Privacy and Security Laws Beyond HIPAA: Protecting Consumer Information. Webinar Presented by Laura Bird January 29, 2014
|
|
- Roger McKinney
- 6 years ago
- Views:
Transcription
1 Privacy and Security Laws Beyond HIPAA: Protecting Consumer Information Webinar Presented by Laura Bird January 29,
2 Module Contents Introduction Privacy and Security of Personally Identifiable Information under the Affordable Care Act Privacy and Security of Federal Tax Information under the Tax Code Other Requirements on Certified Application Counselors and Navigators under Agreements with the Centers for Medicare & Medicaid Services Authorized Representative Designation & Privacy Other Considerations & Guidance 2
3 Introduction 3
4 Acronyms Acronym ACA CAC CDO CMS FFM FTI HIPAA IRS PHI PII QHP Meaning Affordable Care Act Certified Application Counselor Certified Designated Organization Centers for Medicare & Medicaid Services Federally Facilitated Marketplace Federal Tax Information Health Insurance Portability and Accountability Act Internal Revenue Service Protected Health Information Personally Identifiable Information Qualified Health Plan 4
5 Why is Protecting Consumer Information Important? Besides the fact that it can harm a person personally and financially Purpose of Marketplace is to help people get insured. Enrollment assisters have a key role in protecting information. Disclosure can result in civil and criminal penalties. 5
6 Enrollment Assisters Types Navigators Non-Navigator Assister Personnel Certified Application Counselors Authorized Representatives Outreach and Enrollment Workers Agents and Brokers (not discussed here) Enrollment Assisters will need to be familiar with applicable privacy and security laws beyond HIPAA in providing assistance to consumers. 6
7 Enrollment Assisters & Privacy Enrollment assisters who assist consumers apply for coverage will have access to a consumer s personal information. Enrollment assisters are bound by the ACA, as well as other privacy laws, to protect consumer information that the enrollment assister may be exposed to and have a duty to ensure that it s not used or shared in a harmful way. 7
8 Privacy and Security of PII Under The ACA 8
9 Compliance with HIPAA is not Enough I/T/Us are required to comply with the HIPAA Privacy, Security and Breach Notification Rules as to the PHI created, maintained, or transmitted. The ACA privacy and security standards are broader than HIPAA. Complying with HIPAA is not enough to comply with ACA privacy and security standards. 9
10 Eight ACA Privacy and Security Standards 1. Individual access 2. Correction 3. Openness and transparency 4. Individual choice 5. Collection, use and disclosure limitations 6. Data quality and integrity 7. Safeguards 8. Accountability 10
11 Confidentiality of Consumer s PII Under the ACA A consumer is required to provide only the information strictly necessary to verify identity, determine eligibility for insurance, and determine the amount of the tax credit or cost sharing reduction. Any person (including enrollment assisters) who receives information provided by an applicant or from a Federal agency shall use the information only for the purpose of ensuring efficient operation of the Marketplace and shall not disclose the information to any other person. See Section 1411(g) of the Affordable Care Act. 11
12 What is the Penalty for Disclosing PII? A.person who knowingly and willfully uses or discloses information in violation of section 1411 (g) of the Affordable Care Act will be subject to a civil penalty of not more than $25,000 per person or entity, per use or disclosure, in addition to other penalties that may be prescribed by law. 45 C.F.R (g). 12
13 Examples of Information Considered PII Under the ACA Name Biometric Records (e.g., height, weight, etc.) Medical Information Social Security Number Phone Number Educational Information Date and Place of Birth Address Financial Information Mother s Maiden Name Driver s License Number Employment Information *These are only examples, the CMS Agreements include a long list of the types of PII a Navigator or CAC may receive. 13
14 Non-Exchange Entity A Marketplace must require the same or more stringent privacy and security standards as a condition of an agreement with a Non- Exchange entity. A Non-Exchange entity specifically includes Navigators, CACs and agents and brokers. A Tribe or organization with Outreach and Enrollment Workers may be considered a Non- Exchange entity. 14
15 Non-Exchange Entity (cont d) A Non-Exchange entity is not specifically defined in the regulations but refers to: Individuals or entities, such as Navigators, agents, and brokers, that: (1) Gain access to personally identifiable information submitted to the Exchange; or (2) Collect, use or disclose personally identifiable information gathered directly from applicants, qualified individuals, or enrollees while that individual or entity is performing the functions outlined in the agreement with the Exchange. 15
16 Applicable Laws and Requirements Type of Enrollment Assister Applicable ACA Security and Privacy Laws and Other Requirements Navigators Section 1411 (g); 45 C.F.R ; 45 C.F.R ; CMS Agreement with Attachments; and MARS-E Suite of Documents Non-Navigator Personnel Assistance (In Person Assisters) Certified Assistance Counselors Authorized Representatives Outreach and Enrollment Workers Section 1411 (g); 45 C.F.R ; State Marketplace Agreement (if applicable) Section 1411 (g); 45 C.F.R ; 45 C.F.R ; CMS Agreement with Appendices; and MARS-E Suite of Documents Section 1411(g) 45 C.F.R ; and Authorized Representative Designation Form Section 1411(g); likely considered a Non-Exchange entity subject to the same laws as CACs. 16
