ARE YOU HIP WITH HIPAA?

Size: px
Start display at page:

Download "ARE YOU HIP WITH HIPAA?"

Transcription

1 ARE YOU HIP WITH HIPAA? Scott C. Thompson February 11, 2016

2 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined $1.7 million after USB drive containing ephi stolen. Covered entity fined $150,000 for using outdated, unsupported security software.

3 AGENDA HIPAA Security Rule Breaches Trigger Investigations and Other Ways HIPAA is Enforced HHS Investigation Examples Employer Responses Controlling Risk Under HIPAA

4 HIPAA SECURITY RULE It s Not Just Privacy 4

5 GENERAL RULE Ensure confidentiality, integrity, and availability of ephi created, received, maintained, or transmitted Protect against reasonably anticipated: Threats to ephi security and integrity Improper use or disclosure of ephi Ensure workforce compliance 5

6 WHAT SECURITY MEASURES TO USE Use security measures that reasonably and appropriately implement security standards In deciding what security measures to use, consider: Size, complexity, and capabilities of the covered entity Technical infrastructure, hardware, and software security capabilities Costs of security measures Probability and criticality of potential risks to ephi 6

7 SECURITY STANDARDS: REQUIRED / ADDRESSABLE Some security standards are required Some security standards are addressable Assess whether safeguard is reasonable and appropriate Likely contribution to protecting ephi If reasonable and appropriate, implement it If not, document why and implement an equivalent alternative, if it is reasonable and appropriate Review and modify security measures as needed to provide reasonable and appropriate protection of ephi Maintain / update documentation of security measures 7

8 ADMINISTRATIVE SAFEGUARDS Security Management Process Risk analysis Assess potential risks and vulnerabilities Risk management Implement security measures to reduce risks and vulnerabilities Sanction policy Sanction employees who fail to comply with security policies System activity review Regularly review records of information system activity Security Official Develop and implement security policies and procedures 8

9 ADMINISTRATIVE SAFEGUARDS Workforce Security Ensure appropriate access to ephi and prevent unauthorized access Authorization or supervision of employees who work with ephi or in locations where it may be accessed (Addressable) Workforce clearance procedure to access ephi (Addressable) Procedures for terminating access to ephi (Addressable) Information Access Management Access authorization (Addressable) Granting and modifying access (Addressable) 9

10 ADMINISTRATIVE SAFEGUARDS Security Awareness and Training Security awareness and training program for all employees including management Security reminders (Addressable) Protection from malicious software (Addressable) Log-in monitoring (Addressable) Password management (Addressable) Security Incident Procedures Identify and respond to suspected incidents Mitigate harmful effects Document incident and outcome 10

11 ADMINISTRATIVE SAFEGUARDS Contingency Plan Policies for emergency situations that damage systems containing ephi Data backup plan Disaster recovery plan Protection of ephi during emergency mode Testing and revision of contingency plans (Addressable) Applications and data criticality analysis (Addressable) Periodic Security Evaluations Periodic evaluation of compliance with Security Rule 11

12 PHYSICAL SAFEGUARDS Facility Access Controls Limit physical access to ephi systems Contingency operations (Addressable) Facility security plan (Addressable) Safeguard from authorized physical access, tampering, theft Access control / validation procedures (Addressable) Control and validate person s access based on their role Maintenance records (Addressable) Workstation Use and Security Polices regarding use of workstations that can access ephi Physical safeguards for such workstations 12

13 PHYSICAL SAFEGUARDS Device and media controls Disposal of ephi and hardware or media containing ephi Removal of ephi before reusing hardware or electronic media Tracking movements and possession of hardware and electronic media (Addressable) Data backup and storage before moving equipment (Addressable) 13

14 TECHNICAL SAFEGUARDS Access Control Unique user IDs Emergency access procedures Automatic logoff (Addressable) Encryption / decryption (Addressable) Audit Controls Record / examine activity on systems containing ephi Integrity of ephi Protect from improper alteration or destruction Authentication of ephi (Addressable) Authentication Verify person / entity attempting to access ephi Transmission Security Integrity controls (Addressable) Encryption (Addressable) 14

15 BREACHES TRIGGER INVESTIGATIONS And Other Ways HIPAA Is Enforced 15

16 ENFORCEMENT OF HIPAA Employer reports breach affecting over 500 individuals HHS investigates Employee complains to HHS HHS investigates HHS conducts random audit State attorney general files civil action on behalf of state residents Criminal penalties for knowing violations 16

