HIPAA Privacy & Security. Transportation Providers 2017
|
|
- Roderick Marcus Stevenson
- 6 years ago
- Views:
Transcription
1 HIPAA Privacy & Security Transportation Providers 2017
2 HIPAA Privacy & Security As a non emergency medical transportation provider, you deal directly with Medicare and Medicaid Members healthcare information every time you provide services. Much of this information is protected from disclosure by the Health Insurance Portability and Accountability Act, also known as HIPAA. This educational presentation seeks to explain the privacy and security of healthcare information in compliance with HIPAA. The materials also cover the Texas Medical Privacy law. Thank you for taking the time to review these materials. At the end of this presentation, you can take a quiz that presents hypothetical situations for you to analyze to test your knowledge.
3 Topics Covered What is HIPAA? Who is Subject to HIPAA? Protected Health Information HIPAA Privacy Reasonable Safeguards HIPAA Security Administrative Safeguards Physical Safeguards Technical Safeguards Handling PHI Security Breaches PHI Rights of Individuals Enforcement Quiz
4 What is HIPAA? HIPAA is a far reaching federal law passed in HIPAA does many things, but its primary purposes are: Privacy and security of healthcare information Standardization of healthcare data Insurance portability for individuals who lose or change jobs Preventing discrimination against applicants or businesses Preventing fraud with stiff penalties and tight controls As a federal law, HIPAA applies to all states. Keep in mind, however, that you must also comply with any more restrictive state laws regarding the privacy and security of healthcare information. If there is a conflict between HIPAA and state laws, HIPAA preempts state law unless the state law is more strict. In other words, you must follow whichever law provides greater protection to members.
5 Who is Subject to HIPAA? Covered Entities Organizations such as hospitals, insurance companies, self insured employers, and small physician practices are considered covered entities under HIPAA. There are three categories of covered entities: Healthcare plans Healthcare providers Clearinghouses Transportation providers brokers are not covered entities because they do not fall into any of these three categories.
6 Who is Subject to HIPAA? (continued) Business Associates Many covered entities use the services of other individuals and businesses to help them carry out their healthcare activities and functions. These business associates include auditors, consultants, lawyers, claims processing firms, pharmacy benefit managers, and the like. Business associates also include entities that provide data transmission services involving personal health information protected by HIPAA. A non emergency medical transportation broker is a business associate of the health plans and state Medicaid agencies who are their clients.
7 Who is Subject to HIPAA? (continued) Business associates are subject to HIPAA in several ways: They must provide written (contractual) assurance to the covered entity that they will comply with the HIPAA requirements imposed on them, use the information only for proper purposes and safeguard it from misuse, and help the covered entity comply with some of its HIPAA privacy related duties. They must comply with all HIPAA regulations requiring administrative, physical, and technical safeguards for the security of the protected information. They must comply with certain HIPAA regulations pertaining to the privacy of the information.
8 Who is Subject to HIPAA? (continued) The Security Rule A law passed after HIPAA went into effect, the Health Information Technology for Economic and Clinical Health Act, or HITECH (effective in 2010) made the HIPAA Security Rule directly applicable to business associates. Prior to this, business associates were only contractually liable to covered entities for any security (or privacy) violations. In other words, before HITECH, if a business associate violated HIPAA it would be in breach of contract, not in violation of HIPAA itself. Now, business associates are subject to the same HIPAA penalties as covered entities.
9 Who is Subject to HIPAA? (continued) The Privacy Rule Another law, the Omnibus Rule (effective in 2013) made certain portions of the HIPAA Privacy Rule directly applicable to business associates. The applicable portions are the general rules pertaining to uses and disclosures of protected information and organizational requirements.
10 Who is Subject to HIPAA? (continued) Business Associate Subcontractors In many instances, a business associate delegates functions, actions and services to subcontractors individuals and entities outside of the business associate's workforce. HIPAA requires agreements between business associates and their subcontractors providing that the subcontractor is subject to the same HIPAA requirements concerning access to and use of protected health information as the business associate. Subcontractors also are directly subject to HIPAA requirements separate and apart from their contractual agreements with business associates. For these reasons, the subcontracted transportation providers with NEMT brokers does business must also comply with HIPAA.
