Tuesday, April 16, :00-2:15 pm Eastern. Presenters. Melissa Markey, Esquire Hall Render Killian Heath & Lyman PC Troy, MI
|
|
- Darcy Dennis
- 5 years ago
- Views:
Transcription
1 HITECH Final Omnibus Rule Bootcamp Webinar and Roundtable Discussion Series, Part VI: Academic Medicine, Research, and Life Sciences Perspectives on the HITECH Final Omnibus Rule This bootcamp webinar and roundtable discussion series is brought to you by the Health Information and Technology (HIT) Practice Group, and is co-sponsored by the Business Law and Governance (BLG); Healthcare Liability and Litigation (HCL); Hospitals and Health Systems (HHS); In-House Counsel (In-House); Labor and Employment (Labor); Life Science (LS); Long Term Care, Senior Housing, In-Home Care, and Rehabilitation (LTC-SIR); Medical Staff, Credentialing and Peer Review (MSCPR); Payors, Plans, and Managed Care (PPMC); Physician Organization (Physicians); Regulation, Accreditation and Payment (RAP); and Teaching Hospitals and Academic Medical Centers (TH/AMC) Practice Groups and the Healthcare Reform Educational (HRE) Task Force. Tuesday, April 16, :00-2:15 pm Eastern Presenters Melissa Markey, Esquire Hall Render Killian Heath & Lyman PC Troy, MI Susan Stayn, Esquire Senior University Counsel Office of the General Counsel Stanford University Stanford, CA
2 Today s Omnibus Topics Overview of Final HITECH Omnibus Rule on Genetic Information, Decedent s Information, Compound Research Authorizations, Sale of Protected Health Information (PHI), and Healthcare Operations vs. Research De-identification of PHI under Office of Civil Rights guidance and changes to limited data sets Operational issues and overlap with the Common Rule 2
3 HITECH ACT includes Increased Enforcement and Penalties Expansion of Definition and Regulation of Business Associates (and their subcontractors) Restrictions on Fundraising, Marketing and Sale of PHI Reporting to HHS, individuals and potentially media for a Breach of Unsecured PHI 3
4 Effective Date and Compliance Dates January 25, 2013 Final HITECH Omnibus Rule published in Federal Register (78 Fed. Reg. 5566) March 26, 2013 Omnibus Rule Effective Date Enforcement Rule changes effective this date and require compliance September 23, 2013 Omnibus Rule Compliance Date 4
5 Genetic Information Privacy Pre-GINA: Genetic information already was protected under the HIPAA Privacy Rule as Protected Health Information (PHI) when it was individually identifiable and held by a covered entity (per preamble to Privacy Rule). GINA required revisions to the Privacy Rule: To be explicit that health information includes genetic information. To prohibit health plans, health insurance issuers (including HMOs), and issuers of Medicare supplemental policies from using/disclosing genetic information for underwriting purposes. 5
6 Genetic Information Privacy HITECH Omnibus Final Rule: Explicitly defines health information to include genetic information. Adds several related new terms and definitions to HIPAA: Genetic information Genetic test Genetic services Family member Manifestation or manifested Prohibits all health plans that are HIPAA covered entities, except issuers of long-term care policies, from using or disclosing genetic information for underwriting purposes. 6
7 Genetic Information Privacy: New Terms Genetic information [paraphrased from 45 CFR ]: (1) Subject to para. (2) and (3), with respect to an individual, information about: (i) The individual s genetic tests; (ii) The genetic tests of the individual s family members; (iii) Manifestation of a disease or disorder in family members of such individual; or (iv) any request for, or receipt of, genetic services, or participation in clinical research which includes genetic services, by the individual or family member; (2) Genetic information of individual or family member includes genetic information of (i) a fetus carried by the individual or family member who is a pregnant woman; and (ii) any embryo legally held by the individual or family member using ART; (3) Genetic information excludes information about sex or age of the individual. 7
8 Genetic Information Privacy: New Terms Genetic services: (i) genetic test; (ii) genetic counseling; or (iii) genetic education. Genetic test: analysis of human DNA, RNA, chromosomes, proteins, or metabolites, if analysis detects genotypes, mutations, or chromosomal changes. Doesn t include analysis of proteins or metabolites directly related to a manifested disease, disorder, or pathological condition. Doesn t include HIV tests, CBCs, cholesterol or liver function tests, or tests to detect presence of drugs or alcohol. Family member (broad!): includes dependents, first- through fourthdegree relatives, half-siblings, adoptions, and more CFR