17 HHS INVESTIGATION HHS notified: within 60 days of any breach affecting 500 or more individuals in a state or jurisdiction, and annually of breaches affecting fewer individuals HHS investigation triggered by: breach notifications employee complaints to HHS If investigation shows HIPAA compliance efforts are lacking, HHS may require a resolution agreement to resolve the violations Over 20 resolution agreements (which are public) with covered entities Resolution agreements include: Payment of settlement amount Compliance with a corrective action plan 17

18 CIVIL PENALTIES Knowledge or Intent of Violation Did not know, and by exercising reasonable diligence would not have known, that violated HIPAA $Amount Per Violation $100 - $50,000 Due to reasonable cause and not willful neglect $1,000 - $50,000 Due to willful neglect Corrected 30 days: $10,000 - $50,000 Not corrected 30 days: $50,000 Up to $1,500,000 for identical violations in a calendar year For continuing violations, a separate violation occurs each day the health plan is in violation of the provision No penalty if violation not due to willful neglect and corrected within 30 days or to the extent penalty would be excessive relative to the violation HHS has 6 years to assess penalty HHS can settle for reduced penalty through a resolution agreement 18

19 HHS CORRECTIVE ACTION PLAN Risk Assessment and Risk Management Program Policies and Procedures Submit P&P to HHS for approval Make changes to P&P requested by HHS Distribute HHS-approved P&P to employees who will have access to PHI Obtain employee certifications that they received, understand, and will abide by the P&P Ensure employee cannot access PHI until certification received Update P&P at least annually Training Train all employees with access to PHI on HHS-approved P&P Obtain employee certifications that they received the training Ensure employee cannot access PHI until certification received Update training at least annually May also require annual refresher training 19

20 HHS CORRECTIVE ACTION PLAN Ongoing Monitoring of HIPAA Compliance Privacy Officer or independent monitor Quarterly / semi-annual review may include: Assessment of compliance with the corrective action plan Random sampling of employees to assess familiarity and compliance with HIPAA P&P Audit of persons having access to ephi Audit of how ephi on portable devices is secured Additional Reporting to HHS Must report to HHS within 30 days any time an employee violates any HIPAA policy or procedure Annual / biannual report Copies of all training materials Schedule of training topics covered and length of each session Attestation by Privacy Officer that all employee certifications have been obtained 20

21 HHS AUDITS HITECH requires HHS to perform periodic audits of compliance with the HIPAA Privacy, Security, and Breach Notification Rules Pilot Audit Program In 2011 and 2012, 115 covered entities (47 health plans) audited under pilot audit program Types of Violations Only 11% had no violations Smallest covered entities struggled with all three HIPAA components 60% of all violations were security related 2/3 incomplete or inaccurate risk assessment Privacy Rule violations 44% - uses and disclosures 20% - notice of privacy practices Only 10% of violations were breach related 21

22 HHS AUDITS Causes of Violations Unaware of requirement Privacy Rule 35% Notice of Privacy Practices Access of Individuals Minimum Necessary Authorizations Security Rule 27% Risk Analysis Media Movement and Disposal Audit Controls and Monitoring Breach Notification 12% Insufficient resources Incomplete implementation 22

23 HHS AUDITS Second Round of Audits Beginning in 2016 Focus on: risk analysis and risk management (the Security Rule) content and timeliness of breach notifications (the Breach Notification Rule) notice of privacy practices and access rights (the Privacy Rule) Comprehensive audit protocol available Documents and information submitted may be subject to FOIA requests Label Confidential, redact, on-site review of highly sensitive documents 23

24 ATTORNEY GENERAL SUITS / CRIMINAL PENALTIES Lawsuits HITECH gave State Attorneys General the authority to bring civil actions and obtain damages on behalf of state residents for HIPAA violations Connecticut, Vermont, Massachusetts, Minnesota Damages = $100 per violation Criminal Penalties Criminal actions can be brought against any individual who wrongfully discloses PHI $50,000 fine and one year in prison for a knowing violation Up to a $250,000 fine and 10 years prison if the violation was for personal gain or maliciously 24

