NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH
|
|
- Audrey Shaw
- 5 years ago
- Views:
Transcription
1 NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH
2 Speakers Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy and Security HIMSS Amy S. Leopard Walter and Haverfield, LLP
3 Topic Overview Terminology Legislative/Regulatory History of HIPAA ARRA/HITECH What changes did it make to HIPAA? NPRM Background and Public Feedback Parameters NPRM Content Changes required by HITECH Additional changes to HIPAA beyond what is required by HITECH
4 Regulation Terminology After Congressional bills become laws, federal agencies are responsible for putting those laws into action through regulations. The types of regulations include: Notices from the Federal Register; Proposed Rules; Final Rules. Documents such as public comments and supporting materials are often associated with these regulations. (Rule and) Rulemaking A type of regulation that establishes a rule, the means by which congressional laws are implemented Rulemaking Process The process federal agencies use to formulate, amend or repeal a regulation. This process often contains a proposed rule and a final rule, and may accept public comments during specified time periods. Statute - Law a. an enactment made by a legislature and expressed in a formal document b. the document in which such an enactment is expressed 1 Federal Rulemaking Glossary accessed at: 2
5 Legislative History of HIPAA HIPAA Statute Required: Establishment of national standards for the electronic transmission of certain health information, Creation of standards for certain health care transactions conducted electronically and code sets and unique health care identifiers for health care providers and employers, Establishment of national standards to protect the privacy and security of personal health information, and Establishment of civil money and criminal penalties for violations of the Administrative Simplification provisions
6 HIPAA Regulations Requirements for Covered Entities Privacy Rule Protect individuals electronic health information by regulating the circumstances under which covered Have contracts or other arrangements in place with business associates Security Rule Applies only to protected health information in electronic form Implement certain administrative, physical, and technical safeguards to protect this electronic information
7 HIPAA Regulations Requirements for HHS Enforcement Enforcement Rule Establishes rules governing the compliance responsibilities of covered entities with respect to cooperation in the enforcement process Provides rules governing the investigation by HHS Provides rules for establishing the amount of a civil money penalty Establishes rules governing the procedures for hearings and appeals
8 ARRA/HITECH What changes did it make to HIPAA? Applied HIPAA to Business Associates - Priv & Sec Rule Created New/Updated Privacy Statutes Privacy Rule Breach Notification Accounting of Disclosures Marketing/Sale of PHI Patient Access/Disclosure Restrictions Limited Data Set/Minimum Necessary Modified Enforcement/Penalties - Enforcement Rule
9 Notice of Proposed Rule Making Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act RIN: 0991-AB57 eve 60 day comment period from date of publication in Federal Register Publication date: July 14, 2010 Comment due date: September 13, 2010
10 Modifications to the HIPAA Privacy Rule
11 Modifications to the HIPAA Privacy Rule in this NPRM Applies Privacy Rule to BAs, provides transition provisions Modifies definitions of Healthcare Operations, Marketing Modifies definition of Minimum Necessary and discusses applicability to BAs Strengthens patient options to opt out of fundraising communications Modifies authorizations required for Sale of PHI Research - discusses Compound Authorizations and Authorizing Future Research Use or Disclosure Discusses PHI about Deceased individuals Discusses Disclosure of Student Immunization Records
12 HITECH for Business Associates New definition of BAs May not use or disclose PHI in violation of Privacy Rule Directly comply with all HIPAA Security Rule administrative, physical, and technical safeguards and documentation requirements Now subject to HIPAA civil and criminal enforcement and penalties in addition to contractual liability New duties under NPRM
13 Business Associate Definition Patient Safety Organizations (PSOs) HIOs and E-Rx Gateways Or person providing data transmission services with respect to PHI to CE and require access on a routine basis to that PHI Not: mere conduits for transport of PHI that do not access PHI on other than a random or infrequent basis Vendors offering PHR to individuals on behalf of a CE BA Subcontractors that create, receive, maintain or transmit PHI on BA s behalf All definitions apply even if CE/BA fails to enter required BAA