17 Oversight of ACA Privacy and Security Standards HHS has oversight and monitors: State has oversight and monitors: Federally-facilitated Non-Exchange Entities in a Marketplaces State-based Marketplace State Partnership Marketplaces Non-Exchange Entities in an FFM State-based Marketplaces Caveat: If your Tribe or organization entered into an agreement with the State then your Tribe or organization may have agreed to comply with other state privacy and security laws. 17
18 Section Summary: What You Need to Know You must keep the consumer s information confidential, never disclose information to others. Under ACA, there are civil penalties for disclosure of confidential information. Critical to maintain consumer s trust! 18
19 Questions??? 19
20 Privacy and Security of FTI under The Tax Code 20
21 Under the Tax Code The ACA regulations incorporate reference to the Tax Code. Under the Tax Code, if you have access to Federal Tax Information (FTI) from the IRS or a secondary source to carry out consumer eligibility requirements for premium tax credits or any cost sharing reduction, or eligibility in a State Medicaid Program, CHIP or basic health program, you are bound not to disclose FTI obtained in any manner in connection with the service provided to the consumer. FTI includes returns and return information and must be kept confidential. 21
22 Federal Tax Information (FTI) FTI is any return or return information received from the IRS or a secondary source. Return Return Information Any tax or information return (e.g., 1040, 1040A, 1040EZ, etc.), including forms such as W-2s and 1099s. Declaration of estimated tax Claim for refund Any amendment or supplement Supporting schedules, attachments or lists which are part of the return Any information collected or generated by the IRS regarding any person s liability or possible liability for any tax, penalty, interest, fine, forfeiture, or offense Information extracted from a return, including dependents or location of business The taxpayer s name, address, and identification number (e.g., SSN or EIN) Information collected about any person s tax matters Information about a person s income, finances, debts, deductions and exemptions 22
23 FTI Available through Marketplaces Under the Tax Code Taxpayer identity information Filing status (single, married, etc.) The number of individuals for whom a deduction is allowed The taxpayer s modified adjusted gross income (MAGI) The taxable year of the information, or that such information is not available. Other information that might indicate whether an individual is eligible for the premium tax credit, or cost sharing reductions, and the amount. 23
24 Protecting FTI Do not retain the FTI after the enrollment session is over. Never access FTI if the information is not needed for the consumer s enrollment. If you have access to a consumer s FTI, do not disclose the FTI. Criminal penalties and civil liability can result from unauthorized access or disclosure of FTI. 24
25 What is Considered Unauthorized Access? Unauthorized access occurs when an entity or individual receives or has access to FTI without authority. Criminal penalty: Misdemeanor punishable by a fine of up to $1,000, or imprisonment of not more than one year, or both, plus the costs of prosecution. Civil liability: A taxpayer may sue the employee or assister for damages. 25
26 What is Considered Unauthorized Disclosure? Unauthorized disclosure occurs when an entity or individual with authorization to receive FTI discloses FTI to another entity or individual who does not have the authority and a need-to-know. Criminal penalty: Felony punishable by a fine of up to $5,000, or imprisonment of not more than one year, or both, plus the costs of prosecution. Civil liability: A taxpayer may sue the employee or assister for damages. 26
27 Section Summary: What You Need to Know FTI is only that information received directly from the IRS or through a secondary source. Never retain FTI after the enrollment session ends. Even if you receive the return or return information from a consumer directly to assist with an application, do not keep this information in your files and make sure to return it to the consumer. 27
28 Questions??? 28
29 Other Requirements on Navigators and CACs under CMS Agreement 29
30 Additional Navigator and CAC Requirements Navigators and CACs are subject to six categories of privacy and security standards that the Navigator or CAC organization agreed to with CMS, including any attachments and referenced documents. Note: Links to the documents are provided in the next slide. As a Navigator or CAC, you may be required to sign an agreement with your employer to perform your duties as a Navigator or CAC. Recommendation: These standards should also be followed by I/T/Us not under a formal agreement with CMS or a Marketplace as minimal standards to ensure the protection of consumer information. 30
31 Links to Referenced Documents Model Navigator Assistance Consent Form in FFM, available at Model CAC Authorization Form in FFM, available at onsent%20form.pdf Appendices to Model Agreement Between CAC and Organization in FFM, available athttp://revcycle.med.umich.edu/sites/default/files/appendices%2 0to%20the%20CDO- CAC%20Model%20Agreement%20%282%29.pdf MARS-E Suite of Documents, available at 31
32 6 Categories of Privacy and Security Standards 1- Individual Access: Organization must have policies and procedures in place to provide consumers with access to PII upon request. Organization must respond to a request for access and grant or deny request within 30 days. 2- Openness & Transparency: Organization must provide a Privacy Notice Statement that is prominently and conspicuous displayed on a public facing website (if applicable), or in electronic form and/or paper form that will be used to gather and/or request PII. 32
