Examining The Unique POC Regulatory Landscape
|
|
- Griffin George
- 5 years ago
- Views:
Transcription
1 The Point of Care National Presented by DTC Perspectives, Inc. in Partnership with PoC 3 Baltimore, MD Examining The Unique POC Regulatory Landscape Jonathan M. Weinrieb Principal, OFW Law October 1, 2014
2 This presentation is for general information only. It is not intended to be legal advice from DTC Perspectives, Inc., PoC 3, or OFW Law. Regulators and/or your company s business partners may not agree with some of the possible interpretations in this presentation. Your company should consult with its legal and regulatory advisors about its specific questions. 2
3 Win-Win-Win-Win Sponsored patient-specific educational communications are a WIN for all Patients: health benefits from better Rx drug compliance and adherence; better education to interact with health care providers Providers: increased store/office traffic and cost recovery; help with patient education Government: 1% increase in refill rate $35 billion Medicare savings over 10 years (CBO) Pharma: increased product sales 3
4 Legal/Regulatory Framework Federal Medical Privacy (HIPAA/HITECH) FDA Regulations OIG Enforcement (Anti-Kickback/Inducement) 4
5 Medical Privacy/HIPAA HIPAA (1996 law), amended by the HITECH Act (2009), governs the privacy and security of patients Protected Health Information (PHI) Privacy Rule Protects privacy of PHI and establishes patients rights regarding that PHI. Security Rule Standards for the security of electronic PHI (ephi). Breach Notification Rule Requires notification following a breach of unsecured PHI. Enforcement Rule Provides for HHS enforcement of above. 5
6 Privacy Rule Basics Who s Who? HIPAA applies to Covered Entities and their Business Associates Covered Entities (CE) (your clients/audience): Health Care Providers (e.g., pharmacies, physicians) that transmit electronic information in connection with a covered transaction (these generally concern billing/payment for services). Health Plans (e.g., insurance companies, HMOs, Medicare/Medicaid). Health Care Clearinghouses (e.g., billing services, switches that process health information). Business Associates (BA) (for the most part, you!): Person or entity performing covered function for CE that involves the use or disclosure of PHI. Does not include CE employees. 6
7 Key Question Under HIPAA What types of sponsored, patient-specific communications can be conducted/initiated at POC without patient authorization (opt-in)? 7
8 Old Rule (Pre-HITECH) Essentially all pharma-sponsored communications including switch and adjunctive did not need patient authorization because they qualified as treatment. Independently, all in-person (e.g., in-pharmacy, at-doctor s-office) communications were face-to-face no authorization needed regardless of content. 8
9 New Rule (post-hitech) Three independent exceptions from need for patient authorization under new rule: Face-to-Face (unchanged); Refill Reminders (new exception); and Messages that do not promote the sponsor s specific product (unchanged). 9
10 Sponsored Face-to-Face Communications No limitations on substantive content. Examples: In-pharmacy ( stapled to the drug bag ); and In-office (doctor hands information to patient). Strengthened by new rule and RR Guidance HHS expressly: recognized that written materials (e.g., pamphlets) handed to a patient qualify as face-to-face communications (no dialogue necessary); and accepted communications about alternative medication in the face-to-face context. 10
11 Sponsored Refill Reminders Requirements Two separate requirements to qualify for exception from authorization: 1) Must be about a drug or biologic that is currently being prescribed for the individual ; and 2) Compensation to CE must be reasonably related to its cost of making the communication. 11
12 Sponsored Refill Reminders Types of Qualifying Communications Adherence communications (including but not limited to refill reminders); Generic equivalent of prescribed drug; and Drug-delivery system for self-administered drug (e.g., insulin pump). Test Strips? 12
13 Sponsored Refill Reminders Types of Qualifying Communications Recently Lapsed Prescriptions Prescription must have lapsed within last 90 calendar days. Lapse not defined. HHS commented (at Feb HIPAA Summit : lapse defined by state law; for typical 1-year Rx life, can message about recently lapsed Rx up to 1 year +90 days after original Rx date 15 months). Seasonal allergy drugs, based on last year s script? EpiPen? 13
14 Sponsored Refill Reminders Types of Qualifying Communications Alternative/New Formulations/Adjunctive: Expressly not within the scope of Refill Reminder exception. Can send communication without authorization in face-toface setting. Can also send unbranded Ask Your Doctor communication without authorization. 14