9 Genetic Information Privacy: New Terms Manifestation or manifested: means, with respect to a disease, disorder, or pathological condition: Individual has been, or could reasonably be, diagnosed by health care professional with appropriate training and expertise in field. In contrast, if diagnosis is based principally on genetic information, then the disease, disorder, or pathological condition is not manifested CFR
10 Genetic Information Privacy: Practical Considerations While aimed at health plans, the new genetic information provisions may affect health care providers. Areas for consideration include, for example: Patient right to request restrictions - Example: Adult children involved in ill parent s care request genetic information of parent. Has parent requested a restriction, and has entity agreed to such restriction? What is the scope of such restriction? Minimum necessary standard -Example: Disclosure to a health plan for payment. Participation in clinical research -Example: Do consent/authorization forms refer to genetic information, and what is the intended scope and meaning? Manifested or not manifested? 10
11 Genetic Information Privacy Practical Considerations Intersection with other existing genetic privacy laws (e.g., state laws) Compare terminology and definitions Compare scope of laws (e.g., some state laws may apply only to clinical genetic tests and not genetic information in research) Possible implications for policies, procedures, consent/authorization forms, informational brochures and materials Potential for new state legislation DNA is still not identifiable alone under Privacy Rule 11
12 Decedent Information Original Privacy Rule protected decedents PHI indefinitely Omnibus Final Rule defines PHI to include decedent PHI for 50 years after death Not a record retention requirement Omnibus Final Rule permits, but does not require, disclosure of decedent PHI to a family member or friend who is involved in the care or payment for care before the individual s death, unless disclosing is inconsistent with a prior expressed preference of the individual that is known to the covered entity Disclosure limited to area of family member/friend s involvement (not past, unrelated medical problems) Covered entity needs reasonable assurance the person is a family member or friend who was involved in the care May arise if family member or friend requesting the information is not the personal representative with right of access 12
13 Decedent Information Research effects: Researchers may still provide written assurances to access decedent information for research (no change) 50-year cut-off is intended to ease prior restrictions and facilitate work of archivists, biographers, and historians who need old medical records or historical files of value Practical considerations: Changes are permissive, not required If uncomfortable disclosing decedent s information to family/friend, entity is not required to (unless it s a personal representative) State law or professional obligations may require longer period of confidentiality 13
14 Research Compound Authorizations Compound authorizations those that combine any other legal permission with authorization for PHI disclosure Privacy Rule prohibited compound authorizations and conditioned and non-conditioned authorization in same document Exception for research study authorization with other written permission for the same study 14
15 Compound Research Authorizations - HITECH Permits combining conditioned and non-conditioned authorizations for research in same document, with caveats, and no longer requires PHI use/disclosure for research purposes to be study-specific, with caveats: Conditioned and non-conditioned components must be clearly indicated; Individual must be able to opt-in to research activities in unconditioned authorization; Authorization revocations clearly state which authorization is revoked; Uses/disclosures of PHI for future research purposes must be adequately described. Result: flexibility to clinical researchers and harmony of authorization provisions with Common Rule regulations Permits combining authorizations for clinical trials, optional sub-studies, biospecimen banking 15
16 Compound Research Authorizations - HITECH Practical Considerations: Sample study: Drug trial plus tissue banking Informed consent to drug trial and tissue banking needed. - Consent still may be combined with a HIPAA authorization (unless state law or other source requires separation). Authorization for use/disclosure of PHI in drug trial may be combined with authorization for use/disclosure of PHI in banking (if it is clear that these are separate activities, and opt-in to banking is included) Authorization for use/disclosure of PHI in drug trial may remain separate from authorization for use/disclosure of PHI in banking Authorization for use/disclosure of PHI in drug trial may be all that is needed, if no PHI (or only a limited data set) will be used or disclosed for tissue banking Waiver of authorization also remains an option (e.g., researchers decide later on a data or tissue bank) 16