11 Protected Health Information (PHI) HIPAA protects information that qualifies as protected health information, or PHI. PHI is essentially any part of an individual's medical record or payment history. In HIPAA terms, PHI is information that concerns Any past, present or future physical or mental health of an individual Providing healthcare to an individual Payment for healthcare for an individual This means that when a NEMT broker enters trip information into its reservations system, a billing department clerk process trip logs and claims for payment, transportation brokers or providers speak with members on the phone or in person, or brokers and providers exchange trip manifests, any identifiable health information becomes PHI under HIPAA. HIPAA has separate but interrelated Privacy and Security rules. The Privacy Rule covers PHI in all forms, while the Security Rule covers only electronic PHI.
12 The Privacy Rule The Privacy Rule addresses the use and disclosure of PHI. In general, transportation providers may use or disclose a member s PHI only under these conditions: To communicate directly with the individual about his/her PHI With the individual's written authorization or other legal agreement, subject to certain exceptions Without the individual's authorization for treatment, payment and operations (TPO), subject to certain exceptions If allowed by state law, PHI may be disclosed to a child's parent or guardian. When using or disclosing PHI or when requesting PHI from a covered entity or business associate, you must make reasonable efforts to limit your use or disclosure as much as possible.
13 Reasonable Safeguards The Privacy Rule requires that you use reasonable safeguards to protect the confidentiality of PHI. Reasonable safeguards include Speaking softly when discussing PHI in public spaces, such as in a waiting rooms or in vehicles that are multi loaded Not using the name of the individual whose PHI is being discussed Reminding employees to keep PHI secure at their workstations, at fax machines and copiers, and in other public spaces Isolating and locking filing cabinets or anything else that contains PHI Equipping computers with password protected screensavers
14 The Security Rule HIPAA's Security Rule addresses the creation, receipt, maintenance and transmission of electronic PHI. This Rule applies equally to covered entities and business associates. The primary goals of the Security Rule are to Maintain the confidentiality of stored and transmitted electronic PHI Protect electronic PHI from unauthorized creation, modification and deletion Ensure that electronic PHI is available to authorized individuals or entities when needed The Security Rule sets out three types of security safeguards required for compliance: administrative, physical and technical safeguards.
15 Administrative Safeguards The Security Rule includes these administrative safeguards: Security Officer Designating a Security Officer to be responsible for the development and implementation of security policies Workforce Security Developing a plan for granting employees varying levels of access to PHI Contingency Plan Developing a plan for responding to system emergencies and natural disasters Business Associate Contracts Having contracts with business associates to protect the confidentiality of PHI Termination Procedures Implementing procedures to prevent a terminated employee from having access to confidential information
16 Physical Safeguards The Security Rule requires that you protect PHI from fire and environmental hazards, as well as from intrusion. Physical safeguards include Facility Access Controls Developing procedures that allow authorized access to places where PHI is kept but that deter intruders Workstation Use Developing procedures to handle PHI that is or may be displayed on computer screens Workstation Security Providing secured rooms, curtains, partitions, or user IDs and passwords for workstations on which PHI is processed Device and Media Controls Having procedures for the handling of computer hardware and software (such as laptops, cell phones, tablets, and media used with them), including proper disposal and storage
17 Technical Safeguards The Security Rule also requires that you implement certain technical safeguards for electronic PHI, including Access Controls Limiting access to PHI on a need to know basis, based on roles and context Audit Controls Recording and examining system activity to eliminate unnecessary access to PHI Person or Entity Authentication Using verification controls such as passwords, PIN numbers, biometrics, or tokens to ensure that those seeking access to PHI actually have authorization Transmission Security Protecting PHI during transmission over electronic networks, including encryption and protections such as firewalls, SSL/TLS protocol and S/MIME support
18 Handling PHI In line with those safeguards, please follow the following guidelines when handling member PHI: Access PHI only to the extent necessary to perform job related functions Destroy PHI once it is no longer needed in accordance with established recordmanagement policies and procedures Take steps to verify the proper receipt of transmitted PHI, whether by fax, phone, or e mail Secure work areas by keeping documents containing PHI in a locked cabinet and maintaining strong passwords on electronic systems Take special precautions while working in the field or at home to ensure that PHI is secured in laptop computers and briefcases
19 Security Breach The Security Rule distinguishes between secure and unsecure PHI. Secure PHI is information that is Protected by a technology or methodology specified by the government (the Health & Human Services Department, or HHS) Rendered "unusable, unreadable, or indecipherable" to unauthorized persons Shredded/destroyed so that it cannot be read or reconstructed If there is a security breach involving unsecured PHI, notice must be given to the affected individuals and, if the breach affects 500 or more individuals, to the government and the media. If you become aware of a security breach, please report it to your supervisor immediately. They must then report it to the transportation broker s HIPAA Compliance Officer.