15 Sponsored Refill Reminders Reasonable Compensation Limit HITECH Act: any payment received by the covered entity must be reasonable in amount. Omnibus final rule text: any financial remuneration received by the covered entity in exchange for making the communication is reasonably related to the covered entity s cost of making the communication (emphasis added). 15
16 Sponsored Refill Reminders What Is Reasonable Compensation? Refill Reminder Guidance: payments may cover only the reasonable direct and indirect costs of the program, including labor, materials, and supplies, as well as capital and overhead costs. Refill Reminder Guidance sets forth a broad interpretation that appears to demonstrate HHS s support of these programs; interpreted to mean not limited to a CE s additional or incremental costs. 16
17 Sponsored Refill Reminders What Is Reasonable Compensation? Profit for CE? Profit not defined but expressly not allowed per final rule (guidance silent). HHS does allow recovery of a broad range of direct and indirect costs; strong argument for reasonable profit for a BA (i.e., fair market value compensation for services). 17
18 Sponsored Messages That Do Not Promote The Sponsor s Specific Products Not regarded as Marketing and authorization not required. Disease management program which does not encourage patients to use the pharma company s drug. Unbranded educational content about disease or condition being treated. Unbranded Ask Your Doctor messages about unnamed potentially helpful drugs, more convenient formulations, and the like. 18
19 Opt-Out? No federal requirement. May be required by state law (e.g., California). Good business practice promotes transparency. Must be part of authorization if used. 19
20 State Privacy Laws HIPAA rules expressly do not preempt (trump) more restrictive state laws. Practical bottom line: more restrictive of applicable federal or state requirement controls. 20
21 California Only state where patients being denied benefits of sponsored patient-specific communications program. Does not recognize face-to-face exception to authorization. May be possible to run programs, without patient authorization, related to a chronic and seriously debilitating or life-threatening conditions ; additional requirements apply. 21
22 HIPAA Risk Analysis REQUIRED!! NIST, Framework for Improving Critical Infrastructure Cybersecurity, final.pdf. OCR, Security Risk Assessment Tool, OCR, Guidance on Risk Analysis Requirements under the HIPAA Security Rule, dancepdf.pdf. 22
23 HHS Audits BAs will be audited but HHS recognizes that there are a wide variety of BAs, making standard protocol challenging. No timeframe for audit program because of lack of funding (no audits so far in 2014). 23
24 Yes: No: Who s A Business Associate Subcontractors; Persons/entities that facilitate data transmission and storage; Vendors of Personal Health Records; Cloud computing providers; Data storage vendors; Paper shredding/document destruction vendors. CEs (e.g., health care providers and health plans); Common carriers (e.g., USPS, FedEx, UPS); Internet service providers; Other conduits (i.e., transient possession (including temporary storage ) of PHI transports information but does not access it other than on a random or infrequent basis as necessary for the performance of the transportation service or as required by law. ). 24
25 BA Agreements (BAAs) Existence or absence of BAA does not determine whether a CE has a BA relationship with other entity. 12 required elements + other permissions. 45 C.F.R ALL BAAs must now be HITECH-compliant (as of Sept. 22, 2014). HHS updated BAA template on website, ntities/contractprov.html 25
26 Analytics By BAs Typically in context of sponsored programs to measure how well the programs are working. Good practice to specify in BAA parameters for BA to use PHI for data analysis on behalf of CE. Typically uses de-identified data. De-Identification of data is a health care operations activity; no authorization needed but must be on behalf of the CE (within scope of BAA). De-identified data is not PHI. 26
27 Breach Standard/threshold for breach lowered by omnibus final rule. Harm standard from 2009 interim final rule replaced with more objective standard: an impermissible use or disclosure of [PHI] is presumed to be a breach unless the [CE] or [BA], as applicable, demonstrates... through a risk assessment... that there is a low probability that the protected health information has been compromised. 78 Fed. Reg. at 5641 (emphasis added); 45 C.F.R (definition of breach ). Example: PHI inadvertently faxed from one physician s office to another physician s office? Only applies to PHI that is unsecured (i.e., unencrypted). Bottom Line: ENCRYPT!! NIST, Cryptographic Standards and Guidelines Development Process, 27
28 Risk Assessment Breach? Must evaluate: 1) the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification; 2) the unauthorized person who used the PHI or to whom the disclosure was made; 3) whether the PHI was actually acquired or viewed; and 4) the extent to which the risk to the PHI has been mitigated. 28
