13th AMC Security & Privacy Conference June 12, 2017
|
|
- Beverley McKenzie
- 6 years ago
- Views:
Transcription
1 13th AMC Security & Privacy Conference June 12, 2017 Tatiana Melnik Melnik Legal PLLC Tampa, FL Ryan Vlcko McLaren Health Care Corporation Flint, MI
2 Outline I. A Few Words About McLaren II. Why the Focus on Vendors? III. Tips and Lessons from the Trenches A. The Right Process B. Risk Mitigation Business Associate Agreements Insurance C. The Break Up and Holding Vendors Accountable
3 o Headquartered in Flint, Michigan o Fully integrated health network 12 hospitals operates Michigan s largest network of cancer centers and providers ambulatory surgery centers, imaging centers, home health and hospice providers, retail medical equipment showrooms, and pharmacy services an employed primary care physician network commercial and Medicaid HMOs covering more than 250,000 lives a wholly owned medical malpractice insurance company
4 Key Operational Statistics (2015) Discharges 102,597 ER Visits 405,098 Surgeries 92,052 Births 6,057 Ambulatory Visits 3.2 Million Home Care Visits 175,516 Hospice Days 79,994 Licensed Beds 3,096 Community Benefit $201 Million Employees 22,000 Days of Inpatient Care 461,882 Contracted Providers 40,317 Annual Payroll $1.2 Billion Net Revenue $3.5 Billion
5
6 Healthcare = Vendors Continua Health Alliance,
7 Vendors Create Risks Processed and analyzed over 100 terabytes of traffic daily 49,917 unique malicious events 723 unique malicious source IP
8 Vendors Create Risks Breaches Disclosed to OCR: Top 10 Based on Patient Impact Entity Name Type No. Patients Impacted Date Reported Cause Anthem, Inc. Health Plan 78,800,000 03/13/2015 Hacking/IT Incident Premera Blue Cross Health Plan 11,000,000 03/17/2015 Hacking/IT Incident Excellus Health Plan, Inc. Health Plan 10,000,000 09/09/2015 Hacking/IT Incident Science Applications International Corp. Business Associate 4,900,000 11/04/2011 Loss Univ. Cal. - LA Provider 4,500,000 07/17/2015 Hacking/IT Incident Community Health Systems Advocate Health and Hospitals Corp. Medical Informatics Engineering Business Associate 4,500,000 08/20/2014 Theft Network Server Provider 4,029,530 08/23/2013 Theft Network Server Business Associate 3,900,000 07/23/2015 Hacking/IT Incident Banner Health Provider 3,620,000 08/03/2016 Hacking/IT Incident Newkirk Products, Inc. Business Associate 3,466,120 08/09/2016 Hacking/IT Incident
9 Vendors Create Risks Breaches Disclosed to OCR: Top 10 Based on Patient Impact Entity Name Type No. Patients Impacted Date Reported Cause Anthem, Inc. Health Plan 78,800,000 03/13/2015 Hacking/IT Incident Premera Blue Cross Health Plan 11,000,000 03/17/2015 Hacking/IT Incident Excellus Health Plan, Inc. Health Plan 10,000,000 09/09/2015 Hacking/IT Incident Science Applications International Corp. Business Associate 4,900,000 11/04/2011 Loss Univ. Cal. - LA Provider 4,500,000 07/17/2015 Hacking/IT Incident Community Health Systems Advocate Health and Hospitals Corp. Medical Informatics Engineering Business Associate 4,500,000 08/20/2014 Theft Network Server Provider 4,029,530 08/23/2013 Theft Network Server Business Associate 3,900,000 07/23/2015 Hacking/IT Incident Banner Health Provider 3,620,000 08/03/2016 Hacking/IT Incident Newkirk Products, Inc. Business Associate 3,466,120 08/09/2016 Hacking/IT Incident
10 Vendors Create Risks Source: Ponemon Institute, 2016 Cost of a Data Breach Study (US only data)
11 Vendors Create Risks Source: Ponemon Institute, 2016 Cost of a Data Breach Study (US only data)
12 Outline I. A Few Words About McLaren II. Why the Focus on Vendors? III. Tips and Lessons from the Trenches A. The Right Process B. Risk Mitigation Business Associate Agreements Insurance C. The Break Up and Holding Vendors Accountable
13 The Right Process o Is there a right process for vendor management? o The right process is. The one that mitigates the most risk for the company? The one that closes transactions fastest so that we can go back to treating patients? The one you can get your team to follow? o Are these all the same goals? Mutually exclusive?