20 PHI Rights of Individuals In addition to what has already been discussed, members have these rights over the use and disclosure of their PHI with respect to their health plans, which are covered entities: Covered entities must abide by an individual's request not to divulge PHI with his/her health plan for payment or healthcare operations if he/she is paying for the full service cost to which the PHI relates. Individuals are entitled to copies of any records that the covered entity keeps electronically Individuals have the right to request that a covered entity correct any inaccurate PHI Covered entities maintaining electronic health records must provide an accounting of all PHI disclosures made for treatment, payment and healthcare operations during the prior three years, upon the individual's request
21 Enforcement Failure to comply with HIPAA can lead to significant financial and other penalties, such as the following: Civil fines range from $100 to $50,000 for each violation up to $1.5 million per year Criminal penalties for a basic offense may include a fine of up to $50,000 and/or imprisonment for up to one year Criminal penalties for an offense committed under false pretenses may include a fine of up to $100,000 and/or imprisonment for up to five years Criminal penalties for an offense committed with the intent to use PHI for one's commercial advantage may include a fine of up to $250,000 and/or imprisonment for up to ten years
22 Enforcement (continued) Civil Fines The civil penalties for HIPAA violations are based on a tiered approach, depending on the type of violation: Fines for unintentional violations may be $100 per violation and up to $25,000 per year Fines for "reasonable cause" violations may be $1,000 per violation and up to $100,000 per year Fines for "willful neglect" (but rectified) violations may be $10,000 per violation and up to $250,000 per year Fines for "willful neglect" (and un rectified) violations may be $50,000 per violation and up to $1.5 million per year Civil penalties are now required for covered entities or business associates who are found to have made a "willful neglect" violation, such as failure to follow HIPAA policies and procedures, or failure to sufficiently train and supervise employees.
23 Quiz Which of the following is the best summary of one of HIPAA's primary purposes? 1. Keeping a business associate s information private 2. Keeping people s personal health information private 3. Keeping people safe from identity theft
24 Quiz Number 2 is the correct answer. One of HIPAA s primary purposes is safeguarding the privacy and security of personal healthcare information.
25 Quiz Which of these is the best reason to be sure you understand how HIPAA affects your day to day job responsibilities? 1. Violations of HIPAA can incur substantial penalties, including large fines and imprisonment. 2. Protecting the privacy of personal healthcare information aids the integrity of our healthcare system. 3. Both of the above.
26 Quiz Number 3 is the correct answer. Understanding how HIPAA affects your job responsibilities will help keep you and your organization compliant with HIPAA regulations and provides a valuable public service to all participants in our healthcare system.
27 Quiz Jane is a Medicare Advantage (Medicare Part C) member of Big Health Plan, a managed care organization. She called Big Health Plan s subcontracted NEMT broker to schedule a trip for her annual physical. The broker referred the trip to its subcontractor, Super Duper Transport, an NEMT provider, who called Jane the day before the trip to confirm. Is Jane s personal health information protected by HIPAA in this situation? 1. No, because the NEMT broker is not subject to HIPAA. 2. No, because the Super Duper Transport is not subject to HIPAA. 3. Yes, because both entities are subject to HIPAA.