17 Compound Research Authorizations - HITECH Practical Considerations: How to revise research authorizations? SACHRP Public Comment Letter described three possible approaches, which were all deemed appropriate by HHS - Combined consent/authorization for clinical trial and optional tissue bank, with opt-in to optional bank, and one signature - Combined consent/authorization for clinical trial and optional tissue bank, with separate signatures - Combined consent/authorization for clinical trial and optional tissue bank, with opt-in to bank, and one signature, but detailed brochure with the banking information, as referenced in consent/authorization SACHRP Letter/Attachment A: sample mark-up of a compound authorization: entalettertothesec.html 17
18 Compound Research Authorizations - HITECH Practical Considerations: What about pre-existing studies? Previously approved, ongoing studies may continue to rely on the separate authorization forms that were obtained under the prior provisions. (78 Fed. Reg. 5611) For new studies, option to use newly permitted compound authorizations or continue separate authorizations. Revisions to policies, procedures, and forms. Training: Given enforcement climate, important to ensure researchers are using an appropriate HIPAA authorization in ongoing and new studies. 18
19 Future Research - HITECH Under prior HHS interpretation of HIPAA Privacy Rule, no authorization for future research (authorization had to be study-specific). In Omnibus HITECH final rule, HHS modifies its prior interpretation and now allows authorizations to use or disclose PHI for future research. Must still meet required elements of an authorization Must adequately describe the research purposes so an individual understands the possible future research (i.e., more harmonized with IRB consent practices under the Common Rule) 19
20 Future Research - HITECH Practical considerations: Permissive approach: covered entities may continue to use studyspecific authorizations, or may obtain authorizations for future research after effective date of new rule (3/26/2013). What about pre-existing studies? May rely upon IRB-approved consent obtained prior to 3/26/2013 if it reasonably informed individuals of the future research, provided consent was combined with a HIPAA authorization (even though authorization was specific to original study or to creation/maintenance of a repository). What about revocation of authorization? Privacy Rule requires revocation to be in writing, but covered entity may cease using or disclosing PHI pursuant to an authorization based on individual s oral request if it chooses to do so. 20
21 Sale of PHI Even where HIPAA permits a disclosure of PHI, a covered entity (or business associate) is prohibited from disclosing PHI (without individual authorization) in exchange for remuneration. Includes remuneration received directly or indirectly from recipient Not limited to financial remuneration If authorization obtained, authorization must state that disclosure will result in remuneration. 21
22 Sale of PHI Exceptions: Treatment & payment Sale of business Remuneration to BA for services rendered Disclosure required by law Providing access or accounting to individual Public health Research, if remuneration limited to cost to prepare and transmit PHI Any other permitted disclosure where only receive reasonable, cost-based fee to prepare and transmit PHI 22
23 Sale of PHI Practical Considerations: Sale is broad: not limited to transfer of ownership Includes licenses, leases, and other arrangements Includes receipt of financial or non-financial benefits Example: payment for a limited data set for research purposes is a sale of PHI, which may be done either with authorization, or without authorization if an exception is met (e.g., payment limited to a reasonable cost-based fee to prepare and transmit the data) What costs are permitted in reasonable cost-based fee? Direct and indirect costs, labor and supplies, capital, overhead Operational challenge: identifying arrangements; inserting check mechanism into workflow; training. 23
24 OCR Guidance: De-identification of PHI Safe Harbor - Remove or code required data elements and CE does not have any actual knowledge that the information could be used alone or with other information to identify the individual. Statistician's certification - Person with appropriate expertise renders information "not identifiable" if s/he Determines very small risk that information could be used alone or in combination with other reasonably available information by an anticipated recipient to identify the individual AND Documents the methods & results of the analysis that justify this determination. * See OCR De-Identification Guidance dated November 26, 2012, available at 24