14 The Right Process Not Defined No process defined Ad hoc and inconsistent Defined & Established Consistent but unstructured approach Document and detailed, but not measured or enforced Continuous Improvement Ongoing monitoring, measuring, and process improvements Best practices and benchmarking
15 The Right Process o What is McLaren s process? o How does McLaren determine what contracts get reviewed? Importance of the vendor? Value of the transaction? Risk to the organization? Term of commitment? Are these all the same goals? Mutually exclusive?
16 The Right Process o Successful vendor management is a Team Sport Business Lead Purchasing Security Officer Compliance Legal Risk Management o But, who is the Coach?
17 Vendor Risk Mitigation o Vendor Due Diligence Vendor security questionnaire Audit self-certify or disinterested third party vendor? Certificate of insurance How much is an indemnification provision from a judgment proof company worth? General online search or search on Shodan? Check OCR wall of shame o Can due diligence be done on every vendor?
18 Vendor Contracting o Business Associate Agreements vs. Master Services Agreements what do they say about: Reporting Data breach insurance Using off-shore vendors? Damages caps? Data use
19 Vendor Contracting o Secondary Uses of Data Data is the new commodity Many vendors want the rights to share data outside the specific contract relationship to provide additional services... to whom? Permissible under HIPAA? Maybe some say yes, some say no, some say depends on who is doing the de-identification Specific analysis required How does this impact --- Indemnification? Damages caps that are set at the fees received during the 12 months prior to when the claim arose?
20 Vendor Contracting o Business Associate Agreements Scope of authorization to use data Who determines when there is a breach? Is there a requirement to notify in the event of a security incident Timeline must be considered, particularly if organization is operating in multiple states or servers a patient population pool that crosses state lines Who determines when notice is required and who sends that notice? Watch your insurance policy on this one Is the vendor required to encrypt data? Who pays for responses to a subpoena? Caps on liability? Should there be?
21 Vendor Contracting o Indemnification Mutual or not? Consider - Should a customer be indemnifying the vendor for Vendor s negligence? acts, omissions, or negligence vs. gross negligence vs. willful misconduct Property damage/personal injury Property rights infringement claims (patent, trademark, copyright, etc.) Data breaches, security incidents, and loss of data
22 Vendor Contracting o Confidentiality Clause If the hospital is not permitted to disclose the terms of this Agreement, what happens if it has to file for a Certificate of Need? If there is an accreditation audit? What happens post-termination? Can a hospital really destroy all Confidential Information? o Rep and Warranty for Security... develop, implement, and maintain commercially reasonable physical, technical and administrative safeguards... has security protocols that meet or exceed compliance with any required laws, regulations, and the SOC 1 and SOC 2 Type II standards, which will be audited on an annual basis by a disinterested third-party auditor. Vendor will provide to Customer a copy of such audit report upon written request.
23 Insurance o A data breach is inevitable o Data breach insurance = Risk reduction o But, how do insurance companies try to reduce risks?
24 Insurance o A data breach is inevitable o Data breach insurance = Risk reduction o But, how do insurance companies try to reduce risks?