28 Quiz Number 3 is the correct answer. Big Health Plan is a covered entity and both the NEMT broker and the NEMT provider are subject to HIPAA. The broker is Big Health Plan s business associate, and the transportation provider is the broker s business associate. All parties are covered by HIPAA s privacy and security rules.
29 Quiz Bob scheduled trips for appointments with his medical doctor on Monday, his chiropractor on Tuesday, his psychiatrist on Wednesday, a walk in clinic on Thursday, and his dentist on Friday. On what day(s) was Bob s personal health information unprotected by HIPAA? 1. Tuesday and Friday 2. Thursday 3. Wednesday and Monday 4. It was protected every day.
30 Quiz Number 4 is the correct answer. PHI includes information regarding any past, present, or future physical or mental health of an individual, which means that information about all of Bob s trips and doctor visits would be subject to HIPAA protection.
31 Quiz A news reporter called the hospital where a local celebrity has recently had knee surgery. The reporter told the receptionist that he needed some information for an important article and offers her a small fee for her assistance. What is the appropriate response from the receptionist. 1. No. HIPAA prohibits the release of that information. 2. Certainly. He s a celebrity and therefore a figure the public is entitled to hear about. 3. Perhaps, but I will need approval from the hospital administration.
32 Quiz Number 1 is the correct answer. Under HIPAA, the patient, whether a celebrity or not, may see his/her own medical chart, but this information must remain secure from unauthorized release or transmission to others, including reporters. The hospital may only release the information with the patient s written authorization.
HIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More information2016 Business Associate Workforce Member HIPAA Training Handbook
2016 Business Associate Workforce Member HIPAA Training Handbook Using the Training Handbook The material in this handbook is designed to deliver required initial, and/or annual HIPAA training for all
More informationHIPAA FUNDAMENTALS For Substance abuse Treatment Industry
HIPAA FUNDAMENTALS For Substance abuse Treatment Industry (c)firststepcounselingonline2014 1 At the conclusion of the course/unit/study the student will... ANALYZE THE EFFECTS OF TRANSFERING INFORMATION
More informationHIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA The Health Insurance Portability and Accountability Act of 1996 Results Physiotherapy s policy regarding privacy and security of protected health information (PHI) is a reflection of our commitment
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationThe HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: UPDATE 2015 February 20, 2015 I. Executive Summary HIPAA is a federal law passed by Congress to protect medical patient data privacy from misuse or disclosure
More informationHayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule
Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA
More informationHIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT
WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile
More informationEffective Date: 4/3/17
HIPAA AND HITECH ADM 067.4 Attachment D Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule Health Information Technology for Economic and Clinical Health (HITECH)
More informationHIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017
HIPAA & HITECH Privacy & Security Volunteer Annual Review 2017 HIPAA In 1996, state and federal governments enacted protection for patient health information by signing into law the Health Insurance Portability
More informationHIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.
HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure
More informationHIPAA Background and History
Agenda Jeffery P. Drummond Lawyers as HIPAA Business Associates: Ethical Obligations and Practical Tips for Compliance Dallas Bar Association January 17, 2018 Jamie Sorley An Overview of HIPAA The Privacy
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationHIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.
HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,
More information1 Security 101 for Covered Entities
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection
More informationAMA Practice Management Center, What you need to know about the new health privacy and security requirements
1. HIPAA Security Rule Johns, Merida L., Information Security, in Johns, Merida L. (ed.) Health Information Management Technology, an Applied Approach, AHIMA: Chicago, IL, 2nd ed. 2007, chapter 19, pp.