25 OCR Guidance: De-identification of PHI Expert Determination Method: Practical Considerations Who is an expert? - No specific professional degree or certification program - Professional experience + academic or other training would be reviewed from an enforcement perspective. What is a very small risk of identification? - [N]o explicit numerical level of identification risk - Document method (Guidance Sec ) 25
26 OCR Guidance: De-identification of PHI Safe Harbor: Practical Considerations Derivatives of identifiers: guidance reiterates that initials and parts of SSN are identifiable. - Think about researchers codes, study spreadsheets Dates: guidance reiterates dates are identifiable (except year) - Think about specimen labels, repository records, chronologies, outcome data Other unique identifying characteristics - Think about how to help researchers and IRB identify these less well-defined characteristics Actual knowledge - Includes, for ex., rare or well-publicized clinical events Ongoing dialogue: OCR welcomes further comments 26
27 Changes Affecting Limited Data Sets Breach notification Removal of safe harbor for narrow limited data sets (those that excluded date of birth and ZIP) - So, any breach involving a limited data set must be analyzed using same analysis as other breaches. Must report breaches or document rationale for not reporting. Data use agreements: Recipient of limited data set should quickly report to data owner any incident that could give rise to a breach. Coordination of data use agreements: who signs? Greater centralization within academic medical centers? 27
28 Operational issues and overlap with the Common Rule Reportability HIPAA/HITECH: Breach analysis and reporting Common Rule: Unanticipated problems reporting Other sources of required reporting Identifiability under HIPAA vs. Common Rule Authorizations and consents 28
29 Notice of Privacy Practices Content must now include: Statements regarding sale of PHI, marketing, and other purposes that require authorization Fundraising opt out and restrictions on health plan disclosures if individual pays out of pocket in full for health care service Statement about individual s right to receive breach notifications For plans that underwrite, statement that genetic information may not be used for such purposes 29
30 QUESTIONS??????????
31 HITECH Final Omnibus Rule Bootcamp Webinar and Roundtable Discussion Series, Part VI: Academic Medicine, Research, and Life Sciences Perspectives on the HITECH Final Omnibus Rule 2013 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought from a declaration of the American Bar Association 31
Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013
Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients
More informationRule. Research Changes to the Privacy Rule and GINA. Heather Pierce, JD, MPH Senior Director and Regulatory Counsel, Scientific Affairs
HIPAA Omnibus Final Rule Research Changes to the Privacy Rule and GINA Heather Pierce, JD, MPH Senior Director and Regulatory Counsel, Scientific Affairs February 20, 2013 Research-Related Topics Research
More informationHIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school
ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes
More informationOmnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule
Office of the Secretary Office for Civil Rights () HIPAA/HITECH Omnibus Final Rule April 12, 2013 HHS Office for Civil Rights Omnibus Components Final Rule on HITECH Privacy, Security, & Enforcement Provisions
More informationO n Jan. 25, 2013, the U.S. Department of Health
Life Sciences Law & Industry Report Reproduced with permission from Life Sciences Law & Industry Report, 07 LSLR 220, 02/22/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
More informationHIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationHIPAA Omnibus Final Rule and Research
Office of the Secretary Office for Civil Rights () HIPAA Omnibus Final Rule and Research Federal Demonstration Partnership September 17, 2013 Christina Heide, JD Senior Health Information Privacy Policy
More information2. Key Terminology Under GINA Title II
XXII. Genetic Information Nondiscrimination Act (GINA) places strict limits on the disclosure of genetic information; and specifically prohibits employers from discriminating against any employee with
More informationTo: Our Clients and Friends January 25, 2013
Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health
More informationHIPAA Basics For Clinical Research
HIPAA Basics For Clinical Research Presented by Marilyn Windschiegl d.b.a. PFS Clinical, all rights reserved Caution HIPAA is huge State laws may trump or stand side by side with federal law, so your state
More informationHIPAA Definitions.