25 Insurance They try to cancel your policy. o A data breach is inevitable Columbia Casualty Co. v. Cottage Health Systems (C.D. California) Filed May 7, 2015 (first case of its o Data breach kind) insurance = Risk reduction Columbia paid $4.125M to settle a class action stemming from a breach (32,500 records disclosed; settlement class of o But, how do insurance companies try to 50,917) reduce risks? The complaint alleges that the breach occurred because Cottage and/or its third-party vendor, INSYNC Computer Solution, Inc. ( INSYNC ), stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who surfed the internet. Columbia sought to recoup funds paid
26 Insurance o Read the policy o Some policies exclude coverage o o for damages that arise out of activity that is contrary to your Privacy Policy What does your Privacy Policy say exactly? for agents or vendors where there are no contracts for losses if the data is stored in the cloud for work done by independent contractors if laptops are not encrypted (using FIPS validated encryption algorithm) Some policies require notification to the policy as a condition of coverage. How much is an indemnification provision from a judgment proof company worth?
27 The Break Up o A few final thoughts learned from when things went wrong
28 Disclaimer This slide presentation is informational only and was prepared to provide a brief overview of vendor management considerations in the healthcare industry. It does not constitute legal or professional advice. You are encouraged to consult with an attorney if you have specific questions relating to any of the topics covered in this presentation.
29 Questions Tatiana Melnik Attorney Melnik Legal PLLC Based in Tampa, FL Ryan Vlcko Staff Attorney McLaren Health Care Corporation Based in Flint, MI
6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group
855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 HIPAA Compliance Simplified Marc Haskelson, President Compliancy Group Agenda Why HIPAA? Common misunderstandings What is a Audit? Real World Stories
More informationOutline. Outline. What is HIPAA? I. What is HIPAA? II. Why Should You Care? III. What Should You Do Now? I. What is HIPAA? II. Why Should You Care?
1 Outline Florida Society of Dermatologic Surgeons September 19, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. What is HIPAA? II. Why Should You Care? A. B. Regulatory
More informationHIPAA AND LANGUAGE SERVICES IN HEALTH CARE 1
1101 14th St NW, Suite 405 Washington, DC 20005 (202) 289-7661 Fax (202) 289-7724 HIPAA AND LANGUAGE SERVICES IN HEALTH CARE 1 In 1996, the Health Insurance Portability and Accountability Act (HIPAA) became
More informationHIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT
WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile
More informationNegotiating Business Associate Agreements
Negotiating Business Associate Agreements February 19, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON, DC About HIPAA HIPAA is a federal
More informationHIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.
HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS
HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS This HIPAA Business Associate Agreement ( BAA ) is entered into on this day of, 20 ( Effective Date ), by and between Allscripts
More information503 SURVIVING A HIPAA BREACH INVESTIGATION
503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented
More informationPrivacy Rule - Complaint Investigations
Update on Enforcement of the HIPAA Privacy and Security Rules Marilou King, JD Office for Civil Rights U.S. Department of Heath and Human Services www.hcca-info.org 888-580-8373 Privacy Rule - Complaint
More informationThe HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: UPDATE 2015 February 20, 2015 I. Executive Summary HIPAA is a federal law passed by Congress to protect medical patient data privacy from misuse or disclosure
More informationKey Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style
Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style July 27, 2016 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP hcarnell@mcguirewoods.com
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationLimited Data Set Data Use Agreement For Research
Limited Data Set Data Use Agreement For Research This Data Use Agreement is dated,, and is between the ( Recipient ) and University of Miami, ( Covered Entity ). This Data Use Agreement is made in accordance
More informationPreparing for a HIPAA Audit & Hot Topics in Health Care Reform
Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,
More informationVENDOR PROGRAM. Vendors must complete the Vendor Screening and Disclosure Form as follows: *must be completed prior to any signed purchase order
VENDOR PROGRAM 1. PURPOSE The purpose of this policy is to outline the standards that the Hospital utilizes in evaluating which vendors to contract with, the standards for contracting, and the code of
More informationHIPAA UPDATE/ OCR ENFORCEMENT
HEALTH CARE COMPLIANCE ASSOCIATION HIPAA UPDATE/ OCR ENFORCEMENT HCCA REGIONAL CONFERENCE East Central Region Michael A. Cassidy, Esquire October 14, 2011 Copyright Tucker Arensberg, P.C. All Rights Reserved.