25 HHS INVESTIGATION EXAMPLES 25

26 HHS INVESTIGATION EXAMPLES Leased Copy Machine Affinity Health Plan, a not-for-profit managed care plan, impermissibly disclosed PHI when it returned copy machines to a leasing company without erasing the data contained on the copiers hard drives. Up to 344,579 individuals may have been affected Affinity also failed to include the leased copy machines in its HIPAA security risk assessment and failed to implement policies and procedures when returning the copiers to the leasing company Settlement: $1,215,780 and a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent and to take certain measures to safeguard all ephi 26

27 HHS INVESTIGATION EXAMPLES Stolen Unencrypted Laptop Concentra reported an unencrypted laptop containing ephi was stolen Concentra previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing ephi was a critical risk Although steps were taken to begin encryption, HHS found Concentra s efforts were incomplete and inconsistent over time leaving patient ephi vulnerable throughout the organization HHS further found Concentra had insufficient security management processes in place to safeguard patient information Settlement: $1,725,220 and corrective action plan 27

28 HHS INVESTIGATION EXAMPLES Unpatched Software Anchorage Community Mental Health Services (ACMHS) reported a breach affecting 2,743 individuals due to malware ACMHS had adopted sample Security Rule policies and procedures in 2005, but these were not followed HHS found the security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ephi on a regular basis, said OCR Director Jocelyn Samuels. This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks. Settlement: $150,000 and a corrective action plan that requires ACMHS to report on the state of its compliance to HHS for a two-year period 28

29 EMPLOYER RESPONSES 29

30 FULLY-INSURED PLANS HIPAA Employer s group health plan (i.e., as an entity separate from the insurance policy issuer) is also a covered entity subject to HIPAA breach notification requirements Plan could be liable if notifications are not made by the insurer Written confirmation from insurer that it will comply with any HIPAA breach notification requirements in accordance with HIPAA Evidence from insurer that all required notifications were properly made Document the incident in accordance with HIPAA breach policies and procedures State Law Receive written confirmation from the insurer that it will: analyze what state law notification requirements apply to the employer send all notifications required under state law in accordance with state law on the employer s behalf Request evidence from the insurer that all required notifications were properly made 30

31 SELF-FUNDED PLANS HIPAA Review HIPAA business associate agreements (BAAs) to determine if the plan has delegated responsibility to: Determine whether breach under HIPAA occurred Make any and all required notifications under HIPAA in accordance with HIPAA Request documentation of risk assessment, copies of notifications, and evidence that required notifications were made Document the incident in accordance with HIPAA breach policies and procedures State Law Receive written confirmation from the business associate that it will: analyze what state law notification requirements apply to the employer send all notifications required under state law in accordance with state law on the employer s behalf Request evidence from the insurer that all required notifications were properly made 31

32 CONTROLLING RISK UNDER HIPAA HIPAA Policies Aren t Just Ugly Paper-Weights 32

33 CONTROLLING RISK Controlling Risk = reducing the likelihood of: Data breach Penalties during HHS audit or investigation HIPAA Policies and Procedures For privacy and security Compliant and up-to-date (final omnibus HIPAA regulations) Notice of Privacy Practices Up-to-date Accurately reflects how the health plan uses and discloses PHI Distributed in the time and manner required by HIPAA Business Associate Agreements Revised for the final omnibus HIPAA regulations Adequate indemnification provisions (or in the services agreement) Reflect employer s intentions regarding delegation of breach notification responsibilities. BAAs are not boilerplate documents 33

34 CONTROLLING RISK Risk Assessment and Risk Management Plan Perform a security risk assessment Coordinate with IT department Implement risk management plan Federal government risk assessment tool: Training All members of the workforce who may have access to PHI How to handle PHI, especially minimum necessary and portable devices Insurance Coverage Adequate insurance coverage to cover losses from cyber-attacks and HIPAA violations 34

35 QUESTIONS?

HIPAA Compliance Guide

HIPAA Compliance Guide This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your

More information

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) Delhaize America, LLC Pharmacies and Welfare Benefit Plan 2013 Health Information Security and Procedures (As

More information

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia HIPAA in the Digital Age Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia Virginia MGMA reminds attendees that the program is not intended to provide legal advice and advises participants

More information

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group 855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 HIPAA Compliance Simplified Marc Haskelson, President Compliancy Group Agenda Why HIPAA? Common misunderstandings What is a Audit? Real World Stories

More information

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,

More information

8/30/2016 HIPAA: WHAT S CHANGED?