14 Business Associate Definition Not a BA and no BAA required clarifications Mere conduits for transport of PHI that do not access PHI on other than a random or infrequent basis CE PHI disclosures to a healthcare provider re: treatment Vendors offering PHR to individuals on their own behalf and not on behalf of CE But will be a PHR vendor subject to FTC Temporary PHR Breach Notification ( 13407) rules Proper health plan disclosures to plan sponsors under HIPAA Eligibility, enrollment and PHI collections between Govt. health and another government agency to extent authorized by law CE participating in an organized health care arrangement performing certain function or activity on behalf of OHCA involving PHI
15 BAA BAA Covered Entity Bus. Associate Subcontractor Downstream entities also must comply with Privacy and Security standards to same extent as BAs Subcontractor acts on behalf of BA, other than in the capacity of BA workforce member Create receive, maintain, or transmit PHI on behalf of a BA BA must obtain satisfactory assurances from subcontractor on privacy and security protections in the form of a BAA CEs not required to obtain BAA from subcontractor If BA knows of sub-ba pattern of activity or practice constituting breach of sub-ba s obligations under BAA, may need to either terminate BAA or report problem to HHS if termination not feasible NPRM new Business Associate proposed Chain of Trust concept 15
16 HIPAA/HITECH BA and Sub-BA Administrative Requirements Compliance Policies and Procedures Training Individual Rights Infrastructure for oversight HIPAA Privacy and Security P&P Functional training of workforce members E-access, e-copy and accounting for disclosures Designate Privacy & Security Officials Security Risk Assessment and procedures Workforce sanctions and non-retaliation Authorization for sale of PHI Compliance reporting and documentation, complaints, reviews and investigations Mitigate harmful effects of HIPAA violations Breach of Unsecured PHI notice Health plan disclosure restriction Right to amend 16
17 Amending BA Agreements NPRM Compliance deadlines and transition periods for BA agreements General Rule = must comply with final Rule no later than 180 days following the effective date Transition Period = 240 days (from the publication of final Rule) PLUS 1 year Conditions Must have compliant BAA or other agreement in place prior to the publication date of final Rule No renewal or modification between the effective date and the compliance date of final Rule.
18 Amending BA Agreements Regulatory issues See NPRM (e)(2) (e)(4) Pattern or practice, e-phi safeguards, unsecured PHI breach, HIPAA compliance, sub-baas and BA duty to maintain BAA with sub-ba under NPRM (e)(5) Consider timing, data use agreement issues when using a limited data set risk assessment of BA activities is critical issue Note: NPP and Authorizations will change as well under final rule
19 BAAs and Sub BAA Analysis More Sophisticated under HITECH BA is agent Full-blown PHI Sensitive Data Data Repository Confirmatory diligence LDS only BA High Level of Sophistication All Encryption + strong privacy LDS, No zip Or DOB Use of Sub-BA? Business Associate Agreements
20 Breach Notification HITECH Statutory Requirements Establishes a federal security breach notification requirement for breach of protected health information Requires each individual be notified if their unsecured PHI is accessed, acquired or disclosed as a result of the breach Requires notification to Sec HHS and prominent media outlets if more than 500 individuals impacted Applies to PHR vendors Interim Final Rule published effective Sept. 23, 2009 NPRM Specifications NOT ADDRESSED IN THIS NPRM Reference IFR, already in effect: ationifr.html
21 Accounting of Disclosures HITECH Statutory Requirements Gives patients the right to request an accounting of disclosures of their health information made through an EHR Secretary of HHS to promulgate regulations that take into account the interests of individuals in learning when and to whom their information is disclosed, the usefulness of the information to the individual, and the cost burden for such accounting NPRM Specifications NOT ADDRESSED IN THIS NPRM Subject of future rulemaking by HHS/OCR
22 Healthcare Operations NPRM Specifications Modifies the definition of health care operations to include a reference to patient safety activities Related to Marketing of PHI a communication by a covered entity or business associate that is about a product or service and that encourages recipients of the communication to purchase or use the product or service shall not be considered a health care operation and will now be considered marketing CEs/BAs may no longer receive payment in any for any communication now considered to be marketing, which is a change from HIPAA
23 Marketing/Sale of PHI HITECH Statutory Requirements Provides new restrictions on marketing using PHI Marketing Communications are not Health Care Operations (with some exceptions) Provides new restrictions on payment for PHI prohibits a CE/BA from receiving remuneration in exchange for any PHI without a valid authorization from the individual (with some exceptions)