33 6 Categories of Privacy and Security Standards (cont d) 3- Individual Choice: Organization may only use PII for the functions and purposes listed in the Privacy Notice Statement and any agreements that were in effect when PII was collected unless the consumer s informed consent is obtained. The consent must be appropriately secured and retained for 10 years. 4- Collection, use and disclosure limitations: Organization should always try to collect PII directly from the consumer when information may result in an adverse determination about benefits. 33
34 6 Categories of Privacy and Security Standards (cont d) 5- Data quality & integrity: Organization must allow a consumer the right to amend, correct, substitute or delete PII. Such request must be granted or denied within 10 working days of request. Organization must verify consumer s identity. Organization must maintain an accounting of any and all disclosures for at least 10 years after the disclosure, or the life of the record, whichever is longer. 34
35 6 Categories of Privacy and Security Standards (cont d) 6- Accountability: Organization must implement breach and incident handling procedures. Organization shall incorporate privacy and security standards and implementation procedures in its standard operating procedures as to PII. Organization shall develop training and awareness programs for members of its workforce involved with PII. Organization shall adopt and implement Security Control Standards. 35
36 Model Consent Form Templates Navigator Model Consent Form Selected privacy and security standards: [Navigator] will make sure that my PII is kept private and secure Navigator should not maintain or store any of my PII Navigator will make sure that any stored PII is kept private and secure If [Navigator] does collect, handle, disclose, access, maintain, store and/or use my PII.[Navigator] will keep that PII private and secure. CAC Model Consent Form Selected privacy and security standards: [CAC] will follow privacy and information security standards when creating, collecting, disclosing, accessing, maintaining, storing and/or using my PII.Information about these standards will be provided. [CAC] aren t expected or required to maintain or store any of my PII and/or the PII of my authorized representative, other than this authorization form, but if [CAC] do maintain or store my PII, they will follow privacy and information security standards. Note: See slide #31 for links to these consent forms. 36
37 Consent Form Modifications Mailing Documents for Consumers CMS Training: The best practice discourages mailing of applications by CAC. See Privacy and Security Standards, Course 13. Best practice is to ask the consumer to mail the application him/herself. However, where consumer may be unable to accomplish this task, you could have a separate consent form allowing the organization/assister to mail the application releasing the organization/assister from liability. 37
38 Section Summary: What You Need to Know Always provide a Privacy Notice Statement to consumer. Always obtain a consent form before assisting a consumer. Always obtain informed consent (separate form) for any use or disclosure of consumer s information outside of the Privacy Notice Statement. Consents must be kept for 10 years. Keep track of any disclosures made as to consumer s information. Must be kept for 10 years. Report any breaches of the consumer s PII or FTI. 38
39 Questions??? 39
40 Authorized Representative Designation & Privacy 40
41 What is an Authorized Representative? An authorized representative is a person or organization authorized by a consumer to assist the consumer with his or her application and enrollment in insurance in the Marketplace. An authorized representative should have authority to also work with the QHP, but a separate form could be required. A consumer should select a person or organization that the consumer trusts to act as his or her representative since this person will have access to the consumer s PII. The FFM paper application allows a consumer to name an authorized representative, but it may be done through the electronic application. A consumer may revoke a designation at any time. 41
42 Duties of Authorized Representative An authorized representative may be authorized to: Sign the application on behalf of the consumer Submit an update or respond to a redetermination for the consumer Receive copies of the consumer s notices and other communications from the Marketplace; and Act on behalf of the consumer in other matters with the Marketplace. See 45 C.F.R (c). 42
43 Requirements of Authorized Representative Designation Must be in a written document signed by consumer, or through another legally binding format. Marketplace must ensure that the authorized representative agrees to maintain, or be legally bound to maintain, the confidentiality of any information regarding the consumer. Marketplace must ensure that the representative is responsible for fulfilling all required duties. Marketplace must provide information to both the consumer and the authorized representative regarding representative s powers and duties. See 45 C.F.R (a)(2)-(5). 43
44 Timing of Designation The Marketplace must permit a consumer to designate an authorized representative: At the time of the application; or At other times and methods, including: Via an internet website By telephone through a call center By mail In person See 45 C.F.R (b), (c)(2). 44
45 Language in FFM Paper Application By signing an authorized representative designation, a consumer gives the representative: Permission to talk about the consumer s application with the Marketplace See consumer s information Act on consumer s behalf on matters related to the application, including obtaining information about consumer s application Sign the application on consumer s behalf. 45