8/30/2016 HIPAA: WHAT S CHANGED? 104 HIPAA: WHAT S CHANGED? Marcia Brauchler, MPH, FACMPE CPC, CPC-H, CPC-I, CPHQ AOA September 7, 2016 9:00 10:00 a.m. All Rights Reserved. 1 TODAY S SESSION 1. A quick recap of HIPAA: then to now 2. Self-Assessment:

More information

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation HIPAA UPDATE: WHY AND HOW YOU MUST COMPLY 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its long-awaited Omnibus Rule 2 implementing regulations required by the HITECH Act

More information

HIPAA and Lawyers: Your stakes have just been raised

HIPAA and Lawyers: Your stakes have just been raised HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory

More information

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement

More information

LEGAL ISSUES IN HEALTH IT SECURITY

LEGAL ISSUES IN HEALTH IT SECURITY LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson

More information

1 Security 101 for Covered Entities

1 Security 101 for Covered Entities HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15) Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent

More information

HEALTHCARE BREACH TRIAGE

HEALTHCARE BREACH TRIAGE IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards

More information

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014. HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,

More information

HIPAA Basic Training for Health & Welfare Plan Administrators

HIPAA Basic Training for Health & Welfare Plan Administrators 2010 Human Resources Seminar HIPAA Basic Training for Health & Welfare Plan Administrators Norbert F. Kugele What We re going to Cover Important basic concepts Who needs to worry about HIPAA? Complying

More information

HIPAA Privacy & Security. Transportation Providers 2017

HIPAA Privacy & Security. Transportation Providers 2017 HIPAA Privacy & Security Transportation Providers 2017 HIPAA Privacy & Security As a non emergency medical transportation provider, you deal directly with Medicare and Medicaid Members healthcare information

More information

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style July 27, 2016 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP hcarnell@mcguirewoods.com

More information

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice

More information

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA

More information

HIPAA Background and History

HIPAA Background and History Agenda Jeffery P. Drummond Lawyers as HIPAA Business Associates: Ethical Obligations and Practical Tips for Compliance Dallas Bar Association January 17, 2018 Jamie Sorley An Overview of HIPAA The Privacy

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,

More information

Determining Whether You Are a Business Associate

Determining Whether You Are a Business Associate The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information

More information

March 1. HIPAA Privacy Policy

March 1. HIPAA Privacy Policy March 1 HIPAA Privacy Policy 2016 1 PRIVACY POLICY STATEMENT Purpose: The following privacy policy is adopted by the Florida College System Risk Management Consortium (FCSRMC) Health Program and its member

More information

HIPAA COMPLIANCE. for Small & Mid-Size Practices

HIPAA COMPLIANCE. for Small & Mid-Size Practices HIPAA COMPLIANCE for Small & Mid-Size Practices Golden State Web Solutions 619.825.GSWS (4797) INTRODUCTION Most individuals reading this are interested in HIPAA, GSWS, or some combination of the two;

More information

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

"HIPAA RULES AND COMPLIANCE"

HIPAA RULES AND COMPLIANCE PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS

More information

HIPAA: Impact on Corporate Compliance

HIPAA: Impact on Corporate Compliance HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal

More information

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA ALLISON SHUREN, J D, MSN Financial Disclosure Gerald Meltzer is a consultant for imedicware Allison Shuren co-chairs the Life Sciences and Healthcare Regulatory

More information

HIPAA Privacy, Breach, & Security Rules

HIPAA Privacy, Breach, & Security Rules HIPAA Privacy, Breach, & Security Rules An Eagle Associates Presentation Eagle Associates, Inc. www.eagleassociates.net info@eagleassociates.net P.O. Box 1356 Ann Arbor, MI 48106 800-777-2337 Eagle Associates,

More information

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com

More information

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA The Health Insurance Portability and Accountability Act of 1996 HIPAA The Health Insurance Portability and Accountability Act of 1996 Results Physiotherapy s policy regarding privacy and security of protected health information (PHI) is a reflection of our commitment

More information

4/15/2016. What we strive for. Reality

4/15/2016. What we strive for. Reality If You Think Your HIPAA Program s Rockin, Wait Until OCR Comes a Knockin : A Preview of the OCR s HIPAA Audit Plan What we strive for Reality 1 Background The HITECH Act requires the DHHS to conduct audits

More information

HIPAA, Privacy, and Security Oh My!