More informationH E A L T H C A R E L A W U P D A T E
L O U I S V I L L E. K Y S E P T E M B E R 2 0 0 9 H E A L T H C A R E L A W U P D A T E L E X I N G T O N. K Y B O W L I N G G R E E N. K Y N E W A L B A N Y. I N N A S H V I L L E. T N M E M P H I S.
More informationAGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)
AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015) THIS AGREEMENT made the day of, 20, by and between HOSPICE OF MARION COUNTY, INC., a Florida
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between, on behalf of its (School/Department/Division) (hereinafter referred to as Covered Entity ) and, (hereinafter Business Associate
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA OMNIBUS FINAL RULE HITECH GINA TERMINOLOGY OMNIBUS FINAL RULE Issued January 23, 2013 Effective March 26, 2013 Modified HIPAA privacy and security
More information[Name of Organization] HIPAA Incident/Breach Investigation Procedure 4
Addendum II [Name of Organization] HIPAA Incident/Breach Investigation Procedure 4 I. Purpose To distinguish between (1) cases in which our HIPAA policy was not correctly followed but such violation did
More informationPriciest HIPAA Incidents of 2015
Priciest HIPAA Incidents of 2015 Cornell Prescription Pharmacy - $125,000 Cornell Prescription Pharmacy, a Denver-based pharmacy specializing in compounded medications, was ordered to pay $125,000 due
More informationIndemnification In-Depth: The Surprisingly, Fascinating Elements of an Indemnification Provision
Indemnification In-Depth: The Surprisingly, Fascinating Elements of an Indemnification Provision Molly G. Huggins, Partner, Huggins & Zuiker, LLP mollyhuggins@huzulaw.com Erin Zuiker, Partner, Huggins
More informationThe Road Ahead. Diane Meyer Chief Compliance and Privacy Officer Stanford University Medical Center
The Road Ahead Kevin Lyles, Esq. Partner, Jones Day kdlyles@jonesday.com (614) 281-3821 Diane Meyer Chief Compliance and Privacy Officer Stanford University Medical Center DMeyer@stanfordmed.org (650)
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule
More informationTake It or Leave It: Pitfalls and Challenges of IT Contracts Thursday, May 4, 2017 General Session; 9:00 10:30 a.m.
Take It or Leave It: Pitfalls and Challenges of IT Contracts Thursday, May 4, 2017 General Session; 9:00 10:30 a.m. Margarita Gutierrez, Deputy City Attorney, City and County of San Francisco Rosa M. Sanchez,
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationELECTRONIC MEDICAL RECORD ACCESS AGREEMENT
ELECTRONIC MEDICAL RECORD ACCESS AGREEMENT This Agreement is made this day of, 2018 ( Effective Date ), by and between Saint Elizabeth Medical Center, Inc. dba St. Elizabeth Healthcare, a Kentucky non-profit
More informationData Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor
Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor This Addendum is applicable only in those situations where the Selected
More informationSPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX
SPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX The following terms and conditions, together with the Sprint Standard Terms and Conditions for Communication Services ( Standard Terms and Conditions
More informationCase 2:15-cv Document 1 Filed 12/08/15 Page 1 of 15 UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE JUDGMENT
Case :-cv-0 Document Filed /0/ Page of UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE ATLANTIC SPECIALTY INSURANCE COMPANY, vs. Plaintiff, NO. JUDGMENT Clerk s Action Required
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationPalliative Care Quality Network Membership Agreement
Palliative Care Quality Network Membership Agreement This agreement (the Agreement ) is entered into by and between (the Participant ) and the Palliative Care Quality Network ( PCQN ), under the auspices
More informationHIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102a What You Don t Know About HIPAA Privacy and Security Can Really Hurt You! Revision 2015 Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) About Myself - Jack Kolk, CEO
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE January 3, I. Executive Summary.