24 Marketing Modify definition as follows: Sale Marketing/Sale of PHI NPRM Specifications revise the exceptions to marketing to better distinguish the exceptions for treatment communications from those communications made for health care operations; add a definition of financial remuneration provide that health care operations communications for which financial remuneration is received are marketing and require individual authorization; provide that written treatment communications for which financial remuneration is received are subject to certain notice and opt out conditions provide a limited exception from the remuneration prohibition for refill reminders; and remove the paragraph regarding an arrangement between a covered entity and another entity in which the covered entity receives remuneration in exchange for protected health information. Require a covered entity to obtain an authorization for any disclosure of protected health information in exchange for direct or indirect remuneration. This authorization must state that the disclosure will result in remuneration to the covered entity Exceptions generally follow statutory requirements Prohibits downstream disclosure for remuneration unless separate authorization in place
25 Research NPRM Specifications Compound Authorizations Discusses concerns with Compound Authorizations Discusses circumstances where they are allowed Authorizing Future Research Use or Disclosure Discusses allowing authorizations that include future research Makes clear it would not alter an individual s right to revoke the authorization for the use or disclosure of protected health information for future research at any time Specifically request comment on proposed changes
26 PHI about Deceased individuals NPRM Specifications Codifies Period of Protection 50 years Requests comments on this timeframe Discusses Disclosures About a Decedent to Family Members and Others Involved In Care
27 Disclosure of Student Immunizations to Schools NPRM Specifications HHS now regards disclosure of immunization records to schools to be a public health disclosure Once disclosed to school, information is protected by FERPA rather than HIPAA
28 Limited Data Set/Minimum Necessary NPRM Specifications Requires that covered entities to consider a limited data set as the minimum necessary for a particular use, disclosure, or request of protected health information, and requires the Secretary to issue guidance to address what constitutes minimum necessary under the Privacy Rule Requires that a covered entity or business associate that discloses protected health information for public health activities or research in limited data set form is also excepted from the authorization requirement Requesting comment on guidance needed
29 Fundraising NPRM Specifications Requires CEs to provide individuals with a clear and conspicuous opportunity to opt out of receiving fundraising communications and by requiring that an opt out be treated as a revocation of authorization under the Privacy Rule Requires CEs to inform individuals in its notice of privacy practices that it may contact them to raise funds for the covered entity Requires that fundraising materials sent contain a description of how the individual may opt out of receiving future fundraising communications Requires that a CE may not condition treatment or payment on an individual s choice with respect to receiving fundraising communications
30 Notice of Privacy Practices NPRM Specifications Requires statement(s) that: Describes the uses and disclosures of protected health information that require an authorization that other uses and disclosures not described in the notice will be made only with the individual s authorization Requires specific statement that most uses and disclosures of psychotherapy notes and for marketing purposes require an authorization Explains that authorizations are required for marketing and fundraising Clarifies that CEs must accept restriction requests and removes statement from NPP that CEs are not required to comply Request comment on whether NPP should contain discussion of CEs obligations with respect to Breach Notification Discusses/request input on how to reduce the burden to organizations of notifying individuals when there are material changes to NPP
31 Patient Access/Disclosure Restrictions HITECH Statutory Requirements Access - Gives individuals the right to receive an electronic copy of their PHI, if it is maintained in an electronic health record, for which the provider may charge a fee Disclosure describes the circumstances under which a CE must implement a request for restrictions of disclosures
32 Patient Access/Disclosure Restrictions NPRM Specifications Patient Access to Electronic Health Record Patient Right to Restrict Disclosures Requires a covered entity to agree to a restriction on disclosure to a health plan if: (A) the disclosure is for the purposes of carrying out payment or healthcare operations and is not otherwise required by law; and (B) the protected health information pertains solely to a health care item or service for which the individual, or person on behalf of the individual other than the health plan, has paid the covered entity in full. Clarifies that if a restriction placed on a disclosure to a health plan, the covered entity is also prohibited from making such disclosure to a business associate of the health plan.
