HIPAA Omnibus Rule Compliance
|
|
- Katrina Owens
- 5 years ago
- Views:
Transcription
1 HIPAA Omnibus Rule Compliance Jana Aagaard, JD Senior Counsel, Privacy/HIT Dignity Health Christy Navarro, MS CIPP/US Director, Chief Privacy Officer - Ascendian 1 Overview Background What Should Be Done by Now What Can Still Be Done Pitfalls to Avoid 2 1
2 Background Who Must Comply Covered Entities (physicians, hospitals, health plans, etc.) Business Associates (of all spots and stripes) Subcontractors (aka Business Associates it s turtles all the way down ) 3 Background HITECH Act February 2009 Multiple NPRMS and IFRs Final Rule Released: January 25, 2013 Effective Date: March 26, 2013 Compliance Date: September 23, 2013 Special date for BA remediation: September 23, 2014 Still Awaiting Final Rule on Accounting for Disclosures NPRM: May 2011 Final Rule on CLIA/HIPAA Changes NPRM: September
3 Jana Aagaard HIGHLIGHTS OF THE REQUIRED CHANGES 5 Business Associates (BAs) Old definition: uses or discloses PHI on behalf of CE New definition: creates, receives, maintains, or transmits PHI for a function or activity regulated by HIPAA Timing requirements: All new, modified, amended, extended, or restated agreements must have new BA provisions as of Sept. 23, 2013 All evergreen or long-term agreements must be updated by Sept. 23,
4 BAs - Subcontractors and Agents Subcontractor is a BA if it creates, receives, maintains or transmits PHI on behalf of a CE or BA even if no written contract between BA and subcontractor The Covered Entity is not responsible for ensuring contract between BA and sub-ba exists Agents must be treated specially Who is an agent? Facts and circumstances test no bright line Covered entity remains responsible for agent s actions Thus, for agents, consider more stringent requirements about: Time for breach notification Ability to audit BA s compliance Insurance and indemnification 7 BAs - New BAs & Exceptions Some new business associates Patient Safety Organizations Health Information Organizations E-prescribing Gateways Personal Health Records Vendors Exceptions to BA requirements Entity performing treatment (E.g., PT hired by MD) A covered entity who is part of an OHCA performing a BA function/activity on behalf of the OHCA (E.g., MDs helping with hospital peer review or QA) 8 4
5 Patient s Right to Mandatory Restriction CEs must agree to restrict disclosure of PHI about an item or service to a health plan at patient request if the patient (or benefactor) pays for the item or service out-of- pocket, in full OCR says no need to create separate medical records, but CEs will need to employ some method to flag or note in the record... to ensure that such information is not sent to or made accessible to the health plan. 9 Patient s Right to Mandatory Restriction Challenges: What about legal requirements to bill? If required by law to bill, CE may do so. What about downstream consequences? Patient is responsible BUT CE should assist (paper scripts) What about one item/service out of many in an encounter? Unbundle payment, if possible; if not, the request can be denied What about follow-up care? OCR highly encourages CEs to explain situation to patients and give opportunity for patient to request further restriction. If disclosure to plan is required for follow-up care, however, the CE can disclose full information. What about HMO care? CE may have to advise patient to seek out-of-network care. Contracts with plans may have to be renegotiated 10 5
6 Patient s Rights - Electronic Access to PHI Patients have right to electronic access to electronic PHI in designated record sets (for self and third party) The right extends to all portions of the designated record set ( may need to invest in order to meet the requirements ) CEs may: Require a written request Produce the record in the format requested if readily producible or in agreed-upon format, if not Charge a cost-based fee, which includes the cost of labor to copy the electronic record, supplies for format requested, and postage if mailing is requested 11 Breach Notification Goodbye subjective risk of harm assessment; hello objective risk of compromise assessment Breach is presumed and reporting required unless: Assessment by covered entity of at least 4 elements shows a low probability that the PHI was compromised (see hand out) 1. Nature and extent of PHI involved 2. The unauthorized person who used the PHI or to whom the disclosure was made 3. Whether the PHI actually was acquired or viewed 4. The extent to which the risk to the PHI has been mitigated 12 6