29 Penalties for Breach OCR will look at all factors surrounding a breach but the fact that a breach occurred is not the sole determining factor for OCR. OCR will determine whether the entity used available tools and protected the health information to the best of its ability. Underscores the importance of Risk Analysis Update routinely. Encryption. 29
30 Breach Notification Notice to individuals required in all cases. Notice to media required notice to prominent media outlets if > 500 individuals affected in a single state or jurisdiction. Notice to HHS If > 500 individuals affected without unreasonable delay (60 days max.). 30
31 Recent Enforcement Majority of breaches caused by theft. Most common compliance issues investigated: 1) Impermissible uses and disclosures of protected health information; 2) Lack of safeguards of protected health information; 3) Lack of patient access to their protected health information; 4) Uses or disclosures of more than the minimum necessary protected health information; and 5) Lack of administrative safeguards of electronic protected health information 31
32 Recent Enforcement 22 resolution agreements to date. 12,915 complaints reported in Up from 10,454 in Nearly 100,000 since April 2003 compliance date (96% resolved). Although majority of cases do not result in enforcement, some cases have resulted in significant CMPs and corrective action audits revealed that 2/3 CEs had not done Risk Analysis. No 2014 audits yet Pre-audit surveys forthcoming to determine which CEs (and BAs) to audit. Next audit phase will include only desk audits (i.e., OCR will ask entities to provide specific documents). 32
33 HHS Forthcoming Guidance Breach Safe Harbor Update Breach Risk Assessment Tool Minimum Necessary More on Marketing More factsheets on other provisions 33
34 FDA Regulations FDA regulates manufacturer-prepared communications Labels (what s on the box or bottle) and labeling (e.g., brochures, slides, anything accompanying any drug). Advertising (e.g., newspapers, magazines, TV, radio) of Rx drugs. (FTC regulates advertising of OTC drugs claims must be substantiated by competent and reliable scientific evidence.) Does not regulate if not prepared by manufacturer. 34
35 FDA Regulations Prescription drug promotion must: Include drug s brand and established name (e.g., Lexapro (escitalopram oxalate)); Not be false or misleading (includes no off-label promotion); If benefits are presented, must have fair balance of risks; Be consistent with the approved product labeling the package insert (PI); Only include claims substantiated by adequate and well-controlled clinical studies; and If any safety or effectiveness claims, will need to include accompanying information (AI) (Guidance on AI forthcoming): Full PI (labeling); or A brief summary of the PI (advertising). NOTE: Boxed Warning drugs always need AI. 35
36 FDA Social Media Slow to clarify application to Rx promotion over social media. Basically, same requirements apply. No real accommodations for limited character formats. Any piece (including sponsored links) must be fairly balanced. Click through to risk information not sufficient. Link to AI. Requirements don t apply if content truly independent of manufacturer (e.g., healthcare professional providing opinion in Tweet or blog). OPDP Guidance: alproductsandtobacco/cder/ucm htm. 36
37 OIG Enforcement Anti-Kickback Federal anti-kickback law broadly prohibits giving or receiving anything of value that could affect the decision to use/prescribe a product (e.g., Rx drug) or service reimbursable by federal health insurance (including Medicare Part D). Longstanding industry interpretation, to which OIG has not objected no need to exclude federal insurance beneficiaries from scope of pharma-sponsored communications programs provided any payment to pharmacy or physician is limited to reasonable reimbursement of its direct and indirect costs of program participation. 37
38 OIG Enforcement Anti-Inducement Co-Pay Assistance Programs Federal anti-inducement law prohibits offer or provision of anything of value to an individual eligible under federal health insurance that is likely to influence individual to choose product (e.g., Rx drug) or service. New OIG Special Advisory Bulletin (Sept. 2014): Coupons need to expressly exclude federal insurance recipients from eligibility to use. If possible, federal insurance beneficiaries should not receive coupon at all. Bulletin does not set forth new interpretation and is consistent with prevailing, longstanding industry practices. 38
39 QUESTIONS? Jonathan M. Weinrieb, Esq. OFW Law Olsson Frank Weeda Terman Matz PC 600 New Hampshire Avenue, N.W. Suite 500 Washington, D.C /
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy
More informationAFTER THE OMNIBUS RULE
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates March 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy E.