HIPAA 160.103 Definitions. Except as otherwise provided, the following definitions apply to this subchapter: Act means the Social Security Act. Administrative simplification provision means any requirement
More information4/5/2013 I. BACKGROUND HIPAA OMNIBUS FINAL RULE. Background. Webinar Series Part II Research and Marketing April 9, 2013
HIPAA OMNIBUS FINAL RULE Webinar Series Part II Research and Marketing April 9, 2013 1 I. BACKGROUND 2 Background > HIPAA Omnibus Final Rule: Announced on January 17, 2013 Published in Federal Register
More informationGUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do
GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do By D Arcy Guerin Gue, Phoenix Health Systems, a division of Medsphere Systems Corporation With Steven J. Fox, Post & Schell Originally commissioned
More informationCompliance. TODAY May Meet Scott Killingsworth. Partner in the Atlanta offices of Bryan Cave LLP. See page 16
Compliance TODAY May 2013 a publication of the health care compliance association www.hcca-info.org Meet Scott Killingsworth Partner in the Atlanta offices of Bryan Cave LLP See page 16 25 Medicare Coverage
More informationFifth National HIPAA Summit West
Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for
More informationManagement Alert Final HIPAA Regulations Issued
Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,
More informationCOLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB)
COLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB) PROCEDURES TO COMPLY WITH PRIVACY LAWS THAT AFFECT USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION FOR RESEARCH PURPOSES Procedures
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationCROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF
CROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Update 2-17-2016 CROOK COUNTY RECORD OF CHANGES 2 TABLE OF CONTENTS Introduction HIPAA
More informationOccidental Petroleum Corporation
Occidental Petroleum Corporation HIPAA Privacy Policies and Procedures September 2014 Occidental Petroleum Corporation HIPAA Privacy Policies and Procedures TABLE OF CONTENTS INTRODUCTION...1 HIPAA STATEMENT
More informationThe wait is over HHS releases final omnibus HIPAA privacy and security regulations
The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under
More informationGetting a Grip on HIPAA
Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy
More informationHITECH/HIPAA (privacy) 2013 Omnibus Final Rule Rita Bowen Senior Vice President of HIM and Privacy Officer HealthPort
Slide 1 HITECH/HIPAA (privacy) 2013 Omnibus Final Rule Rita Bowen Senior Vice President of HIM and Privacy Officer HealthPort Slide 2 Electronic Copy of PHI Form and Format requested, if readily producible
More informationHIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by
HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement
More informationHIPAA FUNDAMENTALS For Substance abuse Treatment Industry
HIPAA FUNDAMENTALS For Substance abuse Treatment Industry (c)firststepcounselingonline2014 1 At the conclusion of the course/unit/study the student will... ANALYZE THE EFFECTS OF TRANSFERING INFORMATION
More informationManaging Information Privacy & Security in Healthcare. When an Authorization is Required
D21 Managing Information Privacy & Security in Healthcare When an Authorization is Required By Barbara Demster, MS, RHIA, CHCQM and Sandra Sinay, JD, LLM Authorizations for Uses and Disclosures: 164.508.
More informationHIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE Policy Preamble This privacy policy ( Policy ) is designed to
More informationUAMS ADMINISTRATIVE GUIDE NUMBER: 2.1
UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1.12 DATE: 04/01/2003 REVISION: 3/1/2004; 12/28/2010; 01/02/2013 PAGE: 1 of 18 SECTION: HIPAA AREA: HIPAA PRIVACY/SECURITY POLICIES SUBJECT: HIPAA RESEARCH POLICY PURPOSE
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More informationACC Compliance and Ethics Committee Presentation February 19, 2013
ACC Compliance and Ethics Committee Presentation February 19, 2013 Melinda G. Murray Associate General Counsel, Holy Cross Hospital and Jill M. Girardeau Partner, Womble Carlyle Sandridge & Rice, LLP HIPAA
More informationHIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights
HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement
More informationHITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule
HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule Audio Seminar January 28, 2013 Practical Tools for Seminar Learning Copyright 2012 American Health Information Management Association.
