBILE DEVICE SECURITY POLICY

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA COMPLIANCE PLAN FOR 2013

Security Compliance, Vendor Questions, a Word on Encryption

SECURITY RISK ASSESSMENT SUMMARY

What do you need to know?

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Texas Medical Records Privacy Act

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September Nashville Knoxville Memphis Washington, D.C.

Privacy Compliance Health Occupations Students

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

HIPAA Employee Compliance Program TRAINING MANUAL

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HIPAA Privacy & Security Rules

Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

What s New with HIPAA? Policy and Enforcement Update

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

New Privacy Laws Impacting the Health Care Work Place

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

COMPLIANCE ALERT 10-12

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July Tex Med. 2012;108(7):33-37.

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

Practices to Research Data in Light of HIPAA and ANPRM

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

Protecting Privacy & Security in the Health Care Setting

HIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

Our Commitment to Information Security

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

How To Protect Your Health Care From Being Stolen From Your Computer Or Cell Phone

HIPAA WEBINAR HANDOUT

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

HIPAA and Privacy Policy Training

HIPAA Enforcement Training for State Attorneys General

The ReHabilitation Center Buffalo Street. Olean. NY

The Impact of HIPAA and HITECH

Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

Transcription:

Getting Hip to the HIPAA and HITECH Act Compliance NaNotchka M. Chumley, D.O., M.P.H. Family Medicine Physician Los Angeles, CA Integrating Global Trade & Logistic and Cybersecurity Westin St. Francis, Union Square, San Francisco, CA November 13, 2015

MODERATOR Dr. NaNotchka M. Chumley Family Medicine

Panelists Dr. Katrina Peters General and Forensic Psychiatrist Dr. Suzanne Cutter Surgical Oncologist

HIPAA: Health Insurance Portability and Accountability Act Health Insurance Portability and Accountability Act of 1996, law 104-191, 110 Statute 1936 Enacted August 21, 1996 by United States Congress and signed by former President Bill Clinton AKA : The Kennedy-Kassebaum Act. named after 2 of its leading sponsors It defines policies, and guidelines procedures for maintaining the privacy and security of individually identifiable health information Outlines numerous offenses relating to healthcare and sets civil and criminal penalties for violations Creates several programs to control fraud and abuse within the healthcare system Requires the establishment of National standards for electronic healthcare transactions (EHR) and National identifiers for providers, health insurance plans and employers

5 HIPAA Rules 1. The Privacy Rule 2. The Transition and Code Sets Rule 3. The Security Rule 4. The Unique Identifiers Rule 5. The Enforcement Rule

The Privacy Rule Major goal Assure that your health information is protected Includes demographic information that relates to an individual's, past, present or future physical, mental health or condition that can be used to identify a member The provision of health care to an individual The past, present or future payment for the provision of healthcare to the individual and Protected health information, protection to business associates, trading partners and their associates through formal contract

The HIPAA Privacy Regulations Impact All functions; Information systems; Personnel; Facilities; Policies and Procedures

Major HIPAA Privacy Rule Requirements Notice of Information Practices Minimum Necessary Information Release Patient Privacy Requirements Staff Training Formal Documentation Requirements

HIPAA Requirements Patient Consent Patient Authorization Minimum Necessary Disclosure Oral Communications Business Associates Right of Access Right to Amend Right of Accounting for Disclosures of PHI Privacy Official Dispute Resolution Privacy rule documentation

The Security Rule Establishes national standards to protect individuals' electronic personal health information that is received, created, used or maintained by a covered entity ( organizations subject to the privacy rule)

The Security Rule Physical and technical safe guards to ensure The Confidentiality The Integrity and The Availability and The Security of electronic protected health information

The Security Rule The security regulations enable much of the confidentiality protection as well as ensuring availability following: Emergencies Natural Disasters Other interruptions to service

The Security Rule The security regulations protects the availability of the electronic data Ensure that It is available when needed by authorized personnel or information systems Not available Inadvertently or Maliciously to personnel not authorized to receive the information

The Security Rule Protects the integrity of the electronic data Ensures that data is not inadvertently or maliciously altered Security measures include Computer and network security Encryption of all data User authentication

TOP 10 Tips for Cybersecurity in Healthcare Establish a security culture Protect Mobile Devices Maintain good computer habits Use a firewall Install and maintain anti virus software Plan for the unexpected Control Access to protected Health Information Use strong passwords and change them regularly Limit Network Access Control physical Access

The Enforcement Rule Secretary of HHS adopted enforcement and penalties: Compliance Civil money penalties Criminal penalties

The Numbers $21,906,500 Monetary settlements $4.3 Million HIPAA Privacy Rule Violations $15,581,000 Monetary Resolution Agreements 115,929 Complaints received HIPAA Privacy Rule 23,580 Number of cases Investigated and resolved

The Numbers Lost or stolen laptops, smart phones, and computer tablets account for 39% of the security incidents in healthcare and 78% of the records compromised in security breaches

HIPAA Risk Assessment The nature and extent of the PHI breach The unauthorized person who used the PHI or to whom the disclosure was made Whether the PHI was actually acquired or viewed The extent to which the risk to the PHI has mitigated

HIPAA 4 Things To Avoid 1. Texting or emailing unencrypted PHI 2. Failure to conduct a Risk Analysis 3. Failing to update the notice of private practices 4. Not providing sufficient training

HITECH Act Health Information Technology for Economic and Clinical Health Act Designed to promote wide spread adoption and standardization of health information technology and requires the DHHS to modify the HIPPA Privacy, Security and Enforcement rules to strengthen the privacy and security protections for health information and to the workability and effectiveness of the HIPPA rules

HIPAA & Medical Providers HIPPA becomes a tangle for medical providers The law requires that your medical information be protected Keeping your medical records under lock and key, or password protected and file encryption or digital information stored on a hospital's network Requires your doctor to give you a notice telling you all about HIPPA The HIPPA privacy rule applies the concept of minimum necessary information consistent with its use

References US Department of Health and Human Services Office for Civil Rights Medical Economics.com/ Medical Economics.com/2015-Best- EHRs http://www.hhs.gov/ocr/hippa

Acronyms HIPPA Health Insurance Portability and Accountability Act (HIPPA) PHI Protected Health Information (PHI) OCR Office of Civil Rights (OCR) HHS U.S. Department of Health and Human Services (HHS) HITECH Health Information Technology for Economic and Clinical Health Act (HITECH) CI Covered Entities (CI) Health plans, healthcare providers and health care clearing houses NPP Notice of Privacy Practices (NPP) TPO Treatment, payment and health care operations (TPO)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information