It s as AWESOME as You Think It Is!
|
|
- Doris Gibson
- 5 years ago
- Views:
Transcription
1
2 It s as AWESOME as You Think It Is!
3 Fine Print This presentation and any materials and/or comments are training and educational in nature only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. No comment or statement in this presentation or the accompanying materials is to be construed as an admission. The presenter reserves the right to qualify or retract any of these statements at any time. Likewise, the context is not tailored to any particular situation and does not necessarily address all relevant issues or necessarily reflect the current state of the law in any particular jurisdiction or circumstance as of the time of the presentation. Parties participating in the presentation or accessing of these materials should engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique situation. 3
4 Roadmap HIPAA Basics What is HIPAA? Who must comply? PHI, CEs, and BAs What is Allowed? Individual Rights TPO and non-tpo uses Improper Disclosures Breach vs. Non-breach Penalties for violations Audits 4
5 What Is HIPAA? Federal law concerning health information and health insurance coverage Passed in 1996, amended several times Focus of this training: HIPAA rules for Privacy of Protected Health Information (PHI)
6 HIPAA Privacy: This training focuses on the HIPAA Privacy Rule. The Privacy Rule provides federal protections for PHI, giving patients an array of rights with respect to that information, and imposing responsibilities on Covered Entities and Business Associates to protect it. PHI:
7 Who must comply? Covered Entities (CEs): places where PHI is generated: Medical Providers Health Insurance Plans AND Business Associates (BAs): individuals and companies that use, access, or store PHI on behalf of Covered Entities: Healthcare Clearing houses for billing, claims, etc. Insurance Companies and TPAs Vendors of Covered Entities that have access to PHI
8 What is allowed? CEs and BAs may access, use, disclose, and store PHI in two ways: -Without permission, but only in certain ways; or -With permission, but only as allowed by the individual Rules are the same for CEs and Bas Handling PHI in violation of the rules is a BIG deal (as in: it could cost MILLIONS of dollars in fines) -Penalties in this range are handed out regularly (discussed later)
9 Protected Health Information (PHI) PHI is any information held by a covered entity (or their business associates) which concerns health status, provision of health care, or payment for health care that can be linked to an individual. Think of it as a math equation: Identifying Info (Identifiers) + Health Info = PHI
10 EEOC Definition: Names Address Date of Birth Date of Service Date of Death Telephone # Fax # Addresses Vehicle Identifiers Device Identifiers Full face photographic images Social Security # Medical Record # Health Plan Beneficiary # Account # Certificate/License Number Web URLs of personal websites Internet Protocol address numbers Biometric identifiers (fingerprints) Any of these connected to health information is PHI.
11 HIPAA Equation Examples (Any Combo = PHI) Names Address Provider Social Security # Employee ID# Patient Account# DOB + Diagnosis Codes CPT Codes DOS Date of Death Eligibility Name of Provider Doctors Notes Genetic Information
12 Common Locations of PHI Medical Records Claims Network Pricing Insurance Billing/Reports s (internal/external) FTP sites Hard Drives Faxes Laptops Thumb drives EOBs Cell phones
13 Individual Rights Under HIPAA Individuals have several rights with regard to their PHI under HIPAA, including: Access to PHI Amending inaccurate PHI Receiving a Notice of Privacy Practices Receiving an accounting of disclosures Restricting access to PHI Confidential communications to them and to others regarding their PHI
14 Handling PHI Without Permission: TPO A CE or BA may access, use, disclose, or store PHI without permission discloses for the purposes of Treatment, Payment, or Healthcare Operations (TPO): Treatment: PHI used for the care of the individual, such as done by healthcare providers Payment: PHI used to pay for treatment, such as done by providers, insurers, employer health plans, clearinghouses, and TPAs for paying claims, coordination of benefits, case management, pre-certification of medical procedures, and processing medical claims Operations: PHI used to manage healthcare, such as underwriting, medical review, legal and auditing services (i.e. fraud and abuse detection and compliance programs), and cost management
15 Typical TPO Recipients When disclosing PHI for TPO reasons, the recipients are usually one of the following: Providers, and their internal staff Other providers caring for an individual Providers BAs (e.g., clearinghouses, facilities, etc.) Insurance companies and other payers Health Plans, and their BAs (e.g., Brokers, TPAs, Networks, UR Vendors, PBMs, etc.) Parents of minor children If you disclose PHI without written permission to someone not on this list, it s probably a violation of HIPAA!!