More informationHHS, Office for Civil Rights. IAPP October 11, 2012
HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities
More informationTHE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES
THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES Effective: November 8, 2012 Terms used, but not otherwise defined, in this Policy and Procedure have
More informationChildren s Hospital of Philadelphia SOP 707 Page Effective Date: Title: Requirements for and
Page: 1 of 6 I. PURPOSE II. III. IV. The purpose of this SOP is to describe the general requirements for documentation of HIPAA authorization and to enumerate the situations where an authorization or waiver
More informationNew HIPAA Rules A Briefing On HIPAA Rule Changes. Leader Guide
4522 New HIPAA Rules A Briefing On HIPAA Rule Changes Leader Guide National Educational Video, Inc. (NEVCO ) is an approved provider of continuing education in nursing. CE Provider numbers: California
More informationHIPAA Privacy Rule and Research
HIPAA Privacy Rule and Research Melissa Bianchi Partner February 24, 2014 Healthcare/Privacy Research Pre-January 2013 Under HIPAA, may use PHI for research with: an individual s written authorization
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 9 I. Policy The HIPAA Privacy Rule requires that, in most situations, patients provide written authorization prior to uses or disclosures of their protected health information. This policy is
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More informationMEMORANDUM. Kirk J. Nahra, or
MEMORANDUM TO: FROM: Interested Parties Kirk J. Nahra, 202.719.7335 or knahra@wileyrein.com DATE: January 28, 2013 RE: The HIPAA/HITECH Omnibus Regulation After almost four years, the Department of Health
More informationLegal and Privacy Implications of the HIPAA Final Omnibus Rule
Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,
More informationHIPAA s Medical Privacy Standards:
HIPAA s Medical Privacy Standards: The Long and Really Winding Road Michael D. Bell, Esq. Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Washington, D.C. (202) 434-7481 mbell@mintz.com The Health
More informationHIPAA & The Medical Practice
HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,
More information1.) The Privacy Rule (Part 164, Subpart E)
1.) The Privacy Rule (Part 164, Subpart E) 164.500 Applicability 164.501 Definitions (health care operations, marketing, underwriting purposes, payment) 164.502 Uses and disclosures of protected health
More informationUSE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.
PRIVACY 3.0 USE AND DISCLOSURE REQUIRING AUTHORIZATION Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect
More informationHIPAA Compliance Under the Magnifying Glass
HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information
More informationHIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules
HIPAA Compliance PART I: HHS Final Omnibus HIPAA Rules Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com February 6, 2013 www.securityprivacyandthelaw.com HIPAA Compliance: PART I 1 Finally!
More informationCoping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!
Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,
More informationCentral Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4
Table of Contents A. Introduction...1 1. Purpose...1 2. No Third Party Rights...1 3. Right to Amend without Notice...1 4. Definitions...1 B. Plan s General Policies...4 1. Plan s General Responsibilities...4
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationPOLICY REGARDING NOTICE OF PRIVACY PRACTICES
Purpose: Standard: Policy: To set forth the policy and procedures of West Virginia University Physicians of Charleston ( WVUPC ) regarding the preparation and dissemination of its Notice of Privacy Practices.
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revised: September 23, 2013 Version: 04142003.2 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
More informationHIPAA: Impact on Corporate Compliance
HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal
More informationMICHIGAN HEALTHCARE PROFESSIONALS, P.C.
MICHIGAN HEALTHCARE PROFESSIONALS, P.C. PATIENT NOTICE OF PRIVACY PRACTICES As Required by the Privacy Regulations Created as a Result of the Health Insurance Portability and Accountability Act of 1996-(HIPAA),
More informationCOLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH
COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH I. Background The Health Insurance Portability and Accountability Act of 1996 (as
More informationEffective Date: March 23, 2016
AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationOmnibus HIPAA Rule: Impact on Covered Entities
Presenting a live 90-minute webinar with interactive Q&A Omnibus HIPAA Rule: Impact on Covered Entities Complying with New Requirements, Managing Risk and Responding to a Data Breach TUESDAY, MARCH 12,