HIPAA, Privacy, and Security Oh My! 2014 CliftonLarsonAllen LLP HIPAA, Privacy, and Security Oh My! Chad D. Kunze CPA Health Care Principal Phoenix, AZ CLAconnect.com Learning Objectives At the end of this learning session, you will be able

More information

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are

More information

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment

More information

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees San Antonio IIA: I HEART AUDIT CONFERENCE February 24,

More information

AFTER THE OMNIBUS RULE

AFTER THE OMNIBUS RULE AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member

More information

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

NOTIFICATION OF PRIVACY AND SECURITY BREACHES NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally

More information

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability

More information

HIPAA Privacy and Security for Employers in the Age of Common Data Breaches. April 30, 2015

HIPAA Privacy and Security for Employers in the Age of Common Data Breaches. April 30, 2015 HIPAA Privacy and Security for Employers in the Age of Common Data Breaches April 30, 2015 HIPAA Privacy and Security for Employers in the Age of Common Data Breaches Welcome! We will begin at 3 p.m. Eastern

More information

Business Associate Risk

Business Associate Risk Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation

More information

2016 Business Associate Workforce Member HIPAA Training Handbook

2016 Business Associate Workforce Member HIPAA Training Handbook 2016 Business Associate Workforce Member HIPAA Training Handbook Using the Training Handbook The material in this handbook is designed to deliver required initial, and/or annual HIPAA training for all

More information

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013 HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable

More information

503 SURVIVING A HIPAA BREACH INVESTIGATION

503 SURVIVING A HIPAA BREACH INVESTIGATION 503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented

More information

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA / HITECH. Ed Massey Affiliated Marketing Group HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health

More information

HIPAA Service Description

HIPAA Service Description PO Box 8021 Rancho Santa Fe California 92067 858.259.6204 tel 858.259.0309 fax www.practicalsecurity.com HIPAA Service Description February 2003 1 2 3 PSI HIPAA Services Offering The Department of Health

More information

HIPAA Privacy and Security Rules

HIPAA Privacy and Security Rules HIPAA Privacy and Security Rules HIPAA Compliance Bootcamp (5/16) This presentation is similar to any other legal education materials designed to provide general information on pertinent legal topics.

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205) HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information

More information

HIPAA Compliance Under the Magnifying Glass

HIPAA Compliance Under the Magnifying Glass HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information

More information

To: Our Clients and Friends January 25, 2013

To: Our Clients and Friends January 25, 2013 Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health

More information

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker Safeguarding Your HIPAA and Personal Health Information Data Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker 1 Overview» Patient information confidentiality Grant requirements

More information

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

AMA Practice Management Center, What you need to know about the new health privacy and security requirements 1. HIPAA Security Rule Johns, Merida L., Information Security, in Johns, Merida L. (ed.) Health Information Management Technology, an Applied Approach, AHIMA: Chicago, IL, 2nd ed. 2007, chapter 19, pp.

More information

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: UPDATE 2015 February 20, 2015 I. Executive Summary HIPAA is a federal law passed by Congress to protect medical patient data privacy from misuse or disclosure

More information

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT Effective Date: September 23, 2013 RECITALS WHEREAS a relationship exists between the Covered Entity and the Business Associate that performs certain functions

More information

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017 HIPAA Tool Kit 2017 Contents Introduction...1 About This Manual... 1 A Word About Covered Entities... 1 A Brief Refresher Course on HIPAA... 2 A Brief Update on HIPAA... 2 Progress Report... 4 Ongoing

More information

HIPAA Security. ible. isions. Requirements, and their implementation. reader has

HIPAA Security. ible. isions. Requirements, and their implementation. reader has HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Effective Date: 4/3/17

Effective Date: 4/3/17 HIPAA AND HITECH ADM 067.4 Attachment D Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule Health Information Technology for Economic and Clinical Health (HITECH)

More information

Privacy Rule - Complaint Investigations

Privacy Rule - Complaint Investigations Update on Enforcement of the HIPAA Privacy and Security Rules Marilou King, JD Office for Civil Rights U.S. Department of Heath and Human Services www.hcca-info.org 888-580-8373 Privacy Rule - Complaint

More information

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know 1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013

More information

HIPAA Security How secure and compliant are you from this 5 letter word?