16 Unusual & Rare: No Permission & No TPO In some limited circumstances, HIPAA also permits access, use, and disclosure of PHI without permission of the individual to certain recipients without a TPO purpose, such as: For law enforcement purposes (i.e. warrants, subpoenas, etc.) For surviving family of the deceased (i.e. funeral arrangements) For medical research (strict guidelines apply) As required by Law (i.e. statute, regulations, court orders) For public health activities (e.g. FDA, CDC, etc.) For protection of victims of abuse, neglect of domestic violence (disclosure to government officials). DO NOT disclose PHI without permission for any non-tpo reason without consulting with a supervisor first!
17 Handling PHI With Permission: The Authorization HIPAA permits access, use, and disclosure of PHI with permission of the individual, but only as the individual instructs. ALWAYS get an Authorization Form signed by the individual before disclosing PHI: -For any non-tpo reason -To any non-authorized representative (e.g., a lawyer of the individual; someone who claims to have power of attorney; insurance adjuster; etc.) -In the form of psychiatric notes. Authorization forms must contain the following: -Name of individual whose PHI is to be released -Who the PHI be given to -What entity is releasing the PHI -Type of PHI -Purpose of release -Permission termination date or event
18 Authorized Representatives In some cases, individuals may appoint (or have appointed for them by the law or a court) a person to receive and control the individual s PHI on their behalf. The following can be personal representatives: Parents of Minor Children Guardian of child or incapacitated adult (must have court order) Medical (aka, healthcare) power of attorney (a general or durable POA is NOT enough) Executor of Estate (must have court documents) An authorized representative can do anything the individual could do with the individual s PHI.
19 Minimum Necessary Rule CEs and BAs must use, access, disclose, and store only the minimum amount of PHI necessary to accomplish the purpose, regardless of either: whether PHI is used, accessed, disclosed, or stored with or without permission, or the purpose of the use, access, disclosure, or storage.
20 Notice of Privacy Practices Providers and health insurance plans must distribute a Notice of Privacy Practices to patients/participants. The Notice of Privacy Practices must: Describe the uses of PHI, and Individuals rights regarding their PHI, including where to file a complaint
21 Health Insurance Plan Doc If you have a health insurance plan for your employees, the Plan Document must contain language that imposes restrictions on the plan sponsor s (i.e. your) use and disclosure of PHI. For example: you cannot use PHI for employment purposes, such as hiring/firing decisions
22 Improper Disclosure Any disclosure of PHI not allowed by HIPAA is improper. There are 2 types of improper disclosures of PHI: Breaches everything else. Breaches are a specific type of improper disclosure, and they are REALLY BAD. Breaches lead to notices, fines, and even criminal penalties.
23 Improper Disclosure Disclosures of PHI not allowed by HIPAA must be classified as Breaches or Non-breaches. As a result, in the event of an improper disclosure, CEs and BAs are required by HIPAA to: investigate, document, and in some cases, give notice to individuals affected.
24 Improper Disclosure: The Investigation All improper disclosures are presumed to be Breaches until the CE/BA demonstrates there is a low probability that PHI has been compromised. Whether there is a low probability of compromise is based on a risk assessment the CE/BA performs that considers at least the following factors: the nature and extent of PHI involved, including the likelihood of re-identification; the unauthorized person who used PHI or to whom the disclosure was made; whether PHI was actually acquired or viewed; and the extent to which the risk to PHI has been mitigated. ALL RISK ASSESSMENTS MUST BE DOCUMENTED!