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA OMNIBUS FINAL RULE HITECH GINA TERMINOLOGY OMNIBUS FINAL RULE Issued January 23, 2013 Effective March 26, 2013 Modified HIPAA privacy and security
More informationHIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule
HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com
More informationHIPAA Policy 5032 Statement of Policy on Use and Disclosure of Protected Health Information for Research Purposes
HIPAA Policy 5032 Statement of Policy on Use and Disclosure of Protected Health Information for Research Purposes Responsible Office Provost Effective Date 04/14/03 Responsible Official Privacy Officer
More informationOmnibus Rule: HIPAA 2.0 for Law Firms
Omnibus Rule: HIPAA 2.0 for Law Firms Introduction On January 25, 2013, the U.S. Department of Health and Human Services (HHS) issued the muchanticipated Omnibus Rule 1 finalizing changes to the HIPAA
More informationHealth Law Diagnosis
February Page 1 of 2013 11 Health Law Diagnosis HHS Releases Final HITECH Omnibus Rule After waiting over two years from the publication of the Notice of Proposed Rulemaking to implement provisions of
More informationHIPAA Final Omnibus Rule Playbook
DOWNLOADABLE GUIDE HIPAA Final Omnibus Rule Playbook Your Ticket to Winning the Compliance Game Offensive Plays HIPAA Privacy Rule Defensive Plays HIPAA Security Rule Special Team Plays Breach Notification
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationNorth Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13
North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: HIPAA Marketing and Sale of Protected Health Information Policy ADMINISTRATIVE POLICY AND PROCEDURE MANUAL POLICY #: 800.43 System Approval
More informationNew HIPAA Rules and Implications for the Industry January 29, 2013
New HIPAA Rules and Implications for the Industry January 29, 2013 **Audio for this webinar streams through the web. Please make sure the sound on your computer is turned on. If you need technical assistance,
More informationHIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures
HIPAA Privacy Compliance Plan for Research University of South Alabama IRB Guidance and Procedures Office of Research Compliance and Assurance CSAB 140 460-6625 Adopted: 4/2/2003 2 HIPAA PRIVACY COMPLIANCE
More informationNPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH
NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH Speakers Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy and Security HIMSS lgallagher@himss.org Amy
More informationAFTER THE OMNIBUS RULE
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member
More informationJOINT NOTICE OF PRIVACY PRACTICES AND NOTICE OF ORGANIZED HEALTH CARE ARRANGEMENT
Effective Date: January 1, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. If you have
More informationHITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013
HITECH/HIPAA Omnibus Final Rule: Implications for Hospices Elizabeth S. Warren May 3, 2013 Final Rule is Finally Here Published January 25, 2013 (78 Fed. Reg. 5566) Effective March 26, 2013 Compliance
More informationThe Omnibus HIPAA Rule: A New Era of Federal Privacy Regulation
FEBRUARY 7, 2013 PRIVACY AND HEALTHCARE UPDATE The Omnibus HIPAA Rule: A New Era of Federal Privacy Regulation On January 17, 2013, the Office for Civil Rights ( OCR ), U.S. Department of Health and Human
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationIBM Watson Care Manager Cloud Service
Service Description IBM Watson Care Manager Cloud Service This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its Authorized Users and recipients of
More informationHTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017
HIPAA Tool Kit 2017 Contents Introduction...1 About This Manual... 1 A Word About Covered Entities... 1 A Brief Refresher Course on HIPAA... 2 A Brief Update on HIPAA... 2 Progress Report... 4 Ongoing
More informationEVMS Medical Group A. RESEARCH USE AND OR DISCLOSURE WITHOUT AUTHORIZATION:
Page 1 of 8 Definitions: Research Research is defined as systematic investigation, including the research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge
More informationHIPAA Omnibus Rule Compliance
HIPAA Omnibus Rule Compliance Jana Aagaard, JD Senior Counsel, Privacy/HIT Dignity Health Christy Navarro, MS CIPP/US Director, Chief Privacy Officer - Ascendian 1 Overview Background What Should Be Done
More informationNotice of Privacy Practices Linn County Employee Health Care and Health Related Benefits Programs
Notice of Privacy Practices Linn County Employee Health Care and Health Related Benefits Programs THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationKay Concrete Materials, Inc.