33 Other Changes to Privacy Rule Other Technical and Conforming Changes Regulatory Analyses Includes regulatory impact statement Discusses cost and administrative burden of new provisions Discusses benefits to individuals
34 Modifications to Security Rule Applies all provisions of Security Rule to BAs Hybrid Organizations requesting comments Organizational - remove BAA contract requirements from Security Rule that are duplicative of those in Privacy Rule
35 Enforcement/Penalties HITECH Statutory Requirements Requires HHS to conduct periodic audits of covered entities and business associates Imposes direct civil money penalty liability on business associates for violations of the HITECH Act and certain Privacy and Security Rule provisions Allows criminal penalties to apply to individuals Provides new system of civil monetary penalties Modifies distribution of certain civil monetary penalties collected Requires HHS to investigate all complaints Allows State Attorneys General to bring a civil action in federal court on behalf of the residents of their state
36 Enforcement/Transition/Penalties NPRM Specifications Discusses HHS proposed approach to compliance monitoring, investigations Discusses principles of cooperation and assistance Clarifies definitions of terms such as reasonable cause, knowledge, reasonable diligence and willful neglect and provides illustrative examples Discusses basis for and determination of a civil money penalty Discusses transition period for BAs
37 Additional changes to HIPAA in NPRM to improve the workability and effectiveness of all three HIPAA Rules Changes term individually identifiable health information in the definition of business associate to protected health information Revises the definition of electronic media Discusses and clarifies preemption of state law
38 Meaningful Use Final Rules Webinar Series July 21 11:00 AM-12:00 PM Central Overview of Meaningful Use C. Martin Harris, MD, MBA, FHIMSS HIMSS Chairman of the Board July 28 12:00-1:00 PM Central Implications of Meaningful Use for Hospitals August 4 12:00-1:00 PM Central Implication of Meaningful Use for Eligible Professionals August 11 12:00-1:00 PM Central Meaningful Use and Quality Measures August 18 12:00-1:00 PM Central Regulatory Impact for Business Associates August 25 12:00-1:00 PM Central Overview of Standards, Implementation Specifications and Certification Criteria
39 Questions??
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationLegal and Privacy Implications of the HIPAA Final Omnibus Rule
Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,
More informationOmnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule
Office of the Secretary Office for Civil Rights () HIPAA/HITECH Omnibus Final Rule April 12, 2013 HHS Office for Civil Rights Omnibus Components Final Rule on HITECH Privacy, Security, & Enforcement Provisions
More informationNew HIPAA-HITECH Proposed Regulations Issued
July 2010 New HIPAA-HITECH Proposed Regulations Issued On Thursday July 14, 2010, the Department of Health and Human Services (HHS) published proposed regulations in the Federal Register on many provisions
More informationThe wait is over HHS releases final omnibus HIPAA privacy and security regulations
The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under
More informationHHS, Office for Civil Rights. IAPP October 11, 2012
HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities
More informationTo: Our Clients and Friends January 25, 2013
Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health
More informationACC Compliance and Ethics Committee Presentation February 19, 2013
ACC Compliance and Ethics Committee Presentation February 19, 2013 Melinda G. Murray Associate General Counsel, Holy Cross Hospital and Jill M. Girardeau Partner, Womble Carlyle Sandridge & Rice, LLP HIPAA
More informationCoping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!
Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,
More informationFifth National HIPAA Summit West
Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More information2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners
2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners Providers, and Partners 2 Editor s Foreword What follows are excerpts from the U.S. Department of Health and
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More informationHealth Law Diagnosis
February Page 1 of 2013 11 Health Law Diagnosis HHS Releases Final HITECH Omnibus Rule After waiting over two years from the publication of the Notice of Proposed Rulemaking to implement provisions of
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection
More informationAFTER THE OMNIBUS RULE
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member
More informationGetting a Grip on HIPAA
Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy
More informationCompliance Steps for the Final HIPAA Rule
Brought to you by The Alpha Group for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions.