25 Improper Disclosure: The Investigation All improper disclosures must be investigated and documented BAs must notify their CE of all improper disclosures, including a copy of the risk assessment CEs and BAs must keep a log of disclosures for 6 years, and provide the log and the documentation to individuals or federal government upon request
26 The New HIPAA Regs Final Rules issued in January 2013; compliance required by September 23, 2013 CEs are directly responsible for any Breaches by their BAs, regardless of whether the CE was at fault, or even knew about it Penalties for violations have increased exponentially, and the HIPAA police (Office of Civil Rights, or OCR) fund their budget in large part with fines they give out Two Words: Leon Rodriguez
27 Penalties for Violation of HIPAA Type of Violation Range of Fines per Incident Maximum Fines per Year Reasonable Diligence (i.e., in compliance, didn t know about violation, and no reason you should have known about it) $100 - $50,000 $1.5 million Reasonable Cause (i.e., in compliance, but made reasonable mistakes leading to violation) Willful Neglect Corrected (i.e., not in compliance, but fixed it after the fact) Willful Neglect Uncorrected (i.e., not in compliance, and did not bother fixing it after the fact) $ $50,000 $10,000 - $50,000 $50,000 $1.5 million $1.5 million $1.5 million
28 Criminal Penalties Individuals can now go to jail for willfully violating HIPAA. The penalties are: Knowingly disclosing = 1 year prison Using False pretenses to obtain PHI = 5 years Disclosing for marketing purposes = 10 years
29 Breach Notification to Affected Individuals If an improper disclosure is a Breach, the individuals affected must be notified by the CE or BA. If the Breach includes 500 or more individuals, the CE or BA must: Notify the OCR; and Notify a prominent media outlet (i.e. TV, internet, newspaper, etc.), to extend the reach of the notice to affected individuals YOU DO NOT WANT TO BE ON THE NEWS FOR VIOLATING HIPAA!
30 OCR Audits The OCR has received Federal money to perform LOTS of audits The OCR funds part of its budget from fines it collects Assume you will be audited, and act accordingly I m excited to meet you! BWAAHAHAHA!
31 It s as AWESOME as You Think It Is!
32
THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES
THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES Effective: November 8, 2012 Terms used, but not otherwise defined, in this Policy and Procedure have
More informationNOTIFICATION OF PRIVACY AND SECURITY BREACHES
NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationEffective Date: 4/3/17
HIPAA AND HITECH ADM 067.4 Attachment D Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule Health Information Technology for Economic and Clinical Health (HITECH)
More informationHayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule
Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA
More informationCROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF
CROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Update 2-17-2016 CROOK COUNTY RECORD OF CHANGES 2 TABLE OF CONTENTS Introduction HIPAA
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationHIPAA Privacy Overview
HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview
More informationHIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES
SALISH BHO HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES Policy Name: BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date:
More informationHILLSBOROUGH COUNTY HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) PROCEDURES
HILLSBOROUGH COUNTY HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) PROCEDURES July 1, 2017 Table of Contents Section 1 - Statement of Commitment to Compliance... 3 Section 2 General Guidelines
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationHIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE Policy Preamble This privacy policy ( Policy ) is designed to
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA OMNIBUS FINAL RULE HITECH GINA TERMINOLOGY OMNIBUS FINAL RULE Issued January 23, 2013 Effective March 26, 2013 Modified HIPAA privacy and security
More informationHIPAA Compliance Under the Magnifying Glass
HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationFirst Name: Middle Name: Last Name: Preferred Name: Address: City: State: Zip: Mother s First & Last Name: Mother s Home Phone: Mother s Work Phone:
Patient Information First Name: Middle Name: Last Name: Date of Birth: Gender: M F Preferred Name: Address: City: State: Zip: Contact Information Mother s First & Last Name: Mother s Address (If different
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationHITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013
HITECH/HIPAA Omnibus Final Rule: Implications for Hospices Elizabeth S. Warren May 3, 2013 Final Rule is Finally Here Published January 25, 2013 (78 Fed. Reg. 5566) Effective March 26, 2013 Compliance