46 Authorized Representative Designation in Selected State-based Marketplaces State CO MA MN NV OR Authorized Representative Form Part of application. Same terms as FFM designation, but adds that authorized representative takes legal responsibility for the information provided in the application. Note: Specifically states that an enrollment assister can act as an authorized representative but must provide documentation that consumer cannot act on own behalf. Separate form explaining in detail who may be selected as an Authorized Representative and includes additional terms and disclosures. Available at: Part of application. Same language as FFM designation. Separate form with additional terms and disclosures. No link but can be googled, enter Consent for Facilitated Enrollment by An Authorized Representative. Separate form with the same language as FFM but additional language at signature line states that Authorized Representative understands that he/she is liable for repayment of an overpayment if he/she knowingly withholds information or gives incorrect or incomplete information. Available at 46
47 Authorized Representative v. CAC Consideration Training Privacy and Confidentiality Applicable ACA Laws and Regulations Other Requirements Access to Information I/T/U Authorized Representative May not be formally trained on Marketplace enrollment process. No specific training on privacy and confidentiality of consumer information beyond HIPAA. Section 1411 (g); 45 C.F.R If within an I/T/U, privacy practices would apply in handling PHI. Complete access to consumer information. I/T/U CAC Certified to assist consumers in the State. Familiar with process. Received specific training on privacy and confidentiality of consumer information in Marketplace. Section 1411 (g) 45 C.F.R , Compliance with all terms in organization s agreement with CMS, including any attachments and referenced documents. Potentially less access to consumer information. 47
48 Can a CAC also be an Authorized Representative? Yes. A CAC can also be designed as a consumer s authorized representative. 48
49 Section Summary: What You Need to Know Authorized representatives must agree to maintain confidentiality of consumer information. Best practice for authorized representatives within an I/T/U would be to follow the same or similar standards as Navigators and CACs under CMS Agreements. 49
50 Other Considerations & Guidance 50
51 Tribal Sponsorship Considerations Tribes involved in Tribal Sponsorship of QHPs in the Marketplace should only collect and retain information solely for the purpose of administrating the program. May include very sensitive information, such as claims data or other medical information. Follow the same six privacy and security standards previously discussed (see slides 32-35). Make sure to tailor Privacy Notice Statement and consent forms to Tribal Sponsorship. 51
52 General Guidance on Physical and Electronic Protection of Information Secure PII in a locked file cabinet, and limit access. Password protect computers and electronic files containing consumer information, and limit access. Never PII/FTI, or request this information via . Do not keep notes with a consumer s PII/FTI. Never leave consumer information unattended on your desk or computer screen. 52
53 Questions??? 53
Privacy and Security Standards
Contents Privacy and Security Standards... 3 Introduction... 3 Course Objectives... 3 Privacy vs. Security... 4 Definition of Personally Identifiable Information... 4 Agent and Broker Handling of Federal
More informationHow to Obtain a Consumer s Authorization before Gaining Access to Personally Identifiable Information (PII)
How to Obtain a Consumer s Authorization before Gaining Access to Personally Identifiable Information (PII) Some of the first steps that Navigators, non-navigator assistance personnel (in-person assisters),
More informationNevada Health Link Privacy Policy
Nevada Health Link Privacy Policy Nevada Health Link may collect sensitive information from consumers in order to perform Nevada Health Link functions, such as enrollment in qualified health plans (QHPs)
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationTexas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300
Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas
More informationCHAPTER 33 HIPAA PRIVACY REGULATIONS
CHAPTER 33 HIPAA PRIVACY REGULATIONS I. INTRODUCTION The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress and signed into law by President Clinton in 1996. Most people
More informationMNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota
MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota 1. MNsure Duties A. Application Counselor Duties (a) (b) (c) (d) (e) (f) Develop and administer
More informationUniversity of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim)
Group Insurance Regulations Administrative Supplement No. 19 April 2003 University of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim) The University
More informationHIPAA Privacy & Security. Transportation Providers 2017
HIPAA Privacy & Security Transportation Providers 2017 HIPAA Privacy & Security As a non emergency medical transportation provider, you deal directly with Medicare and Medicaid Members healthcare information
More information1 DEPARTMENT OF HEALTH & HUMAN SERVICES Centers for Medicare & Medicaid Services 200 Independence Avenue SW Washington, DC 20201 Date: May 1, 2013 From: Center for Consumer Information and Insurance Oversight
More informationConsumer Complaints about Marketplace Enrollments
Consumer Complaints about Marketplace Enrollments Center for Consumer Information and Insurance Oversight (CCIIO ) Center for Program Integrity (CPI) Marketplace Integrity Team July 31, 2017 Description
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More information16 th Karnataka IS Audit Conference. PII Risk Management. Srinivasan S K CISA, CISM, President, SKS Consulting
16 th Karnataka IS Audit Conference PII Risk Management 20 th July 2013 Srinivasan S K CISA, CISM, President, SKS Consulting 1 In Theory, Theory and Practice are the same In Practice They Are Not Lawrence