HIPAA Security How secure and compliant are you from this 5 letter word? HIPAA Security How secure and compliant are you from this 5 letter word? January 29, 2014 www.prnadvisors.com 1 1 About me Over 20 Years in IT as hand-on leader Implemented EMR s of all sizes for Hospitals,

More information

HIPAA Privacy and Security Rules: Overview and Update HIPAA. Health Insurance Portability and Accountability Act ( HIPAA )

HIPAA Privacy and Security Rules: Overview and Update HIPAA. Health Insurance Portability and Accountability Act ( HIPAA ) HIPAA Privacy and Security Rules: Overview and Update HIPAA IHCA Convention (7/16) This presentation is similar to any other legal education materials designed to provide general information on pertinent

More information

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas

More information

The Audits are coming!

The Audits are coming! HIPAA and Meaningful Use (MU) Governmental Program Audits The Audits are coming! The Audits are coming! 1 Audit Readiness Meaningful Use and HIPAA Both CMS and the Office for Civil Rights (OCR) have been

More information

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure

More information

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available   group. Industry leading Education Certified Partner Program Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Past webinars and recordings http://compliancy- group.com/webinar/

More information

SECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations

SECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations ! SECURITY POLICY This Security Policy ( Policy ) applies to all Services provided by Collective Medical Technologies, Inc. ( CMT ) pursuant to a Master Subscription Agreement ( Underlying Agreement )

More information

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Revised December 6, 2017 Table of Contents Statement of Policy 3 Reason for Policy 3 HIPAA Liaison 3 Individuals and Entities Affected

More information

Eastern Iowa Mental Health and Disability Services. HIPAA Policies and Procedures Manual

Eastern Iowa Mental Health and Disability Services. HIPAA Policies and Procedures Manual Eastern Iowa Mental Health and Disability Services HIPAA Policies and Procedures Manual This HIPAA Master Manual has been reviewed, accepted and approved by: Eastern Iowa MH/DS Region Governing Board of

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection

More information

March 1. HIPAA Privacy Policy. This document includes: HIPAA Privacy Policy Statement, HIPAA Manual and HIPAA Forms

March 1. HIPAA Privacy Policy. This document includes: HIPAA Privacy Policy Statement, HIPAA Manual and HIPAA Forms March 1 2016 HIPAA Privacy Policy This document includes: HIPAA Privacy Policy Statement, HIPAA Manual and HIPAA Forms 1 Table of Contents PRIVACY POLICY STATEMENT... 3 HIPAA PROCEDURES MANUAL... 10 ACCESS

More information

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates March 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy E.

More information

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT DEFINITIONS Amend ~ to alter an existing document Civil ~ a type of legal case in which money damages can be awarded Code Set ~ combinations of numbers

More information

NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE

NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance

More information

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know? HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS What do I need to know? INITIAL AUDITS PERFORMED IN 2016 Covered Entities Business associates AUDIT PURPOSE: SUPPORT IMPROVED COMPLIANCE

More information

HIPAA Privacy and Security Breaches 10 Things To Know

HIPAA Privacy and Security Breaches 10 Things To Know HEALTHCON 2016 HIPAA Privacy and Security Breaches 10 Things To Know Orlando April 11, 2016 Presented by Paul R. Hales, J.D. April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales,

More information

Getting a Grip on HIPAA

Getting a Grip on HIPAA Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy

More information

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement

More information

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional) HIPAA Infection Control OSHA Dental Practice Act HIPAA What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional) In the dental field since 1972, Leslie

More information

HIPAA COMPLIANCE PLAN FOR OHIO EYE ASSOCIATES, INC.