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE 2017 January 3, 2017 I. Executive Summary. The Health Insurance Portability and Accountability Act ( HIPAA ) is
More informationPRACTICE TRANSFORMATION NETWORK PROGRAM PARTICIPATION AGREEMENT
PRACTICE TRANSFORMATION NETWORK PROGRAM PARTICIPATION AGREEMENT THIS PROGRAM PARTICIPATION AGREEMENT ( Agreement ) is made and entered into as of the dates provided herein below, and effective as of the
More informationDisclaimer LEGAL ISSUES IN PHYSICAL THERAPY
LEGAL ISSUES IN PHYSICAL THERAPY Paul J. Welk, PT, JD Tucker Arensberg, P.C. pwelk@tuckerlaw.com 2017 PHCA Annual Convention 1 Disclaimer The purpose of this presentation is to provide a general overview
More informationHIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia
HIPAA in the Digital Age Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia Virginia MGMA reminds attendees that the program is not intended to provide legal advice and advises participants
More information2. HIPAA was introduced in There are many facets to the law. Which includes the facets of HIPAA that have been implemented?
Chapter 9 Review Questions 1. What does Administrative Simplification include? Please mark all that apply. a. Privacy rule b. Code sets c. Security rule d. Electronic Transactions e. Identifiers f. Total
More informationAGREEMENT FOR EVALUATION OF MEDICAL EQUIPMENT
AGREEMENT FOR EVALUATION OF MEDICAL EQUIPMENT This Agreement ( Agreement ) is entered into and effective as of the last date of signature, by and between HENNEPIN HEALTHCARE SYSTEM, INC., a public subsidiary
More informationInterpreters Associates Inc. Division of Intérpretes Brasil
Interpreters Associates Inc. Division of Intérpretes Brasil Adherence to HIPAA Agreement Exhibit B INDEPENDENT CONTRACTOR PRIVACY AND SECURITY PROTECTIONS RECITALS The purpose of this Agreement is to enable
More informationTERMS AND CONDITIONS OF SERVICE 1. DEFINITIONS: Affiliate means any entity which directly or indirectly owns or controls, is controlled by, or is
TERMS AND CONDITIONS OF SERVICE 1. DEFINITIONS: Affiliate means any entity which directly or indirectly owns or controls, is controlled by, or is under common control with, Donnelley Financial or Client,
More informationDATA PROTECTION ADDENDUM
DATA PROTECTION ADDENDUM In the event an agreement ( Underlying Agreement ) entered into by and between (i) either Sunovion Pharmaceuticals Inc. or its subsidiary, Sunovion Pharmaceuticals Europe Ltd.
More informationIt s as AWESOME as You Think It Is!
It s as AWESOME as You Think It Is! Fine Print This presentation and any materials and/or comments are training and educational in nature only. They do not establish an attorney-client relationship, are
More informationHIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA
HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA ALLISON SHUREN, J D, MSN Financial Disclosure Gerald Meltzer is a consultant for imedicware Allison Shuren co-chairs the Life Sciences and Healthcare Regulatory
More informationSUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT
SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (Revised on March 1, 2016) THIS HIPAA SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into on (the Effective Date ), by and between ( EMR ),
More informationHIPAA Data Breach ITPC
HIPAA Data Breach Objectives Overview of Omnibus Rule - Data Breach Suspected Breach - Investigation Audit Risk Assessment Corrective Action Plan Written Notification Elements NYS Rules on Data Breach
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationHIPAA Background and History
Agenda Jeffery P. Drummond Lawyers as HIPAA Business Associates: Ethical Obligations and Practical Tips for Compliance Dallas Bar Association January 17, 2018 Jamie Sorley An Overview of HIPAA The Privacy
More informationHIPAA COMPLIANCE. for Small & Mid-Size Practices
HIPAA COMPLIANCE for Small & Mid-Size Practices Golden State Web Solutions 619.825.GSWS (4797) INTRODUCTION Most individuals reading this are interested in HIPAA, GSWS, or some combination of the two;
More informationParticipation in the ACR National Radiology Data Registry
Participation in the ACR National Radiology Data Registry Your facility has indicated its willingness to participate in the American College of Radiology s (ACR s) National Radiology Data Registry (NRDR).