More informationHIPAA COMPLIANCE. for Small & Mid-Size Practices
HIPAA COMPLIANCE for Small & Mid-Size Practices Golden State Web Solutions 619.825.GSWS (4797) INTRODUCTION Most individuals reading this are interested in HIPAA, GSWS, or some combination of the two;
More informationDELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)
DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) Delhaize America, LLC Pharmacies and Welfare Benefit Plan 2013 Health Information Security and Procedures (As
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationAuditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees
Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees San Antonio IIA: I HEART AUDIT CONFERENCE February 24,
More informationHIPAA & The Medical Practice
HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule
More informationHIPAA / HITECH. Ed Massey Affiliated Marketing Group
HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More informationThe Privacy Rule. Health insurance Portability & Accountability Act
The Privacy Rule Health insurance Portability & Accountability Act Enacted on August 21, 1996 to amend the Internal Revenue Code of 1986 To improve portability and continuity of health insurance coverage
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationMarch 1. HIPAA Privacy Policy
March 1 HIPAA Privacy Policy 2016 1 PRIVACY POLICY STATEMENT Purpose: The following privacy policy is adopted by the Florida College System Risk Management Consortium (FCSRMC) Health Program and its member
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationMEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information
More informationACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT WITH THE DOCTORS CLINIC, PART OF FRANCISCAN MEDICAL GROUP
ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT WITH THE DOCTORS CLINIC, PART OF FRANCISCAN MEDICAL GROUP and THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between The Doctors
More informationHIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationWhat Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.
What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996. HIPAA stands for Health Insurance Portability and Accountability
More informationLEGAL ISSUES IN HEALTH IT SECURITY
LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson
More informationRegenstrief Center for Healthcare Engineering HIPAA Compliance Policy
Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Revised December 6, 2017 Table of Contents Statement of Policy 3 Reason for Policy 3 HIPAA Liaison 3 Individuals and Entities Affected
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationHIPAA Security How secure and compliant are you from this 5 letter word?
HIPAA Security How secure and compliant are you from this 5 letter word? January 29, 2014 www.prnadvisors.com 1 1 About me Over 20 Years in IT as hand-on leader Implemented EMR s of all sizes for Hospitals,
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE January 3, I. Executive Summary.
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE 2017 January 3, 2017 I. Executive Summary. The Health Insurance Portability and Accountability Act ( HIPAA ) is
More informationHIPAA Basic Training for Health & Welfare Plan Administrators
2010 Human Resources Seminar HIPAA Basic Training for Health & Welfare Plan Administrators Norbert F. Kugele What We re going to Cover Important basic concepts Who needs to worry about HIPAA? Complying
More informationHIPAA Privacy, Breach, & Security Rules
HIPAA Privacy, Breach, & Security Rules An Eagle Associates Presentation Eagle Associates, Inc. www.eagleassociates.net info@eagleassociates.net P.O. Box 1356 Ann Arbor, MI 48106 800-777-2337 Eagle Associates,
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationPreparing for a HIPAA Audit & Hot Topics in Health Care Reform
Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,
More informationTexas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300
Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas
More informationOMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS
OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT Effective Date: September 23, 2013 RECITALS WHEREAS a relationship exists between the Covered Entity and the Business Associate that performs certain functions
More informationHIPAA Service Description
PO Box 8021 Rancho Santa Fe California 92067 858.259.6204 tel 858.259.0309 fax www.practicalsecurity.com HIPAA Service Description February 2003 1 2 3 PSI HIPAA Services Offering The Department of Health
More informationEXCERPT. Do the Right Thing R1112 P1112
MD A n d e r s o n s S t a n d a r d s O f C o n d u c t: EXCERPT Do the Right Thing R1112 P1112 Privacy and Confidentiality At MD Anderson, we are committed to safeguarding the privacy of our patients
More informationHIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc
HIPAA Overview Health Insurance Portability and Accountability Act Premier Senior Marketing, Inc HIPAA Defined Acronym that stands for the Health Insurance Portability and Accountability Act, a US law
More informationGUIDE TO PATIENT PRIVACY AND SECURITY RULES
AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist
More informationHIPAA Field Training 2015
HIPAA Field Training 2015 Topic 1 Time to complete Topic 1 Overview Approximately 15 minutes Introduction/Objectives At the conclusion of this training module, you should have an understanding of the following:
More informationNOTIFICATION OF PRIVACY AND SECURITY BREACHES
NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally
More informationHIPAA and Lawyers: Your stakes have just been raised
HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory
More informationIt s as AWESOME as You Think It Is!