HIPAA COMPLIANCE PLAN FOR OHIO EYE ASSOCIATES, INC. HIPAA COMPLIANCE PLAN FOR OHIO EYE ASSOCIATES, INC. Adopted August 2016 PREPARED BY STACEY A. BOROWICZ, ESQ. DINSMORE & SHOHL LLP 614-227-4212 STACEY.BOROWICZ@DINSMORE.COM 10600677V1 75602.1 i OHIO EYE

More information

Meaningful Use Requirement for HIPAA Security Risk Assessment

Meaningful Use Requirement for HIPAA Security Risk Assessment Meaningful Use Requirement for HIPAA Security Risk Assessment The MU attestation requirement does not state that any gaps must be resolved prior to meaningful use attestation. Mary Sirois, MBA, PT, CPHIMSS

More information

HIPAA Privacy Overview

HIPAA Privacy Overview HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview

More information

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background

More information

March 29, 2018 Key Principles in HIPAA Compliance

March 29, 2018 Key Principles in HIPAA Compliance March 29, 2018 Key Principles in HIPAA Compliance Presented by Benefit Comply Welcome! We will begin at 3 p.m. Eastern There will be no sound until we begin the webinar. When we begin, you can listen to

More information

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V. HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,

More information

HIPAA PRIVACY COMPLIANCE MANUAL DISCLAIMER

HIPAA PRIVACY COMPLIANCE MANUAL DISCLAIMER HIPAA PRIVACY COMPLIANCE MANUAL Format Note This document is in Word. Set the font at Times New Roman and the font size at 12 to have page numbers match the Table of Contents. DISCLAIMER This manual is

More information

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile

More information

The Privacy Rule. Health insurance Portability & Accountability Act

The Privacy Rule. Health insurance Portability & Accountability Act The Privacy Rule Health insurance Portability & Accountability Act Enacted on August 21, 1996 to amend the Internal Revenue Code of 1986 To improve portability and continuity of health insurance coverage

More information

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013! Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,

More information

What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers?

What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers? Visit our Practice Group blog: www.workplaceprivacycounsel.com What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers? Philip L. Gordon, Esq. Littler Mendelson,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS This HIPAA Business Associate Agreement ( BAA ) is entered into on this day of, 20 ( Effective Date ), by and between Allscripts

More information

Future of Healthcare in Washington April 2, Christiansen IT Law

Future of Healthcare in Washington April 2, Christiansen IT Law An Ounce (or More) of Prevention: Getting Ready for OCR Breach Notification and Regulatory Investigations. Future of Healthcare in Washington April 2, 2014 Presenter CV John R. Christiansen, J.D. - Christiansen

More information

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy

More information

Managing Information Privacy & Security in Healthcare. The HIPAA Security Rule in Plain English 1. By Kristen Sostrom and Jeff Collmann Ph.

Managing Information Privacy & Security in Healthcare. The HIPAA Security Rule in Plain English 1. By Kristen Sostrom and Jeff Collmann Ph. Managing Information Privacy & Security in Healthcare The HIPAA Security Rule in Plain English 1 By Kristen Sostrom and Jeff Collmann Ph.D This document includes a Plain English explanation for the general

More information

Outline. Outline. What is HIPAA? I. What is HIPAA? II. Why Should You Care? III. What Should You Do Now? I. What is HIPAA? II. Why Should You Care?

Outline. Outline. What is HIPAA? I. What is HIPAA? II. Why Should You Care? III. What Should You Do Now? I. What is HIPAA? II. Why Should You Care? 1 Outline Florida Society of Dermatologic Surgeons September 19, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. What is HIPAA? II. Why Should You Care? A. B. Regulatory

More information

HIPAA Basics: IMPORTANT HIPAA CONCEPTS. What We re going to Cover. Training for Employee Benefits Staff

HIPAA Basics: IMPORTANT HIPAA CONCEPTS. What We re going to Cover. Training for Employee Benefits Staff HIPAA Basics: Training for Employee Benefits Staff March 25, 2015 Norbert F. Kugele nkugele@wnj.com 616.752.2186 April A. Goff agoff@wnj.com 616.752.2154 What We re going to Cover Important HIPAA concepts

More information

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY LEGAL ISSUES IN PHYSICAL THERAPY Paul J. Welk, PT, JD Tucker Arensberg, P.C. pwelk@tuckerlaw.com 2017 PHCA Annual Convention 1 Disclaimer The purpose of this presentation is to provide a general overview

More information

"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA

HIPAA FOR LAW FIRMS WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA "HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA Jeanne M. Born, RN, JD SOUTH CAROLINA ASSOCIATION OF LEGAL ADMINISTRATORS THURSDAY, APRIL 14, 2016 Jborn@nexsenpruet.com What Every Law

More information

H 7789 S T A T E O F R H O D E I S L A N D

H 7789 S T A T E O F R H O D E I S L A N D ======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives

More information