More informationLEGAL ISSUES IN HEALTH IT SECURITY
LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson
More informationTrue or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)
Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationGroup Insurance Trust of the California Society of Certified Public Accountants SUBSCRIPTION AGREEMENT Effective January 1, 2017
Group Insurance Trust of the California Society of Certified Public Accountants SUBSCRIPTION AGREEMENT Effective January 1, 2017 Revised 10/26/2016 v.6 (Please type or print clearly and initial or sign
More information2017 Copyright The Sequoia Project. All rights reserved.
Exhibit 1 Carequality Connection Terms As used herein, Organization refers to the Carequality Connection upon which these Carequality Connection Terms are binding and Sponsoring Implementer refers to the
More informationAGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION
AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION THIS AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION ( PHI ) ( Agreement ) is entered into between The Moses H. Cone Memorial Hospital Operating
More informationHIPAA Privacy Overview
HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview
More informationWEBSITE TERMS OF USE
WEBSITE TERMS OF USE ACCEPTANCE OF TERMS: The TERMS OF USE that follow govern your use of this website. The websites are managed by the SEIU Benefit Funds, which includes the SEIU National Industry Pension
More informationTo: Our Clients and Friends January 25, 2013
Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health
More informationPresented by Marti Arvin Chief Compliance Officer UCLA Health Sciences
Presented by Marti Arvin Chief Compliance Officer UCLA Health Sciences 1 Brief discussion of where we have been and where we are going Discussion of Federal Enforcement Actions Privacy and Security issue
More information2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.
HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,
More informationBUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)
BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) This HIPAA Business Associate Agreement ( Agreement ) is entered into this day of, 20, by and between
More informationHEALTHCARE INDUSTRY SESSION CYBER IND 011
HEALTHCARE INDUSTRY SESSION CYBER IND 011 Speakers: Jody Westby, Chief Executive Officer, Global Cyber Risk René Siemens, Partner, Covington & Burling LLP Brent Rieth, Senior Vice President and Team Leader,
More informationTEMPLATE LARGE PHYSICIAN PRACTICE ACQUISITION DUE DILIGENCE INFORMATION REQUEST
TEMPLATE LARGE PHYSICIAN PRACTICE ACQUISITION DUE DILIGENCE INFORMATION REQUEST In connection with the proposed transaction under discussion, we would appreciate your assistance in locating and assembling
More informationHealth Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates
Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates I. OVERVIEW/DEFINITIONS The Health Insurance Portability and Accountability Act (HIPAA) is a federal
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is entered into this day of, 20, by and between the University of Maine System acting through the University of ( University
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationSoftware Development Agreements: Negotiating and Drafting Key Provisions
Presenting a live 90-minute webinar with interactive Q&A Software Development Agreements: Negotiating and Drafting Key Provisions Structuring Contracts to Allocate Risk, Avoid Legal Pitfalls, and Minimize
More informationTERMS OF USE. Unless otherwise noted, all tickets, goods, and services sold on the TicketBiscuit platform adhere to a NO REFUNDS, NO EXCHANGES policy.
TERMS OF USE Hello & welcome, ticket purchasers! The following Terms of Use govern the use of this site, www.ticketbiscuit.com, www.tututix.com, www.whistletix.com, www.statechamps.com, and www.battlepass.com,
More informationEXCERPT. Do the Right Thing R1112 P1112
MD A n d e r s o n s S t a n d a r d s O f C o n d u c t: EXCERPT Do the Right Thing R1112 P1112 Privacy and Confidentiality At MD Anderson, we are committed to safeguarding the privacy of our patients
More informationThe Audits are coming!