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More informationCREEKSIDE DENTAL REGISTRATION FORM. Please Print PATIENT INFORMATION. Patient s Last Name: First: Middle:
Today s date CREEKSIDE DENTAL REGISTRATION FORM Please Print PATIENT INFORMATION Patient s Last Name: First: Middle: Home Phone #: Work #: Cell #: Email Address: Street Address: City: State: Zip Code:
More informationINDEPENDENCE BLUE CROSS LONG TERM CARE PROGRAM NOTICE OF PRIVACY PRACTICES
INDEPENDENCE BLUE CROSS LONG TERM CARE PROGRAM NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION
More informationHIPAA Data Breach ITPC
HIPAA Data Breach Objectives Overview of Omnibus Rule - Data Breach Suspected Breach - Investigation Audit Risk Assessment Corrective Action Plan Written Notification Elements NYS Rules on Data Breach
More informationHIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards
HIPAA Insurance Portability Act HIPAA HIPAA Privacy Rule - Education Module for Institutional Review Boards The HIPAA Privacy Rule protects the privacy and security of an individual s health information
More informationHIPAA & The Medical Practice
HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,
More informationHIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school
ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes
More informationNon-Union. Health Plan Notices IMPORTANT NOTICE
Non-Union 2015 Health Plan Notices IMPORTANT NOTICE This packet of notices related to our health care plan includes a notice regarding how the plan s prescription drug coverage compares to Medicare Part
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More informationHIPAA Privacy & Security. Transportation Providers 2017
HIPAA Privacy & Security Transportation Providers 2017 HIPAA Privacy & Security As a non emergency medical transportation provider, you deal directly with Medicare and Medicaid Members healthcare information
More informationHIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102a What You Don t Know About HIPAA Privacy and Security Can Really Hurt You! Revision 2015 Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) About Myself - Jack Kolk, CEO
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT COVERED PERSONS MAY BE USED AND DISCLOSED AND HOW COVERED PERSONS CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationHIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules
HIPAA Compliance PART I: HHS Final Omnibus HIPAA Rules Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com February 6, 2013 www.securityprivacyandthelaw.com HIPAA Compliance: PART I 1 Finally!
More informationOttawa Children s Dentistry
Ottawa Children s Dentistry 1704 Polaris Circle, Ottawa, IL 61350 (815) 434-6447 www.ottawachildrensdentistry.com HIPAA Notice of Privacy Practices Effective Date: August 1, 2016 THIS NOTICE DESCRIBES
More information[Name of Organization] HIPAA Incident/Breach Investigation Procedure 4
Addendum II [Name of Organization] HIPAA Incident/Breach Investigation Procedure 4 I. Purpose To distinguish between (1) cases in which our HIPAA policy was not correctly followed but such violation did
More informationHIPAA COMPLIANCE. for Small & Mid-Size Practices
HIPAA COMPLIANCE for Small & Mid-Size Practices Golden State Web Solutions 619.825.GSWS (4797) INTRODUCTION Most individuals reading this are interested in HIPAA, GSWS, or some combination of the two;
More informationNotice of Privacy Practices Linn County Employee Health Care and Health Related Benefits Programs
Notice of Privacy Practices Linn County Employee Health Care and Health Related Benefits Programs THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationHIPAA: Impact on Corporate Compliance
HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal
More informationTo: Our Clients and Friends January 25, 2013
Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health
More informationKay Concrete Materials, Inc.
Kay Concrete Materials, Inc. Protecting Your Health Information Privacy Rights April 18 th, 2016 Kay Concrete Materials, Inc. is committed to the privacy of your health information. The Company uses strict
More informationUAMS ADMINISTRATIVE GUIDE NUMBER: 2.1
UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1.12 DATE: 04/01/2003 REVISION: 3/1/2004; 12/28/2010; 01/02/2013 PAGE: 1 of 18 SECTION: HIPAA AREA: HIPAA PRIVACY/SECURITY POLICIES SUBJECT: HIPAA RESEARCH POLICY PURPOSE
More informationUniversity of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim)
Group Insurance Regulations Administrative Supplement No. 19 April 2003 University of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim) The University
More informationCOUNTY SOCIAL SERVICES POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA
COUNTY SOCIAL SERVICES POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Recommended by ISP Committee of CSS on October 22 nd, 2014 Amended
More informationHIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.
HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure
More informationHIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT DEFINITIONS Amend ~ to alter an existing document Civil ~ a type of legal case in which money damages can be awarded Code Set ~ combinations of numbers
More informationSUMMARY OF PRIVACY PRACTICES
SUMMARY OF PRIVACY PRACTICES This Summary of Privacy Practices summarizes how medical information about you may be used and disclosed by the Plan or others in the administration of your claims, and certain
More informationHITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government
HITECH and HIPAA: Highlights for Health Departments Aimee Wall UNC School of Government When Congress enacted sweeping legislation in February designed to stimulate the nation s economy, it incorporated
More informationNOTICE OF PRIVACY PRACTICES. EyeMed Vision Care, LLC ( EyeMed )
NOTICE OF PRIVACY PRACTICES EyeMed Vision Care, LLC ( EyeMed ) THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
More informationHIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc
HIPAA Overview Health Insurance Portability and Accountability Act Premier Senior Marketing, Inc HIPAA Defined Acronym that stands for the Health Insurance Portability and Accountability Act, a US law
More informationOVERVIEW OF RECENT CHANGES IN HIPAA AND OHIO PRIVACY LAWS
Franklin J. Hickman Janet L. Lowder David A. Myers Elena A. Lidrbauch Judith C. Saltzman Mary B. McKee Amanda M. Buzo Lisa Montoni Garvin Andrea Aycinena Penton Building 1300 East Ninth Street Suite 1020
More informationCOMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T
COMPLIANCE TRAINING 2015 QUALITY MANAGEMENT COMPLIANCE DEPARTMENT 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T Compliance Program why? Ensure ongoing education
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection
More informationWhat is HIPAA? (1 of 2)
HIPAA 1 HIPAA On August 21 1996 the federal government passed the Health Information Portability and Accountability Act of 1996 Has been update throughout; with the newest update (Final Rule) going into
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT DEFINITIONS Amend ~ to alter an existing document Civil ~ a type of legal case in which money damages can be awarded Code Set ~ combinations of numbers
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationH E A L T H C A R E L A W U P D A T E
L O U I S V I L L E. K Y S E P T E M B E R 2 0 0 9 H E A L T H C A R E L A W U P D A T E L E X I N G T O N. K Y B O W L I N G G R E E N. K Y N E W A L B A N Y. I N N A S H V I L L E. T N M E M P H I S.
More informationGetting a Grip on HIPAA
Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy
More informationThe wait is over HHS releases final omnibus HIPAA privacy and security regulations
The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under
More informationFifth National HIPAA Summit West
Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for
More informationPeripheral Vascular Associates/Veintec HIPAA Notice of Privacy Practices
Peripheral Vascular Associates/Veintec HIPAA Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY OUR PRACTICE AND HOW YOU CAN GET ACCESS TO
More informationHIPAA / HITECH. Ed Massey Affiliated Marketing Group
HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health
More informationPrivacy Regulations HIPAA-Administrative Simplification Internal Assessment
Privacy Regulations HIPAA-Administrative Simplification Internal Regulation/Standard Use and Disclosure 164.502 Uses and disclosures of protected health information: general rules. (a) Standard. A covered
More informationHIPAA FUNDAMENTALS For Substance abuse Treatment Industry
HIPAA FUNDAMENTALS For Substance abuse Treatment Industry (c)firststepcounselingonline2014 1 At the conclusion of the course/unit/study the student will... ANALYZE THE EFFECTS OF TRANSFERING INFORMATION
More informationPrivacy Policy Training
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Policy Training General Information Level I Training HIPAA Project Management Office 1 Your HIPAA Privacy Officer: Name Goes
More informationCOMPLIANCE DEPARTMENT. LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT
COMPLIANCE DEPARTMENT LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT for COMPLIANCE, HIPAA PRIVACY, AND INFORMATION SECURITY SELF-STUDY GUIDE I hereby certify
More informationNotice of Privacy Practices
Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. PURPOSE STATEMENT
More informationPreparing for a HIPAA Audit & Hot Topics in Health Care Reform
Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,
More informationNOTICE OF PRIVACY PRACTICES
CENTER FOR SPORTS MEDICINE AND ORTHOPAEDICS HIPAA PRIVACY POLICIES AND PROCEDURES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More information2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.
HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,
More informationHIPAA Background and History
Agenda Jeffery P. Drummond Lawyers as HIPAA Business Associates: Ethical Obligations and Practical Tips for Compliance Dallas Bar Association January 17, 2018 Jamie Sorley An Overview of HIPAA The Privacy
More informationHIPAA Privacy Procedure #13
HIPAA Privacy Procedure #13 Uses or Disclosures of Protected Health Insurance Without a Verbal or Written Authorization Effective Date: April 14, 2003 Reviewed Date: February, 2011 Revised Date: Scope:
More informationHIPAA Privacy For our Group Customers and Business Partners
HIPAA Privacy For our Group Customers and Business Partners Independent licensee of the Blue Cross and Blue Shield Association HIPAA, The Health Insurance Portability and Accountability Act of 1996, established
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationHIPAA NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. If you have any questions about this notice,
More informationHIPAA Policy Minimum Necessary Use December 1, 2015
HIPAA Policy Minimum Necessary Use December 1, 2015 SCOPE This policy applies to Florida Atlantic University s Covered Components and those working on behalf of the Covered Components for purposes of complying
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationHIPAA Basic Training for Health & Welfare Plan Administrators
2010 Human Resources Seminar HIPAA Basic Training for Health & Welfare Plan Administrators Norbert F. Kugele What We re going to Cover Important basic concepts Who needs to worry about HIPAA? Complying
More informationMICHIGAN HEALTHCARE PROFESSIONALS, P.C.