7 Fundraising Good News! New elements permitted: Date of Birth Department of Service Treating Physician Outcome Information Health Insurance Status New Opt-Out Requirements: For all communications Clear and conspicuous Easy-to-use; no letters/stamps! Must be honored fully May not condition treatment or payment on patient s choice Must be described in Notice of Privacy Practices 13 Marketing Patient-signed authorization required for marketing communications PLUS for all communications (even for treatment purposes) that involve remuneration from third party (except refill reminders). Marketing means communication about a product or service that encourages recipients of the communication to purchase or use the product or service. Exceptions for treatment (NO remuneration) communication include the following: 14 7
8 Marketing Exceptions - NO AUTHORIZATION NEEDED so long as no $$ received for: Communications by a provider for treatment of an individual, including case management or care coordination, recommending alternative treatments, therapies, providers, etc. Communications by a health plan describing healthrelated products or services that are provided by the plan, including communication about providers in a network Communications by a health plan for case management, care coordination, treatment alternatives, etc. 15 Enforcement Penalties New Penalty Structure Finalized Violation Category Each Violation Year Cap Same Violation (A) Did Not Know $100 - $50,000 $1,500,000 (B) Reasonable Cause $1,000 - $50,000 $1,500,000 (C) Willful Neglect- $10,000 - $50,000 $1,500,000 Corrected (D)Willful Neglect- $50,000 $1,500,000 Not corrected 16 8
9 Christy Navarro WHAT SHOULD BE DONE BY NOW (IN A PERFECT WORLD) 17 Policies and Procedures All Privacy Policies & Procedures Updated Access Marketing Fundraising Restrictions Breach Response Use and Disclosure 18 9
10 Update Business Associate Contracts As Required Update is Required By September 23, 2013 if Contract first executed on or after Jan 25, 2013 or Contract renewed or modified after March 26, Update Business Associate Contracts As Required Includes: Definition of Business Associate Language that BA will comply with applicable requirements of Security Rule Report breaches of unsecured PHI as required by 45 C.F.R BA must pass restriction to subcontractors Additional requirements apply when Business Associate is carrying out a covered entity s obligations under the Privacy Rule 20 10
11 Update the Notice of Privacy Practices Update the notice provided to patients Don t forget the Website Easy to tell which CE s are behind 21 Practical Tips and Pitfalls to Avoid WHAT CAN STILL BE DONE 22 11
12 Business Associates Business Associates: consider next steps in vendor management negotiating a right-to-audit provision Solidify and activate communication process with BAs Ask for the name of your BA s Privacy Officer and Security Officer Consider a communication that highlights the changes and the impact to them (like the trifold handout) 23 Business Associates - Practical Tips If using template, use competent attorney or check the OCR model provisions Be wary of many new BAs (first level) - because except for the few specific additions, THE DEFINITION OF WHO IS A BA REMAINS THE SAME (caveat subcontractors are now BAs) Be particularly careful to require your BA to flow down equally strong requirements to its subcontractors In short, each agreement in the business associate chain must be as stringent or more stringent as the agreement above with respect to the permissible uses and disclosures. (emphasis added) If no remediation needed, focus NOW on plans for evergreens and long-term agreements 24 12
13 25 Top Reasons for Business Associate Breaches as of 10/17/2013 # of Breaches 52 Theft Reason for Breach 41 Unauthorized Access/Disclosure 23 Loss 16 Hacking IT Incident Source: Health Information Privacy/Security Alert Analysis of HHS Office for Civil Rights Data 26 13
14 Patient Right to Restrict when they Pay Out of Pocket Where are you communicating with payers now? How about the near future? Electronic Medical Records Interfaces Health Information Exchange Accountable Care Audit the existing procedure Make it easy to catch for future uses and disclosures by including in (privacy impact or security risk assessment templates) 27 Patient Right to Restrict when they Pay Out of Pocket No easy, one-size-fits-all fix Many covered entities rely on special code that bypasses the usual billing processes (counting on low frequency experience so far agrees) Patient must request the restriction New requirements DO NOT apply to all elective or cash-pay procedures Don t ignore - low frequency but high ease of enforcement; easy for patient to show lack of compliance 28 14
15 Patient Right of Electronic Access Leverage patient portals (but don t confuse with Meaningful Use Stage 2) Audit the process in place for access requests sent to a third party Processes should be oriented toward patients & customer service Greater visibility & access to information by patients = higher patient engagement Make patient rights part of strategy and business development Don t forget state law (California 15 days) 29 Breach Management Important to have a uniform process that evaluates both state and federal laws Don t analyze in a vacuum compare notes, share tools, be consistent Higher volume of reports than in the past Template Notice to Patients with all state and federal notification elements New chance for metrics Show your work - regardless of the outcome of your investigation 30 15