More informationEffective Date: 4/3/17
HIPAA AND HITECH ADM 067.4 Attachment D Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule Health Information Technology for Economic and Clinical Health (HITECH)
More informationChildren with Special. Services Program Expedited. Enrollment Application
Children with Special Health Care Needs (CSHCN) Services Program Expedited Enrollment Application Rev. VIII Introduction Dear Health-care Professional: Thank you for your interest in becoming a Children
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationAFFORDABLE INSURANCE EXCHANGES: HIGHLIGHTS OF THE PROPOSED RULES
45 CFR, Parts 155 and 157 Patient Protection and Affordable Care Act; Exchange Functions in the Individual Market: Eligibility Determinations; September, 2011 National Conference of State Legislatures
More informationSummary Comparison of Current Senate Data Security and Breach Notification Bills
Data Security reasonable Standards measures Specific Data Security Requirements Personal Information Definition None (a) First name or (b) first initial and last name, in combination with one of the following
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationARTICLE 1. Terms { ;1}
The parties agree that the following terms and conditions apply to the performance of their obligations under the Service Contract into which this Exhibit is being incorporated. Contractor is providing
More informationNOTIFICATION OF PRIVACY AND SECURITY BREACHES
NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS
COVERYS RRG, INC. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS WHEREAS, the Administrative Simplification section of the Health Insurance Portability and
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationHIPAA FUNDAMENTALS For Substance abuse Treatment Industry
HIPAA FUNDAMENTALS For Substance abuse Treatment Industry (c)firststepcounselingonline2014 1 At the conclusion of the course/unit/study the student will... ANALYZE THE EFFECTS OF TRANSFERING INFORMATION
More informationEGYPTIAN ELECTRIC COOPERATIVE ASSOCIATION POLICY BULLETIN NO. 214A
CASH AND BENEFITS PLAN (SECTION 125 PLAN) HIPAA POLICIES AND PROCEDURES EFFECTIVE DATE: APRIL 14, 2004 It is the intent of the Egyptian Electric Cooperative Association (EECA) to comply in all respects
More informationTHE INDIANA NAVIGATOR PROGRAM: What Healthcare Providers Need to Know
THE INDIANA NAVIGATOR PROGRAM: What Healthcare Providers Need to Know Presented by: J Hopkins, Vice President Beth Overmyer, Executive Vice President ClaimAid Consulting Version 2.14.14 THE INDIANA NAVIGATOR
More informationAffiliated Service Providers of Indiana Navigator Program ICCMHC Webinar January 13, 2014
Affiliated Service Providers of Indiana Navigator Program ICCMHC Webinar January 13, 2014 The mission of ASPIN is to provide innovative educational programs, resource management, program development, and
More informationBusiness Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)
Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into by and between Washington Dental Service
More informationNew Group Application & Enrollment Packet
New Group Application & Enrollment Packet Welcome to Delta Dental of Colorado. We appreciate your business and want to get you on board as efficiently as possible. This packet contains all the forms you
More informationHealth Screening Benefit Claim Form
Part 1 Health Screening Benefit Claim Form Things to know before you begin Complete Part 1 of the claim form (pages 1-5). In addition to Part 1, you will also need to submit Proof Requirements. There are
More informationLIMITED DATA SET REQUEST AND DATA USE AGREEMENT
LIMITED DATA SET REQUEST AND DATA USE AGREEMENT For Facility Use Only: Date Request Received: / / Instructions: Carefully review and complete this Request for a Limited Data Set of PHI and Data Use Agreement.
More informationState Health Reform Assistance Network
State Health Reform Assistance Network Charting the Road to Coverage ISSUE BRIEF March 2014 Consumer Assistance Resource Guide: American Indians and Alaska Natives Prepared by the Center for Health Care
More informationHIPAA and Lawyers: Your stakes have just been raised
HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory
More informationEligibility & Enrollment Regulations
Eligibility & Enrollment Regulations Thien Lam Deputy Director, Eligibility & Enrollment California Health Benefit Exchange Board Meeting September 19, 2013 Eligibility & Enrollment Proposed State Regulations
More informationBusiness Associate Agreement For Protected Healthcare Information
Business Associate Agreement For Protected Healthcare Information This Business Associate Agreement ( Agreement ) is entered into this 24th day of February 2017, between PRACTICE-WEB, Inc., a California
More informationMarch 1. HIPAA Privacy Policy
March 1 HIPAA Privacy Policy 2016 1 PRIVACY POLICY STATEMENT Purpose: The following privacy policy is adopted by the Florida College System Risk Management Consortium (FCSRMC) Health Program and its member
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationAugust 27, California Health Benefit Exchange Attn: Tessa Hammer 1601 Exposition Blvd Sacramento, CA 95815
ADVANCE NOTICE OF INTENT TO FILE EMERGENCY REGULATIONS TITLE 10. INVESTMENT CHAPTER 12. CALIFORNIA HEALTH BENEFIT EXCHANGE ARTICLE 4. GENERAL PROVISIONS This notice is sent in accordance with Government
More informationSubject HHS Commentary From Preamble Regulatory Provision Agent Specific Provisions Definition of Agent/Broker
National Association of Health Underwriters Overview of Provisions in the Proposed Federal Rule on the Establishment of Exchanges and Qualified Health Plans (Released on July 11, 2011) of Specific Interest
More informationHIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.
HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure
More informationCompliance Program. Health First Health Plans Medicare Parts C & D Training
Compliance Program Health First Health Plans Medicare Parts C & D Training Compliance Training Objectives Meeting regulatory requirements Defining an effective compliance program Communicating the obligation
More informationNovember 7, California Health Benefit Exchange Attn: Tessa Hammer 1601 Exposition Blvd Sacramento, CA 95815
November 7, 2016 ADVANCE NOTICE OF RE-ADOPTION OF EMERGENCY REGULATIONS TITLE 10. INVESTMENT CHAPTER 12. CALIFORNIA HEALTH BENEFIT EXCHANGE ARTICLE 4. GENERAL PROVISIONS This notice is sent in accordance
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into on the Effective Date of the Azalea Health Software as a Service Agreement and/or Billing Service Provider
More informationSOCIAL SECURITY ADMINISTRATION. [Docket No. SSA ] Privacy Act of Proposed New Routine Uses and System of Records Alterations
This document is scheduled to be published in the Federal Register on 04/22/2013 and available online at http://federalregister.gov/a/2013-09343, and on FDsys.gov SOCIAL SECURITY ADMINISTRATION [Docket
More informationEmployer Reporting of Health Coverage Code Sections 6055 & 6056
Brought to you by Raffa Financial Services Employer Reporting of Health Coverage Code Sections 6055 & 6056 The Affordable Care Act (ACA) created new reporting requirements under Internal Revenue Code (Code)
More informationSelf-Pay Patient Eligibility and Enrollment Assistance Considerations under the ACA
Page 1 Self-Pay Patient Eligibility and Enrollment Assistance Considerations under the ACA by Shanna Hanson, FHFMA Summary One of our industry s reform knowledge leaders overviews some very key self pay
More informationThe Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees
The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees 1 Who Needs Training? Employees who come in contact with Protected Health Information including: Benefits
More informationAuthorization for Release Form for Potential Tenant to Complete and Residential Rental Application (either form may be used)
METROPOLITAN TENANT Phone: 847-993-0114 Fax: 847-993-0115 Nikki@Tenant-Screening.com 350 S Northwest Hwy, Suite 300, Park Ridge, IL 60068 www.tenant-screening.com Contents of Non-Corporate Individual Membership
More informationAETNA BETTER HEALTH OF KENTUCKY
AETNA BETTER HEALTH OF KENTUCKY Provider Secure Web Portal & Member Care Information Portal registration form Thank you for your interest in registering for the Aetna Better Health Provider Secure Web
More informationCalifornia Code of Regulations Title 10. Investment Chapter 12. California Health Benefit Exchange ( 6650 et seq.) Article 8. Enrollment Assistance.
California Code of Regulations Title 10. Investment Chapter 12. California Health Benefit Exchange ( 6650 et seq.) Article 8. Enrollment Assistance. 6650. Definitions.... 2 6652. Certified Enrollment Entities....
More informationThis form cannot act as an authorization to assign commissions. Appointment Form Only. Steps to obtain an Appointment:
Appointment Form Only Steps to obtain an Appointment: Complete the Personal Information Sheet Entirely The Personal Information Sheet is used to obtain information necessary to establish an appointment
More informationNew Federal Legislation Affecting Health Plans
New Federal Legislation Affecting Health Plans New COBRA Subsidy New Special Enrollment Rights New Privacy and Security Requirements in the HITECH Act Leslie Anderson Jessica Forbes Olson Mark Kinney March
More informationCOMPLIANCE; It s Not an Option
COMPLIANCE; It s Not an Option AAPC April 17, 2013 Rose B. Moore, CPC, CPC-I, CPC-H, CPMA, CEMC, CMCO, CCP, CEC, PCS, CMC, CMOM, CMIS, CERT, CMA-ophth President/CEO Medical Consultant Concepts, LLC Copyright
More informationOMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS
OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT Effective Date: September 23, 2013 RECITALS WHEREAS a relationship exists between the Covered Entity and the Business Associate that performs certain functions
More informationHIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE Policy Preamble This privacy policy ( Policy ) is designed to
More informationHIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?
HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What
More informationGeorgia Health Information Network, Inc. Georgia ConnectedCare Policies
Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Version History Effective Date: August 28, 2013 Revision Date: August 2014 Originating Work Unit: Health Information Technology Health
More informationIHDE BUSINESS ASSOCIATE AGREEMENT (BAA)
IHDE BUSINESS ASSOCIATE AGREEMENT (BAA) This Business Associate Agreement (BAA) is entered into by and between the Covered Entity aka. Data Provider/User, (please enter name of organization) and the Business
More informationHealth and Welfare Plan Compliance Checklist
Health and Welfare Plan Compliance Checklist ERISA Disclosure Requirements, including Plan document Summary plan description (SPD) Summary of material modifications or reductions (SMM or SMR) Summary of
More informationMedicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training. Developed by the Centers for Medicare & Medicaid Services
Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training Developed by the Centers for Medicare & Medicaid Services Important Notice This training module consists of two parts:
More informationHIPAA Business Associate Agreement
HIPAA Business Associate Agreement ICANotes LLC doing business at 1600 St Margarets Rd, Annapolis MD 21409 and, doing business at are parties to a Business Associate arrangement as defined under the Health
More informationHRSA and the Affordable Care Act: Accomplishments to Date, Opportunities Moving Forward
HRSA and the Affordable Care Act: Accomplishments to Date, Opportunities Moving Forward Rick Wilk HRSA Regional Administrator Chicago, IL July 16, 2014 Health Care by the Numbers In one day HHS saw 4.8
More informationBUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)
BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) This HIPAA Business Associate Agreement ( Agreement ) is entered into this day of, 20, by and between
More informationBlueprint for Approval of Affordable Statebased and State Partnership Insurance Exchanges
Blueprint of Afdable based and Partnership Insurance Exchanges Introduction The Afdable Care Act establishes Afdable Insurance Exchanges (Exchanges) to provide individuals and small business employees
More informationPrivacy Policy Training
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Policy Training General Information Level I Training HIPAA Project Management Office 1 Your HIPAA Privacy Officer: Name Goes
More informationCentral Fabrication Accreditation Application
Central Fabrication Accreditation Application Central Fabrication (non-patient care centers) will provide the following services. Central Fabrication Type: Check all that apply. o Orthotic (includes Pedorthic)
More informationHHS Notice of Proposed Rulemaking: Establishment of Exchanges and Qualified Health Plans
HHS Notice of Proposed Rulemaking: Establishment of Exchanges and Qualified Health Plans Clarifications and suggestions contained in the preamble are noted in italics. Requests for comment are noted in
More informationCompliance Steps for the Final HIPAA Rule
Brought to you by The Alpha Group for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions.
More informationPresented by Marti Arvin Chief Compliance Officer UCLA Health Sciences
Presented by Marti Arvin Chief Compliance Officer UCLA Health Sciences 1 Brief discussion of where we have been and where we are going Discussion of Federal Enforcement Actions Privacy and Security issue
More informationBecoming an Indiana Navigator and Certified Application Counselor
Becoming an Indiana Navigator and Certified Application Counselor Learning Objectives I. Introduce and explain the functions of consumer assistants II. Define Application Organizations, federal Navigators,
More informationInterpreters Associates Inc. Division of Intérpretes Brasil
Interpreters Associates Inc. Division of Intérpretes Brasil Adherence to HIPAA Agreement Exhibit B INDEPENDENT CONTRACTOR PRIVACY AND SECURITY PROTECTIONS RECITALS The purpose of this Agreement is to enable
More information2016 Business Associate Workforce Member HIPAA Training Handbook
2016 Business Associate Workforce Member HIPAA Training Handbook Using the Training Handbook The material in this handbook is designed to deliver required initial, and/or annual HIPAA training for all
More informationProviding Accessible Enrollment Assistance Under the ACA
Providing Accessible Enrollment Assistance Under the ACA Association of University Centers on Disabilities Conference Elaine Saly Families USA March 13, 2013 The Need for Assistance 75% of those eligible
More informationHospital Indemnity Insurance Claim Form
Hospital Indemnity Insurance Claim Form Things to know before you begin If you are submitting a claim for a Hospitalization which you have not yet reported to us, please complete this claim form. Once
More informationSDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates
Policy and Procedure: SDM HIPAA Terms and Conditions for (Adapted from UPMC s HIPAA Terms and Conditions for at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/terms.pdf) Effective: 03/30/2012
More informationHIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc
HIPAA Overview Health Insurance Portability and Accountability Act Premier Senior Marketing, Inc HIPAA Defined Acronym that stands for the Health Insurance Portability and Accountability Act, a US law