HIPAA and Meaningful Use (MU) Governmental Program Audits The Audits are coming! The Audits are coming! 1 Audit Readiness Meaningful Use and HIPAA Both CMS and the Office for Civil Rights (OCR) have been
More informationREGISTRY PARTICIPATION AGREEMENT
REGISTRY PARTICIPATION AGREEMENT This Registry Participation Agreement ( Participation Agreement ) is made this day of, 20 ( Effective Date ), between the American Academy of Neurology Institute, a 501c3,
More informationFuture of Healthcare in Washington April 2, Christiansen IT Law
An Ounce (or More) of Prevention: Getting Ready for OCR Breach Notification and Regulatory Investigations. Future of Healthcare in Washington April 2, 2014 Presenter CV John R. Christiansen, J.D. - Christiansen
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationPsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)
PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 1/28/2016 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to
More informationBusiness Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)
Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into by and between Washington Dental Service
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationTHE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES
THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES Effective: November 8, 2012 Terms used, but not otherwise defined, in this Policy and Procedure have
More informationHow Bundled Payments Create Value in New Product Designs Cognizant
How Bundled Payments Create Value in New Product Designs 1 About Cognizant 2 This Will Not Take Long. 3 What is a Health Insurance Product? 4 Understanding Product Design Commercial Insurance One specific
More informationAFTER THE OMNIBUS RULE
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member
More informationWEBSITE TERMS OF USE
Last Modified: November 7, 2017 WEBSITE TERMS OF USE Welcome to www.westsidememberlogin.com (this Website ), a website created by Michael L. Johnson, LLC, a California limited liability company ( Company,
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationBUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( this Agreement ) is made and entered into as of this day of 2015, by and between TIDEWELL HOSPICE, INC., a Florida not-for-profit corporation,
More informationSection 1 - Errors and Omission
ELECTRONICS AND INFORMATION TECHNOLOGY ERRORS AND OMISSIONS, INTELLECTUAL PROPERTY RIGHTS APPLICATION (Claims made Coverage) Some sections of the application will not apply to your firm. Where this is
More informationGroup Insurance Trust of the California Society of Certified Public Accountants SUBSCRIPTION AGREEMENT Sole Practitioners Effective January 1, 2019
Group Insurance Trust of the California Society of Certified Public Accountants SUBSCRIPTION AGREEMENT Sole Practitioners Effective January 1, 2019 Revised 10/18/18 v.8 (Please type or print clearly and
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationBusiness Associate Risk
Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation
More informationHIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule
HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More informationGROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT
GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT This Agreement, made between Group Health Inc., having its principal office at 55 Water Street, New York, NY 10041 ("GHI"), and, having its principal office
More informationThis Webcast Will Begin Shortly
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! QUESTIONS REGARDING TECHNOLOGY AGREEMENTS
More informationDATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY Coverage under this endorsement is subject to the following: PART 1 RESPONSE
More informationTechnology & IP Forum: Technology Agreements Staying Ahead of the Curve with Checklists and Practice Pointers for Numerous Important Issues
Technology & IP Forum: Technology Agreements Staying Ahead of the Curve with Checklists and Practice Pointers for Numerous Important Issues Alan Fishel Partner Arent Fox Washington, D.C. Office: 202-857-6450
More informationAssessing and Mitigating Risk Under the HIPAA Omnibus Rule
Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta
More informationAssessing and Mitigating Risk Under the HIPAA Omnibus Rule
Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta
More informationBuilding a Program to Manage the Vendor Management Lifecycle
Building a Program to Manage the Vendor Management Lifecycle Libbie Canter Amelia Hukoveh Daniel Nazar October 5, 2017 Overview 1. Introduction and Background 2. Three Pillars of Third-Party Risk Management
More informationBitwise ( Wifi ) Internet Customer Agreement
Bitwise ( Wifi ) Internet Customer Agreement This Agreement is made by and between Bitwise, Inc. ( Bitwise ) a Michigan company with a headquarters address at 411 West Flint Street, Davison, MI and Customer
More information