It s as AWESOME as You Think It Is! Fine Print This presentation and any materials and/or comments are training and educational in nature only. They do not establish an attorney-client relationship, are
More informationHIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia
HIPAA in the Digital Age Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia Virginia MGMA reminds attendees that the program is not intended to provide legal advice and advises participants
More informationDisclaimer LEGAL ISSUES IN PHYSICAL THERAPY
LEGAL ISSUES IN PHYSICAL THERAPY Paul J. Welk, PT, JD Tucker Arensberg, P.C. pwelk@tuckerlaw.com 2017 PHCA Annual Convention 1 Disclaimer The purpose of this presentation is to provide a general overview
More informationHIPAA Redux 2013 Kim Cavitt, AuD Audiology Resources, Inc. Expert e-seminar 4/29/2013. HIPAA Redux Presented by: Kim Cavitt, AuD
HIPAA Redux 2013 Presented by: Kim Cavitt, AuD Moderated by: Carolyn Smaka, Au.D., Editor-in-Chief, AudiologyOnline Expert e-seminar TECHNICAL SUPPORT Need technical support during event? Please contact
More informationHIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by
HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement
More informationHIPAA, Privacy, and Security Oh My!
2014 CliftonLarsonAllen LLP HIPAA, Privacy, and Security Oh My! Chad D. Kunze CPA Health Care Principal Phoenix, AZ CLAconnect.com Learning Objectives At the end of this learning session, you will be able
More informationHIPAA Privacy Overview
HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview
More informationHIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?
HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What
More informationConduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation
HIPAA UPDATE: WHY AND HOW YOU MUST COMPLY 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its long-awaited Omnibus Rule 2 implementing regulations required by the HITECH Act
More informationAROC 2015 HIPAA PRIVACY AND SECURITY RULES
AROC 2015 HIPAA PRIVACY AND SECURITY RULES Presented by: Robert A. Paster, Esq. Brach Eichler L.L.C. 101 Eisenhower Parkway Roseland, NJ 07068 973-403-3144 rpaster@bracheichler.com www.bracheichler.com
More information2. HIPAA was introduced in There are many facets to the law. Which includes the facets of HIPAA that have been implemented?
Chapter 9 Review Questions 1. What does Administrative Simplification include? Please mark all that apply. a. Privacy rule b. Code sets c. Security rule d. Electronic Transactions e. Identifiers f. Total
More informationHITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government
HITECH and HIPAA: Highlights for Health Departments Aimee Wall UNC School of Government When Congress enacted sweeping legislation in February designed to stimulate the nation s economy, it incorporated
More informationManagement Alert Final HIPAA Regulations Issued
Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,
More informationUniversity of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim)
Group Insurance Regulations Administrative Supplement No. 19 April 2003 University of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim) The University
More informationThe Audits are coming!
HIPAA and Meaningful Use (MU) Governmental Program Audits The Audits are coming! The Audits are coming! 1 Audit Readiness Meaningful Use and HIPAA Both CMS and the Office for Civil Rights (OCR) have been
More informationGeorgia Health Information Network, Inc. Georgia ConnectedCare Policies
Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Version History Effective Date: August 28, 2013 Revision Date: August 2014 Originating Work Unit: Health Information Technology Health
More informationHIPAA Enforcement Under the HITECH Act; The Gloves Come Off
HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are
More informationThe Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees
The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees 1 Who Needs Training? Employees who come in contact with Protected Health Information including: Benefits
More informationNMH HIPAA Privacy Training Version
NMH HIPAA Privacy Training 2017 Version Training Objectives To gain a better understanding of: The Notice of Privacy Practices Access Monitoring Keeping Customer Information Private Minimum Necessary Requirements
More information2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.
HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,
More informationHIPAA Security. ible. isions. Requirements, and their implementation. reader has
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHIPAA: Impact on Corporate Compliance
HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal
More informationCentral Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4
Table of Contents A. Introduction...1 1. Purpose...1 2. No Third Party Rights...1 3. Right to Amend without Notice...1 4. Definitions...1 B. Plan s General Policies...4 1. Plan s General Responsibilities...4
More informationHTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017
HIPAA Tool Kit 2017 Contents Introduction...1 About This Manual... 1 A Word About Covered Entities... 1 A Brief Refresher Course on HIPAA... 2 A Brief Update on HIPAA... 2 Progress Report... 4 Ongoing
More informationCompliance Fraud, Waste and Abuse HIPAA Privacy and Security
2017 Compliance Fraud, Waste and Abuse HIPAA Privacy and Security Table of Contents/Agenda Welcome to General Compliance Training for Providers! Training Objectives: Understand why you need Compliance
More informationHIPAA COMPLIANCE PLAN FOR OHIO EYE ASSOCIATES, INC.
HIPAA COMPLIANCE PLAN FOR OHIO EYE ASSOCIATES, INC. Adopted August 2016 PREPARED BY STACEY A. BOROWICZ, ESQ. DINSMORE & SHOHL LLP 614-227-4212 STACEY.BOROWICZ@DINSMORE.COM 10600677V1 75602.1 i OHIO EYE
More informationHIPAA Basics: IMPORTANT HIPAA CONCEPTS. What We re going to Cover. Training for Employee Benefits Staff
HIPAA Basics: Training for Employee Benefits Staff March 25, 2015 Norbert F. Kugele nkugele@wnj.com 616.752.2186 April A. Goff agoff@wnj.com 616.752.2154 What We re going to Cover Important HIPAA concepts
More informationAFTER THE OMNIBUS RULE
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member
More informationTrue or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)
Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent
More informationKey Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style
Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style July 27, 2016 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP hcarnell@mcguirewoods.com
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationHHS, Office for Civil Rights. IAPP October 11, 2012
HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities
More informationThe wait is over HHS releases final omnibus HIPAA privacy and security regulations
The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT DEFINITIONS Amend ~ to alter an existing document Civil ~ a type of legal case in which money damages can be awarded Code Set ~ combinations of numbers
More informationPrivacy Sleuths: Solving the Mystery of Wellness Program Privacy Compliance. Agenda. Health Data Exposure National Wellness Conference
Privacy Sleuths: Solving the Mystery of Wellness Program Privacy Compliance 2015 National Wellness Conference Barbara J. Zabawa, JD, MPH Center for Health Law Equity, LLC Agenda Health Data Exposure ADA,
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationCOUNTY SOCIAL SERVICES POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA
COUNTY SOCIAL SERVICES POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Recommended by ISP Committee of CSS on October 22 nd, 2014 Amended
More informationHIPAA Privacy and Security for Employers in the Age of Common Data Breaches. April 30, 2015
HIPAA Privacy and Security for Employers in the Age of Common Data Breaches April 30, 2015 HIPAA Privacy and Security for Employers in the Age of Common Data Breaches Welcome! We will begin at 3 p.m. Eastern
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationH E A L T H C A R E L A W U P D A T E
L O U I S V I L L E. K Y S E P T E M B E R 2 0 0 9 H E A L T H C A R E L A W U P D A T E L E X I N G T O N. K Y B O W L I N G G R E E N. K Y N E W A L B A N Y. I N N A S H V I L L E. T N M E M P H I S.
More informationCOMPLIANCE DEPARTMENT. LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT
COMPLIANCE DEPARTMENT LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT for COMPLIANCE, HIPAA PRIVACY, AND INFORMATION SECURITY SELF-STUDY GUIDE I hereby certify
More informationRISK TRACK. Privacy and Data Protection
RISK TRACK Privacy and Data Protection Presenters Marti Arvin Chief Compliance Officer UCLA Health Sciences Phone: 310-794-6763 MArvin@mednet.ucla.edu Marti Arvin is the Chief Compliance Officer for UCLA
More informationCROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF
CROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Update 2-17-2016 CROOK COUNTY RECORD OF CHANGES 2 TABLE OF CONTENTS Introduction HIPAA
More informationARRA s Amendments to HIPAA Privacy & Security Rules
ARRA s Amendments to HIPAA Privacy & Security Rules Georgina L. O Hara Jessica R. Bernanke April 29, 2009 www.morganlewis.com Amended HIPAA Privacy and Security Rules HIPAA Amendments are in The Health
More information