More informationVendor Code of Business Conduct & Ethics
Dear Valued Vendor, Horizon Blue Cross Blue Shield of New Jersey, including its subsidiaries and affiliates (collectively, Horizon BCBSNJ ), operates under high standards of conduct and we comply with
More informationSTATE OF FLORIDA DEPARTMENT OF. NO TALLAHASSEE, June 2, Chapter 1
CFOP 60-17 STATE OF FLORIDA DEPARTMENT OF CF OPERATING PROCEDURE CHILDREN AND FAMILIES NO. 60-17 TALLAHASSEE, June 2, 2008 Chapter 1 NOTICE OF PRIVACY POLICY AND MANAGEMENT AND PROTECTION OF PERSONAL HEALTH
More informationOCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC
Audit Type Section Key Activity Established Performance Criteria Audit Inquiry 12 Samples Requested Breach 164.414(a) Administrative 164.414(a) 164.414(a) 5 Inquiry of Mgmt Requirements Administrative
More informationCOMPLIANCE DEPARTMENT. LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT
COMPLIANCE DEPARTMENT LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT for COMPLIANCE, HIPAA PRIVACY, AND INFORMATION SECURITY SELF-STUDY GUIDE I hereby certify
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationChristina Agustin, MD Board Certified in Adult Psychiatry 1 Lake Bellevue Drive, Suite 101 Bellevue, WA Phone Fax:
Christina Agustin, MD Board Certified in Adult Psychiatry 1 Lake Bellevue Drive, Suite 101 Bellevue, WA 98005 Phone 425-301-9869 Fax: 866-546-1618 Welcome to my practice. I look forward to meeting with
More informationACA 101 Conference Call FAQs
ACA 101 Conference Call FAQs 1. How will MA help residents (particularly the most vulnerable) transition from the simplicity of needing a pay stub for eligibility to having to have their taxes filed? This
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationLIFE CLAIM KIT FOR PROCESSING LIFE INSURANCE AND ACCIDENTAL DEATH BENEFITS
LIFE CLAIM KIT FOR PROCESSING LIFE INSURANCE AND ACCIDENTAL DEATH BENEFITS INSTRUCTIONS FOR FILING A LIFE CLAIM On behalf of Boston Mutual Life Insurance Company, please accept our sincere condolences
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between, on behalf of its (School/Department/Division) (hereinafter referred to as Covered Entity ) and, (hereinafter Business Associate
More informationHIPAA Privacy For our Group Customers and Business Partners
HIPAA Privacy For our Group Customers and Business Partners Independent licensee of the Blue Cross and Blue Shield Association HIPAA, The Health Insurance Portability and Accountability Act of 1996, established
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More informationOKLAHOMA Medical Insurance for Individuals and Families
Client Tip Sheet OKLAHOMA Medical Insurance for Individuals and Families Thank you for applying for Medical Insurance for Individuals and Families. Please review the product materials so you understand
More informationVoluntary Benefits Disability Income Claim Form Claimant Initial Statement of Disability
Amalgamated Life Insurance Company Disability Benefits Claim Department P.O. Box 5453, White Plains, NY 10602-5453 Toll-Free: 1-866-975-4089 / Fax: 1-914-367-4114 Voluntary Benefits Disability Income Claim
More information1 Security 101 for Covered Entities
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationCompliance Steps for the Final HIPAA Rule
Compliance Steps for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions. The final rule
More informationHEALTH INFORMATION PRIVACY POLICIES & PROCEDURES
Drs. Hammond and von Roenn HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES These Health Information Privacy Policies & Procedures implement our obligations to protect the privacy of individually identifiable
More information104 Delaware Health Care Claims Database Data Access Regulation
104 Delaware Health Care Claims Database Data Access Regulation 1.0 Authority and Purpose 1.1 Statutory Authority. 16 Del.C. 10306 authorizes the Delaware Health Information Network (DHIN) to promulgate
More informationHealth Alliance Plan utilizes the Centers for Medicare and Medicaid Services (CMS) current definitions to define (FDRs):
January 2017 Table of Contents INTRODUCTION... 1 Definition of a First Tier, Downstream and Related Entity... 1 Definition of a Delegated Downstream Entity (DDE)... 2 REQUIREMENTS FOR FDRs/DDEs... 2 Compliance
More informationTEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement (this BA Agreement ) is made and entered into by ( Provider ), a, located at, and Texas Southern University, an agency and institution of higher education established
More informationUSD #262 VALLEY CENTER HIPAA MEDICAL PRIVACY POLICIES AND PROCEDURES. HIPAA Privacy Policies and Procedures -1-
USD #262 VALLEY CENTER HIPAA MEDICAL PRIVACY POLICIES AND PROCEDURES HIPAA Privacy Policies and Procedures -1- USD #262 Valley Center Organized Health Care Arrangement HIPAA Privacy Policy and Procedures
More informationHIPAA Basic Training for Health & Welfare Plan Administrators
2010 Human Resources Seminar HIPAA Basic Training for Health & Welfare Plan Administrators Norbert F. Kugele What We re going to Cover Important basic concepts Who needs to worry about HIPAA? Complying
More informationHIPAA PRIVACY RULE POLICIES AND PROCEDURES
HIPAA PRIVACY RULE POLICIES AND PROCEDURES Purpose: The purpose of this document is to educate, and identify the need to formally create and implement policies and procedures for Hudson Community School
More information