16 31 OCR s Top Complaint Categories Answer: Impermissible Uses & Disclosures (U&D) Year Issue 1 Issue 2 Issue 3 Issue 4 Issue Impermissible U&D Safeguards Access Min. Necessary Notice 2009 Impermissible U&D Safeguards Access Min. Necessary Complaints to Covered Entity 2008 Impermissible U&D Safeguards Access Min. Necessary Complaints to Covered Entity 2007 Impermissible U&D Safeguards Access Min. Necessary Notice 2006 Impermissible U&D Safeguards Access Min. Necessary Notice 2005 Impermissible U&D Safeguards Access Min. Necessary Mitigation 2004 Impermissible U&D Safeguards Access Min. Necessary Authorizations partial year 2003 Safeguards Impermissible U&D Access Notice Minimum Necessary 32 16
17 Notice of Privacy Practices Use the opportunity to strategically update your NPP for future uses and disclosures of PHI ACO HIE Patient Portals Clinical Integration Link to patients options for opting out Link to patient options for setting consent preferences 33 Fundraising/Marketing Opportunity to plan for a scalable, electronically managed opt-out process Adapt rules by use case (be ready for data analytics) Separation of duties between fundraising and marketing staff 34 17
18 Recordkeeping HIPAA compliance is like middle-school math. Everything depends on showing your work. --Leon Rodriguez, Director Office of Civil Rights Maintain a documentation log for all HIPAA related requirements in one place Example: Any and all locations where employee training acknowledgements are maintained (e.g. At the department level or centralized in Human Resources) 35 18
HHS, Office for Civil Rights. IAPP October 11, 2012
HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities
More informationACC Compliance and Ethics Committee Presentation February 19, 2013
ACC Compliance and Ethics Committee Presentation February 19, 2013 Melinda G. Murray Associate General Counsel, Holy Cross Hospital and Jill M. Girardeau Partner, Womble Carlyle Sandridge & Rice, LLP HIPAA
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationHITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013
HITECH/HIPAA Omnibus Final Rule: Implications for Hospices Elizabeth S. Warren May 3, 2013 Final Rule is Finally Here Published January 25, 2013 (78 Fed. Reg. 5566) Effective March 26, 2013 Compliance
More informationTo: Our Clients and Friends January 25, 2013
Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More informationLegal and Privacy Implications of the HIPAA Final Omnibus Rule
Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,
More informationHIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationHIPAA Enforcement Under the HITECH Act; The Gloves Come Off
HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are
More informationHIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules
HIPAA Compliance PART I: HHS Final Omnibus HIPAA Rules Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com February 6, 2013 www.securityprivacyandthelaw.com HIPAA Compliance: PART I 1 Finally!
More informationGUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do
GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do By D Arcy Guerin Gue, Phoenix Health Systems, a division of Medsphere Systems Corporation With Steven J. Fox, Post & Schell Originally commissioned
More informationOmnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule
Office of the Secretary Office for Civil Rights () HIPAA/HITECH Omnibus Final Rule April 12, 2013 HHS Office for Civil Rights Omnibus Components Final Rule on HITECH Privacy, Security, & Enforcement Provisions
More informationHIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by
HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement
More informationManagement Alert Final HIPAA Regulations Issued
Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,
More informationEnsuring HIPAA Compliance When Transmitting PHI Via Patient Portals, and Texting
Presenting a live 90-minute webinar with interactive Q&A Ensuring HIPAA Compliance When Transmitting PHI Via Patient Portals, Email and Texting Protecting Patient Privacy, Complying with State and Federal
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationNPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH
NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH Speakers Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy and Security HIMSS lgallagher@himss.org Amy
More informationGetting a Grip on HIPAA
Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates March 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy E.