MICHIGAN HEALTHCARE PROFESSIONALS, P.C. PATIENT NOTICE OF PRIVACY PRACTICES As Required by the Privacy Regulations Created as a Result of the Health Insurance Portability and Accountability Act of 1996-(HIPAA),
More informationHIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia
HIPAA in the Digital Age Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia Virginia MGMA reminds attendees that the program is not intended to provide legal advice and advises participants
More informationSafeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker
Safeguarding Your HIPAA and Personal Health Information Data Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker 1 Overview» Patient information confidentiality Grant requirements
More informationHIPAA Enforcement Under the HITECH Act; The Gloves Come Off
HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are
More informationHealth Insurance Portability and Accountability Act Category: Administration 04/30/2015 Vice President for Legal Prior Effective Date:
Policy Title: Policy Number: Health Insurance 1.8.4 Portability and Accountability Act Category: Effective Date: Policy Owner: Administration 04/30/2015 Vice President for Legal Prior Effective Date: Affairs
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationHIPAA NOTICE OF PRIVACY PRACTICES Effective 1/1/14
HIPAA NOTICE OF PRIVACY PRACTICES Effective 1/1/14 Stanley Total Living Center, Inc. 514 Old Mount Holly Road Stanley, NC 28164 (704) 263 1986 www.stanleytotallivingcenter.org THIS NOTICE DESCRIBES HOW
More informationand disclosure of your PHI for treatment, payment, and health care operations
UPMC Health Plan INC./UPMC Health NETWORK, INC./UPMC HEALTH BENEFITS, INC. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationHEALTH INFORMATION PRIVACY POLICIES & PROCEDURES
Drs. Hammond and von Roenn HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES These Health Information Privacy Policies & Procedures implement our obligations to protect the privacy of individually identifiable
More informationHIPAA notice of health information privacy practices Your Information. Your Rights. Our Responsibilities.
HIPAA notice of health information privacy practices Your Information. Your Rights. Our Responsibilities. This notice describes how medical information about you may be used and disclosed and how you can
More informationSCHOOLS SELF-INSURANCE OF CONTRA COSTA COUNTY NOTICE OF PRIVACY PRACTICES
SCHOOLS SELF-INSURANCE OF CONTRA COSTA COUNTY NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationFlorida Dermatology HIPAA Notice of Privacy Practices
Florida Dermatology HIPAA Notice of Privacy Practices Effective Date: 9/13/13 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA Notice of Privacy Practices
TM HIPAA Notice of Privacy Practices HIPAA is a federal law that requires protections for your protected health information (PHI). UNITE HERE HEALTH (The Fund) is required to provide you with a detailed
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Original Effective Date: April 14, 2003 Effective Date of Last Revision: August 30, 2013 I. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationKENT COUNTY EMPLOYEE NOTICE OF PRIVACY PRACTICES
KENT COUNTY EMPLOYEE NOTICE OF PRIVACY PRACTICES Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule
HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com
More informationCentral Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4
Table of Contents A. Introduction...1 1. Purpose...1 2. No Third Party Rights...1 3. Right to Amend without Notice...1 4. Definitions...1 B. Plan s General Policies...4 1. Plan s General Responsibilities...4
More informationTHIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. UROGYNECOLOGY CENTER
More informationChevron Phillips Chemical Company LP Health & Welfare Benefit Plan
Chevron Phillips Chemical Company LP Health & Welfare Benefit Plan Notice of Privacy Practices Effective April 14, 2003 Updated September 23, 2013 This Notice describes how medical information about you
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Northwest Neurology
More information