Kay Concrete Materials, Inc. Protecting Your Health Information Privacy Rights April 18 th, 2016 Kay Concrete Materials, Inc. is committed to the privacy of your health information. The Company uses strict
More information1641 Tamiami Trail Port Charlotte, Fl Phone: Fax: Health Insurance Portability and Accountability Act of 1996
1641 Tamiami Trail Port Charlotte, Fl. 33948 Phone: 941-629-6262 Fax: 941-629-1782 Health Insurance Portability and Accountability Act of 1996 HIPAA OMNIBUS NOTICE OF PRIVACY PRACTICES Effective April
More informationHEALTH LAW ALERT January 21, 2013
HEALTH LAW ALERT January 21, 2013 Omnibus Privacy Rule Issued HHS Imposes More Stringent Breach Notification Standard Requires Changes to Privacy Notices, Business Associate Agreements On Thursday, the
More informationNavigating the Legal Issues in Wellness Programs Sponsored by the Payors,, Plans, and Managed Care Practice Group
Navigating the Legal Issues in Wellness Programs Sponsored by the Payors,, Plans, and Managed Care Practice Group September 8, 2010 12:00 1:00 pm Eastern Presenter: Heidi E. Garwood Senior Legal Counsel,
More informationNOTICE OF PRIVACY PRACTICES Total Sports Care, P.C.
NOTICE OF PRIVACY PRACTICES Total Sports Care, P.C. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationHighlights of the Final Omnibus HIPAA Rule
Highlights of the Final Omnibus HIPAA Rule Health Information & the Law Project 1 Jane Hyatt Thorpe, JD Lara Cartwright-Smith, JD, MPH Devi Mehta, JD, MPH Elizabeth Gray, JD Teresa Cascio, JD Grace Im,
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More informationAlfred University Effective Date: January 1, 2019
Alfred University Effective Date: January 1, 2019 1 Saxon Drive, Alfred NY 14802 HIPAA Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and
More informationAROC 2015 HIPAA PRIVACY AND SECURITY RULES
AROC 2015 HIPAA PRIVACY AND SECURITY RULES Presented by: Robert A. Paster, Esq. Brach Eichler L.L.C. 101 Eisenhower Parkway Roseland, NJ 07068 973-403-3144 rpaster@bracheichler.com www.bracheichler.com
More informationUBMD Policy for HIPAA Compliant Subject Recruitment
UBMD Policy for HIPAA Compliant Subject Recruitment Approved by Executive Committee on December 5, 2016 I. Statement of Purpose This policy is applicable in the situation where the Principle Researcher
More informationIt is very important to bring the following to your first visit:
Dear New Patient: Welcome and thank you for choosing Capital Digestive Care! The enclosed packet contains important information for your upcoming appointment as well as our new patient registration forms.
More informationUNIVERSITY POLICY. Adopted: 11/1/2016 Reviewed: 11/1/2016. Revised: Contact:
UNIVERSITY POLICY Policy Name: Hybrid Entity Declaration Section #: 100.1.12 Section Title: HIPAA Policies Approval Authority: Responsible Executive: Responsible Office: RBHS Chancellor/Executive Vice
More informationRELEASE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR RESEARCH PURPOSES
RELEASE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR RESEARCH PURPOSES PURPOSE The purpose of this policy is to establish guidelines for the release of Protected Health Information ( PHI ) for research
More information42 USC 300gg-91. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see
TITLE 42 - THE PUBLIC HEALTH AND WELFARE CHAPTER 6A - PUBLIC HEALTH SERVICE SUBCHAPTER XXV - REQUIREMENTS RELATING TO HEALTH INSURANCE COVERAGE Part C - Definitions; Miscellaneous Provisions 300gg 91.
More informationPATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS
PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached
More informationChanges to HIPAA Under the Omnibus Final Rule
Changes to HIPAA Under the Omnibus Final Rule Kimberly J. Kannensohn and Nathan A. Kottkamp, McGuireWoods 1 The Long-Awaited HIPAA Final Rule On Jan. 17, 2013, the Department of Health and Human Services
More informationINFORMATION FORM. Page 1 of 17
INFORMATION FORM Page 1 of 17 Client Information and Acknowledgment of Informed Consent to Treatment Therapist: Neila Senter, LPCC, is a licensed independent counselor engaged in the private practice of
More informationHIPAA Enforcement Under the HITECH Act; The Gloves Come Off
HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are
More informationTHIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
Notice of Privacy Practices KAISER PERMANENTE HAWAII REGION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
More informationSATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE
SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE This newsletter summarizes the highlights of the Final Omnibus HIPAA Privacy and Security Rule announced by the Department of Health
More information