More informationThe wait is over HHS releases final omnibus HIPAA privacy and security regulations
The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under
More informationHIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule
HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com
More informationHealth Law Diagnosis
February Page 1 of 2013 11 Health Law Diagnosis HHS Releases Final HITECH Omnibus Rule After waiting over two years from the publication of the Notice of Proposed Rulemaking to implement provisions of
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationHIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights
HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement
More informationAFTER THE OMNIBUS RULE
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member
More informationCLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors
CLIENT UPDATE February 20, 2013 HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors On January 25, 2013, the U.S. Department of Health and Human Services ( DHHS )
More informationHIPAA Omnibus Final Rule and Research
Office of the Secretary Office for Civil Rights () HIPAA Omnibus Final Rule and Research Federal Demonstration Partnership September 17, 2013 Christina Heide, JD Senior Health Information Privacy Policy
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationHIPAA Compliance Under the Magnifying Glass
HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information
More informationCoping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!
Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,
More informationHIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school
ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes
More informationPreparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013
Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients
More informationO n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report
Privacy and Security Law Report Reproduced with permission from Privacy & Security Law Report, 12 PVLR 168, 02/04/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationChanges to HIPAA Under the Omnibus Final Rule
Changes to HIPAA Under the Omnibus Final Rule Kimberly J. Kannensohn and Nathan A. Kottkamp, McGuireWoods 1 The Long-Awaited HIPAA Final Rule On Jan. 17, 2013, the Department of Health and Human Services
More informationNew HIPAA-HITECH Proposed Regulations Issued
July 2010 New HIPAA-HITECH Proposed Regulations Issued On Thursday July 14, 2010, the Department of Health and Human Services (HHS) published proposed regulations in the Federal Register on many provisions
More informationFifth National HIPAA Summit West
Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for
More informationThe HIPAA/HITECH Final Rule: Time to Get More Serious About Compliance. Patricia A. Markus, Esq.
The HIPAA/HITECH Final Rule: Time to Get More Serious About Compliance I. INTRODUCTION Patricia A. Markus, Esq. AHLA Hospitals and Health Systems Law Institute February 13, 2013 On January 17, 2013, the
More informationHIPAA: Impact on Corporate Compliance
HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal
More informationPrivacy Rule - Complaint Investigations
Update on Enforcement of the HIPAA Privacy and Security Rules Marilou King, JD Office for Civil Rights U.S. Department of Heath and Human Services www.hcca-info.org 888-580-8373 Privacy Rule - Complaint
More informationMEMORANDUM. Kirk J. Nahra, or
MEMORANDUM TO: FROM: Interested Parties Kirk J. Nahra, 202.719.7335 or knahra@wileyrein.com DATE: January 28, 2013 RE: The HIPAA/HITECH Omnibus Regulation After almost four years, the Department of Health
More informationNew HIPAA Rules and Implications for the Industry January 29, 2013
New HIPAA Rules and Implications for the Industry January 29, 2013 **Audio for this webinar streams through the web. Please make sure the sound on your computer is turned on. If you need technical assistance,
More informationHIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA The Health Insurance Portability and Accountability Act of 1996 Results Physiotherapy s policy regarding privacy and security of protected health information (PHI) is a reflection of our commitment
More informationICAHN Presentation. Final Omnibus Rule and Security Risk Analysis. July 26, David Ginsberg
ICAHN Presentation Final Omnibus Rule and Security Risk Analysis July 26, 2013 David Ginsberg PrivaPlan Associates, Inc. PrivaPlan Associates, Inc. is the leading authority in HIPAA Privacy and Security
More informationWelcome to today s Webinar
Welcome to today s Webinar Managing Risk Exposure in Meaningful Use Stage 2 June 28 28, 2013 A A project project of of L.A. L.A. Care Care Health Health Plan Plan 1 Ralph Oyaga, Esq., J.D., MBA is the
More informationSATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE
SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE This newsletter summarizes the highlights of the Final Omnibus HIPAA Privacy and Security Rule announced by the Department of Health
More informationHIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.
HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,
More informationAssessing and Mitigating Risk Under the HIPAA Omnibus Rule
Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta
More informationAssessing and Mitigating Risk Under the HIPAA Omnibus Rule
Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta
More informationRIGHT TO ACCESS AND SECURITY RISK ANALYSIS. K a t h r y n A y e r s W i c k e n h a u s e r, M B A, C H P C, C H T S
RIGHT TO ACCESS AND K a t h r y n A y e r s W i c k e n h a u s e r, M B A, C H P C, C H T S RIGHT TO ACCESS WHAT WE LL COVER HHS FAQ Overview Authorization vs Right to Access Record Formats & Delivery
More informationCompliance Steps for the Final HIPAA Rule
Brought to you by The Alpha Group for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions.
More informationHITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule
HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule Audio Seminar January 28, 2013 Practical Tools for Seminar Learning Copyright 2012 American Health Information Management Association.
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationAROC 2015 HIPAA PRIVACY AND SECURITY RULES
AROC 2015 HIPAA PRIVACY AND SECURITY RULES Presented by: Robert A. Paster, Esq. Brach Eichler L.L.C. 101 Eisenhower Parkway Roseland, NJ 07068 973-403-3144 rpaster@bracheichler.com www.bracheichler.com
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA at 510-654-5383 for alternatives.
More informationPrivacy Rule Primer. 45 CFR Part 160 and Subparts A and E of Part CFR , 45 CFR CFR
Resource provided by Page 1 of 10 Contents I. The Privacy Rule The Fundamental HIPAA Rule... 1 II. Privacy Rule Overview... 1 III. Privacy Rule Standards and Implementation Specifications Covered in Section
More informationGUIDE TO PATIENT PRIVACY AND SECURITY RULES
AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist
More informationHIPAA Final Omnibus Rule Playbook
DOWNLOADABLE GUIDE HIPAA Final Omnibus Rule Playbook Your Ticket to Winning the Compliance Game Offensive Plays HIPAA Privacy Rule Defensive Plays HIPAA Security Rule Special Team Plays Breach Notification
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationWhat is HIPAA? (1 of 2)
HIPAA 1 HIPAA On August 21 1996 the federal government passed the Health Information Portability and Accountability Act of 1996 Has been update throughout; with the newest update (Final Rule) going into
More informationOmnibus Rule: HIPAA 2.0 for Law Firms
Omnibus Rule: HIPAA 2.0 for Law Firms Introduction On January 25, 2013, the U.S. Department of Health and Human Services (HHS) issued the muchanticipated Omnibus Rule 1 finalizing changes to the HIPAA
More informationARRA s Amendments to HIPAA Privacy & Security Rules
ARRA s Amendments to HIPAA Privacy & Security Rules Georgina L. O Hara Jessica R. Bernanke April 29, 2009 www.morganlewis.com Amended HIPAA Privacy and Security Rules HIPAA Amendments are in The Health
More informationHIPAA and Lawyers: Your stakes have just been raised
HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory
More informationPATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS
PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection
More informationHIPAA & The Medical Practice
HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,
More informationConduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation
HIPAA UPDATE: WHY AND HOW YOU MUST COMPLY 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its long-awaited Omnibus Rule 2 implementing regulations required by the HITECH Act
More informationHIPAA OMNIBUS FINAL RULE
HIPAA OMNIBUS FINAL RULE Webinar Series Part 3 Breach Notification April 16, 2013 I. BACKGROUND 2 1 Background > HIPAA Omnibus Final Rule: Announced on January 17, 2013 Published in Federal Register on
More informationIACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP
IACT Medical Trust HIPAA Privacy Training June 28, 2012 Jim Hamilton (317) 684-5419 jhamilton@boselaw.com 2009 Bose McKinney & Evans LLP HIPAA Overview 2009 Bose McKinney & Evans LLP The Privacy Rule HIPAA
More informationBreach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule
Breach Policy To provide guidance for breach notification when impressive or unauthorized access, acquisition, use and/or disclosure of the ephi occurs. Breach notification will be carried out in compliance
More informationLEGAL ISSUES IN HEALTH IT SECURITY
LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson
More informationPrivacy Sleuths: Solving the Mystery of Wellness Program Privacy Compliance. Agenda. Health Data Exposure National Wellness Conference
Privacy Sleuths: Solving the Mystery of Wellness Program Privacy Compliance 2015 National Wellness Conference Barbara J. Zabawa, JD, MPH Center for Health Law Equity, LLC Agenda Health Data Exposure ADA,
More informationHIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)
HIPAA Infection Control OSHA Dental Practice Act HIPAA What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional) In the dental field since 1972, Leslie
More informationHITECH and Stimulus Payment Update
HITECH and Stimulus Payment Update David S. Szabo Agenda HIPAA Breach Notification Rules HITECH and Meaningful Use Open Question Period 2 Data Security Breaches A total of 245,216,093 records containing
More informationHIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities
Health Care Focus March 2013 HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Peggy L. Barlett 608.284.2214 pbarlett@gklaw.com M. Scott LeBlanc 414.287.9614 sleblanc@gklaw.com
More information2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.
HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,
More informationHIPAA, HITECH & Meaningful Use
HIPAA, HITECH & Meaningful Use October 21, 2011 presented by Helen Oscislawski, Esq. Overview - What Has Changed? HITECH Act: Increased Penalties for non-compliance, effective 11/30/2009 New federal requirements
More informationHIPAA Breach Notification Case Studies on What to Do and When to Report
HIPAA Breach Notification Case Studies on What to Do and When to Report AHLA Physicians and Physician Organizations and Hospitals and Health Systems Law Institute February 9 and10, 2012 Colleen M. McClorey,
More informationOHCAs, ACEs and Hybrid Entities
HIPAA Summit West III June 5, 2003 OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA 94111 (415) 276-6532 paulsmith@dwt.com Complex
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationPOLICY REGARDING NOTICE OF PRIVACY PRACTICES
Purpose: Standard: Policy: To set forth the policy and procedures of West Virginia University Physicians of Charleston ( WVUPC ) regarding the preparation and dissemination of its Notice of Privacy Practices.
More informationIt s as AWESOME as You Think It Is!
It s as AWESOME as You Think It Is! Fine Print This presentation and any materials and/or comments are training and educational in nature only. They do not establish an attorney-client relationship, are
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule
More informationHIPAA Special Considerations: Individual Right to Request Restriction of Uses and Disclosures of PHI Voluntary and Mandatory
HIPAA Special Considerations: Individual Right to Request Restriction of Uses and Disclosures of PHI Voluntary and Mandatory A Presentation Developed by: Erin MacLean, Freeman & MacLean, P.C. & Deb Micu,
More informationIndustry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.
Industry leading Education Certified Partner Program Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Past webinars and recordings http://compliancy- group.com/webinar/
More informationHIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc
HIPAA Overview Health Insurance Portability and Accountability Act Premier Senior Marketing, Inc HIPAA Defined Acronym that stands for the Health Insurance Portability and Accountability Act, a US law
More informationHIPAA UPDATE/ OCR ENFORCEMENT
HEALTH CARE COMPLIANCE ASSOCIATION HIPAA UPDATE/ OCR ENFORCEMENT HCCA REGIONAL CONFERENCE East Central Region Michael A. Cassidy, Esquire October 14, 2011 Copyright Tucker Arensberg, P.C. All Rights Reserved.
More informationBusiness Associate Agreement For Protected Healthcare Information
Business Associate Agreement For Protected Healthcare Information This Business Associate Agreement ( Agreement ) is entered into this 24th day of February 2017, between PRACTICE-WEB, Inc., a California
More information2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners
2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners Providers, and Partners 2 Editor s Foreword What follows are excerpts from the U.S. Department of Health and
More informationBusiness Associate Contracts: Time Is Running Out...
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Seattle, WA beckywilliams@dwt.com 206-628-7769 ... Or April Angst, Again April 2003: First deadline April 14, 2004:
More informationMEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013
More informationHIPAA Data Breach ITPC
HIPAA Data Breach Objectives Overview of Omnibus Rule - Data Breach Suspected Breach - Investigation Audit Risk Assessment Corrective Action Plan Written Notification Elements NYS Rules on Data Breach
More informationCompliance Steps for the Final HIPAA Rule
Compliance Steps for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions. The final rule
More informationOMNIBUS RULE ARRIVES
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule is here Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan
More informationEffective Date: 4/3/17
HIPAA AND HITECH ADM 067.4 Attachment D Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule Health Information Technology for Economic and Clinical Health (HITECH)
More informationWhat Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.
What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996. HIPAA stands for Health Insurance Portability and Accountability
More informationHIPAA Privacy Overview
HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview
More information