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationHIPAA Enforcement Under the HITECH Act; The Gloves Come Off
HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are
More informationARRA s Amendments to HIPAA Privacy & Security Rules
ARRA s Amendments to HIPAA Privacy & Security Rules Georgina L. O Hara Jessica R. Bernanke April 29, 2009 www.morganlewis.com Amended HIPAA Privacy and Security Rules HIPAA Amendments are in The Health
More informationManagement Alert Final HIPAA Regulations Issued
Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,
More informationHIPAA Omnibus Final Rule and Research
Office of the Secretary Office for Civil Rights () HIPAA Omnibus Final Rule and Research Federal Demonstration Partnership September 17, 2013 Christina Heide, JD Senior Health Information Privacy Policy
More informationHIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by
HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement
More informationHIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school
ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes
More informationNew HIPAA Rules and Implications for the Industry January 29, 2013
New HIPAA Rules and Implications for the Industry January 29, 2013 **Audio for this webinar streams through the web. Please make sure the sound on your computer is turned on. If you need technical assistance,
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy
More informationIT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW [OBER KALER]
IT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW Publication IT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW [OBER KALER] Author James B. Wieland 2012: Issue
More informationPreparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013
Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients
More informationHIPAA Compliance Under the Magnifying Glass
HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information
More informationHIPAA Omnibus Rule Compliance
HIPAA Omnibus Rule Compliance Jana Aagaard, JD Senior Counsel, Privacy/HIT Dignity Health Christy Navarro, MS CIPP/US Director, Chief Privacy Officer - Ascendian 1 Overview Background What Should Be Done
More informationARRA 2009: Privacy and Security Provisions. Deven McGraw
ARRA 2009: Privacy and Security Provisions Deven McGraw 1 Health Privacy Project at CDT Health IT and electronic health information exchange have tremendous potential to improve health care quality, reduce
More informationOmnibus HIPAA Rule: Impact on Covered Entities
Presenting a live 90-minute webinar with interactive Q&A Omnibus HIPAA Rule: Impact on Covered Entities Complying with New Requirements, Managing Risk and Responding to a Data Breach TUESDAY, MARCH 12,
More informationThe American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again
ClientAdvisory The American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again February 26, 2009 On February 17, 2009, President Obama signed into
More informationGUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do
GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do By D Arcy Guerin Gue, Phoenix Health Systems, a division of Medsphere Systems Corporation With Steven J. Fox, Post & Schell Originally commissioned
More informationHIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules
HIPAA Compliance PART I: HHS Final Omnibus HIPAA Rules Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com February 6, 2013 www.securityprivacyandthelaw.com HIPAA Compliance: PART I 1 Finally!
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA OMNIBUS FINAL RULE HITECH GINA TERMINOLOGY OMNIBUS FINAL RULE Issued January 23, 2013 Effective March 26, 2013 Modified HIPAA privacy and security
More informationCompliance Steps for the Final HIPAA Rule
Compliance Steps for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions. The final rule
More informationHIPAA: Impact on Corporate Compliance
HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates March 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy E.
More informationHIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights
HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement
More informationChanges to HIPAA Under the Omnibus Final Rule
Changes to HIPAA Under the Omnibus Final Rule Kimberly J. Kannensohn and Nathan A. Kottkamp, McGuireWoods 1 The Long-Awaited HIPAA Final Rule On Jan. 17, 2013, the Department of Health and Human Services
More informationVOL. 0, NO. 0 JANUARY 23, 2013
Health IT Law & Industry Report VOL. 0, NO. 0 JANUARY 23, 2013 Reproduced with permission from Health IT Law & Industry Report, 5 HILN 4, 01/23/2013. Copyright 2013 by The Bureau of National Affairs, Inc.
More informationHITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013
HITECH/HIPAA Omnibus Final Rule: Implications for Hospices Elizabeth S. Warren May 3, 2013 Final Rule is Finally Here Published January 25, 2013 (78 Fed. Reg. 5566) Effective March 26, 2013 Compliance
More informationHIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.
HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,
More informationO n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report
Privacy and Security Law Report Reproduced with permission from Privacy & Security Law Report, 12 PVLR 168, 02/04/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
More informationHIPAA OMNIBUS FINAL RULE
HIPAA OMNIBUS FINAL RULE Webinar Series Part 3 Breach Notification April 16, 2013 I. BACKGROUND 2 1 Background > HIPAA Omnibus Final Rule: Announced on January 17, 2013 Published in Federal Register on
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA at 510-654-5383 for alternatives.
More informationMEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013
More informationBreach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule
Breach Policy To provide guidance for breach notification when impressive or unauthorized access, acquisition, use and/or disclosure of the ephi occurs. Breach notification will be carried out in compliance
More information1.) The Privacy Rule (Part 164, Subpart E)
1.) The Privacy Rule (Part 164, Subpart E) 164.500 Applicability 164.501 Definitions (health care operations, marketing, underwriting purposes, payment) 164.502 Uses and disclosures of protected health
More informationMEMORANDUM. Kirk J. Nahra, or
MEMORANDUM TO: FROM: Interested Parties Kirk J. Nahra, 202.719.7335 or knahra@wileyrein.com DATE: January 28, 2013 RE: The HIPAA/HITECH Omnibus Regulation After almost four years, the Department of Health
More informationHITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government
HITECH and HIPAA: Highlights for Health Departments Aimee Wall UNC School of Government When Congress enacted sweeping legislation in February designed to stimulate the nation s economy, it incorporated
More informationCROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF
CROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Update 2-17-2016 CROOK COUNTY RECORD OF CHANGES 2 TABLE OF CONTENTS Introduction HIPAA
More informationHIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE Policy Preamble This privacy policy ( Policy ) is designed to
More informationOMNIBUS RULE ARRIVES
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule is here Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationHayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule
Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More informationSATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE
SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE This newsletter summarizes the highlights of the Final Omnibus HIPAA Privacy and Security Rule announced by the Department of Health
More informationHighlights of the Final Omnibus HIPAA Rule
Highlights of the Final Omnibus HIPAA Rule Health Information & the Law Project 1 Jane Hyatt Thorpe, JD Lara Cartwright-Smith, JD, MPH Devi Mehta, JD, MPH Elizabeth Gray, JD Teresa Cascio, JD Grace Im,
More informationAROC 2015 HIPAA PRIVACY AND SECURITY RULES
AROC 2015 HIPAA PRIVACY AND SECURITY RULES Presented by: Robert A. Paster, Esq. Brach Eichler L.L.C. 101 Eisenhower Parkway Roseland, NJ 07068 973-403-3144 rpaster@bracheichler.com www.bracheichler.com
More informationThe Impact of the Stimulus Act on HIPAA Privacy and Security
The Impact of the Stimulus Act on Webinar March 12, 2009 Practical Tools for Seminar Learning Copyright 2009 American Health Information Management Association. All rights reserved. Disclaimer The American
More informationThe Audits are coming!
HIPAA and Meaningful Use (MU) Governmental Program Audits The Audits are coming! The Audits are coming! 1 Audit Readiness Meaningful Use and HIPAA Both CMS and the Office for Civil Rights (OCR) have been
More informationCLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors
CLIENT UPDATE February 20, 2013 HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors On January 25, 2013, the U.S. Department of Health and Human Services ( DHHS )
More informationHIPAA & The Medical Practice
HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,
More informationColorado Medical Society. June 3, Presented by David A. Ginsberg President, PrivaPlan Associates, Inc.
Colorado Medical Society The HIPAA OMNIBUS RULE June 3, 2013 Presented by David A. Ginsberg President, PrivaPlan Associates, Inc. Agenda The HIPAA Omnibus Rule - a high level overview Effective dates SpeciLic
More informationLegislative Update HIPAA/HITECH
Legislative Update HIPAA/HITECH Richard C. Stevens, Attorney Martin, Pringle, Oliver, Wallace & Bauer, LLP http://martinpringle.com Topics Legislative Update HIPAA/HITECH q Enforcement Activities q Meaningful
More informationPrivacy in Health Care
Privacy in Health Care Standards for Privacy of Individually Identifiable Health Information: Final Rule June, 2001 U.S. Department of Health and Human Services Section 264 of HIPAA Call for recommendations
More informationAMA Practice Management Center, What you need to know about the new health privacy and security requirements
1. HIPAA Security Rule Johns, Merida L., Information Security, in Johns, Merida L. (ed.) Health Information Management Technology, an Applied Approach, AHIMA: Chicago, IL, 2nd ed. 2007, chapter 19, pp.
More informationIACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP
IACT Medical Trust HIPAA Privacy Training June 28, 2012 Jim Hamilton (317) 684-5419 jhamilton@boselaw.com 2009 Bose McKinney & Evans LLP HIPAA Overview 2009 Bose McKinney & Evans LLP The Privacy Rule HIPAA
More informationHIPAA, HITECH & Meaningful Use
HIPAA, HITECH & Meaningful Use October 21, 2011 presented by Helen Oscislawski, Esq. Overview - What Has Changed? HITECH Act: Increased Penalties for non-compliance, effective 11/30/2009 New federal requirements
More information"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA
"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA Jeanne M. Born, RN, JD SOUTH CAROLINA ASSOCIATION OF LEGAL ADMINISTRATORS THURSDAY, APRIL 14, 2016 Jborn@nexsenpruet.com What Every Law
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationNEWSLETTER. Volume Nine - Number One January The Final HIPAA HITECH Regulations: Making the Business Case for ERM
NEWSLETTER Volume Nine - Number One January 2013 The Final HIPAA HITECH Regulations: Making the Business Case for ERM A Special Expanded Edition of TRG enews When the proposed final rule was sent to the
More informationICAHN Presentation. Final Omnibus Rule and Security Risk Analysis. July 26, David Ginsberg
ICAHN Presentation Final Omnibus Rule and Security Risk Analysis July 26, 2013 David Ginsberg PrivaPlan Associates, Inc. PrivaPlan Associates, Inc. is the leading authority in HIPAA Privacy and Security
More informationPATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS
PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More informationHIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule
HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com
More information2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.
HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,
More informationHIPAA and Lawyers: Your stakes have just been raised
HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory
More informationOmnibus Rule: HIPAA 2.0 for Law Firms
Omnibus Rule: HIPAA 2.0 for Law Firms Introduction On January 25, 2013, the U.S. Department of Health and Human Services (HHS) issued the muchanticipated Omnibus Rule 1 finalizing changes to the HIPAA
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information
More informationLEGAL ISSUES IN HEALTH IT SECURITY
LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson
More informationHIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities
Health Care Focus March 2013 HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Peggy L. Barlett 608.284.2214 pbarlett@gklaw.com M. Scott LeBlanc 414.287.9614 sleblanc@gklaw.com
More informationChanges to HIPAA Privacy and Security Rules
Changes to HIPAA Privacy and Security Rules STEPHEN P. POSTALAKIS BLAUGRUND, HERBERT AND MARTIN 300 WEST WILSON BRIDGE ROAD, SUITE 100 WORTHINGTON, OHIO 43085 SPP@BHMLAW.COM PERSONNEL COUNCIL FRANKLIN
More informationHIPAA FUNDAMENTALS For Substance abuse Treatment Industry
HIPAA FUNDAMENTALS For Substance abuse Treatment Industry (c)firststepcounselingonline2014 1 At the conclusion of the course/unit/study the student will... ANALYZE THE EFFECTS OF TRANSFERING INFORMATION
More informationGUIDE TO PATIENT PRIVACY AND SECURITY RULES
AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist
More informationARTICLE 1. Terms { ;1}
The parties agree that the following terms and conditions apply to the performance of their obligations under the Service Contract into which this Exhibit is being incorporated. Contractor is providing
More informationPractical Guidance and Proposed Solutions in Response to the HIPAA Final Omnibus Rule
Practical Guidance and Proposed Solutions in Response to the HIPAA Final Omnibus Rule February 21, 2013 Megan Hardiman Katten Muchin Rosenman LLP Chicago, Illinois 312.902.5488 megan.hardiman@kattenlaw.com
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationOVERVIEW OF RECENT CHANGES IN HIPAA AND OHIO PRIVACY LAWS
Franklin J. Hickman Janet L. Lowder David A. Myers Elena A. Lidrbauch Judith C. Saltzman Mary B. McKee Amanda M. Buzo Lisa Montoni Garvin Andrea Aycinena Penton Building 1300 East Ninth Street Suite 1020
More informationCOUNTY SOCIAL SERVICES POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA
COUNTY SOCIAL SERVICES POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Recommended by ISP Committee of CSS on October 22 nd, 2014 Amended
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationHITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule
HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule Audio Seminar January 28, 2013 Practical Tools for Seminar Learning Copyright 2012 American Health Information Management Association.
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule
More informationHIPAA Privacy Overview
HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview
More informationPalmetto Paralegal Association
Palmetto Paralegal Association What Every Paralegal Needs to Know About HIPAA March 19, 2014 Jeanne M. Born, RN, JD NEXSEN PRUET, LLC What Every Paralegal Needs to Know About HIPAA In August of 1996 Congress
More information