More informationLegal and Privacy Implications of the HIPAA Final Omnibus Rule
Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,
More informationThe wait is over HHS releases final omnibus HIPAA privacy and security regulations
The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under
More informationHIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel
HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability
More informationManagement Alert Final HIPAA Regulations Issued
Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,
More informationHIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules
HIPAA Compliance PART I: HHS Final Omnibus HIPAA Rules Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com February 6, 2013 www.securityprivacyandthelaw.com HIPAA Compliance: PART I 1 Finally!
More informationHighlights of the Omnibus HIPAA/HITECH Final Rule
Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737
More informationCoping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!
Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,
More informationHITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government
HITECH and HIPAA: Highlights for Health Departments Aimee Wall UNC School of Government When Congress enacted sweeping legislation in February designed to stimulate the nation s economy, it incorporated
More informationACC Compliance and Ethics Committee Presentation February 19, 2013
ACC Compliance and Ethics Committee Presentation February 19, 2013 Melinda G. Murray Associate General Counsel, Holy Cross Hospital and Jill M. Girardeau Partner, Womble Carlyle Sandridge & Rice, LLP HIPAA
More informationHIPAA Enforcement Under the HITECH Act; The Gloves Come Off
HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are
More informationHIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background
More informationHIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school
ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes
More informationTo: Our Clients and Friends January 25, 2013
Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health
More informationOMNIBUS RULE ARRIVES
AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule is here Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan
More informationChanges to HIPAA Under the Omnibus Final Rule
Changes to HIPAA Under the Omnibus Final Rule Kimberly J. Kannensohn and Nathan A. Kottkamp, McGuireWoods 1 The Long-Awaited HIPAA Final Rule On Jan. 17, 2013, the Department of Health and Human Services
More informationGUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do
GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do By D Arcy Guerin Gue, Phoenix Health Systems, a division of Medsphere Systems Corporation With Steven J. Fox, Post & Schell Originally commissioned
More informationNPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH
NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH Speakers Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy and Security HIMSS lgallagher@himss.org Amy
More informationCompliance Steps for the Final HIPAA Rule
Brought to you by The Alpha Group for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions.
More informationHIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by
HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement
More informationLEGAL ISSUES IN HEALTH IT SECURITY
LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson
More informationGetting a Grip on HIPAA
Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy
More informationPreparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013
Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients
More informationOmnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule
Office of the Secretary Office for Civil Rights () HIPAA/HITECH Omnibus Final Rule April 12, 2013 HHS Office for Civil Rights Omnibus Components Final Rule on HITECH Privacy, Security, & Enforcement Provisions
More information503 SURVIVING A HIPAA BREACH INVESTIGATION
503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented
More informationMEMORANDUM. Kirk J. Nahra, or
MEMORANDUM TO: FROM: Interested Parties Kirk J. Nahra, 202.719.7335 or knahra@wileyrein.com DATE: January 28, 2013 RE: The HIPAA/HITECH Omnibus Regulation After almost four years, the Department of Health
More informationFifth National HIPAA Summit West
Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for
More informationTrue or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)
Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent
More information"HIPAA RULES AND COMPLIANCE"
PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS
More informationHIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule
HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule
More informationPreparing for a HIPAA Audit & Hot Topics in Health Care Reform
Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,
More informationCLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors
CLIENT UPDATE February 20, 2013 HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors On January 25, 2013, the U.S. Department of Health and Human Services ( DHHS )
More informationHIPAA Omnibus Rule Compliance
HIPAA Omnibus Rule Compliance Jana Aagaard, JD Senior Counsel, Privacy/HIT Dignity Health Christy Navarro, MS CIPP/US Director, Chief Privacy Officer - Ascendian 1 Overview Background What Should Be Done
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationHIPAA OMNIBUS FINAL RULE
HIPAA OMNIBUS FINAL RULE Webinar Series Part 3 Breach Notification April 16, 2013 I. BACKGROUND 2 1 Background > HIPAA Omnibus Final Rule: Announced on January 17, 2013 Published in Federal Register on
More informationMEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013
More informationARRA s Amendments to HIPAA Privacy & Security Rules
ARRA s Amendments to HIPAA Privacy & Security Rules Georgina L. O Hara Jessica R. Bernanke April 29, 2009 www.morganlewis.com Amended HIPAA Privacy and Security Rules HIPAA Amendments are in The Health
More informationO n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report
Privacy and Security Law Report Reproduced with permission from Privacy & Security Law Report, 12 PVLR 168, 02/04/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
More informationHHS, Office for Civil Rights. IAPP October 11, 2012
HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities
More informationHIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights
HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement
More informationHIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection
More informationHITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013
HITECH/HIPAA Omnibus Final Rule: Implications for Hospices Elizabeth S. Warren May 3, 2013 Final Rule is Finally Here Published January 25, 2013 (78 Fed. Reg. 5566) Effective March 26, 2013 Compliance
More informationOmnibus HIPAA Rule: Impact on Covered Entities
Presenting a live 90-minute webinar with interactive Q&A Omnibus HIPAA Rule: Impact on Covered Entities Complying with New Requirements, Managing Risk and Responding to a Data Breach TUESDAY, MARCH 12,
More informationHealth Law Diagnosis
February Page 1 of 2013 11 Health Law Diagnosis HHS Releases Final HITECH Omnibus Rule After waiting over two years from the publication of the Notice of Proposed Rulemaking to implement provisions of
More informationThe HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime
HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: UPDATE 2015 February 20, 2015 I. Executive Summary HIPAA is a federal law passed by Congress to protect medical patient data privacy from misuse or disclosure
More informationThe Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013
The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationCompliance Steps for the Final HIPAA Rule
Compliance Steps for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions. The final rule
More informationUNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP
UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA at 510-654-5383 for alternatives.
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationNew HIPAA Rules and Implications for the Industry January 29, 2013
New HIPAA Rules and Implications for the Industry January 29, 2013 **Audio for this webinar streams through the web. Please make sure the sound on your computer is turned on. If you need technical assistance,
More informationSaturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules
Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.
More information8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013
HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable
More informationARRA 2009: Privacy and Security Provisions. Deven McGraw
ARRA 2009: Privacy and Security Provisions Deven McGraw 1 Health Privacy Project at CDT Health IT and electronic health information exchange have tremendous potential to improve health care quality, reduce
More informationSATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE
SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE This newsletter summarizes the highlights of the Final Omnibus HIPAA Privacy and Security Rule announced by the Department of Health
More informationHIPAA & The Medical Practice
HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,
More informationAssessing and Mitigating Risk Under the HIPAA Omnibus Rule
Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta
More informationAssessing and Mitigating Risk Under the HIPAA Omnibus Rule
Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta
More informationIACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP
IACT Medical Trust HIPAA Privacy Training June 28, 2012 Jim Hamilton (317) 684-5419 jhamilton@boselaw.com 2009 Bose McKinney & Evans LLP HIPAA Overview 2009 Bose McKinney & Evans LLP The Privacy Rule HIPAA
More informationEnsuring HIPAA Compliance When Transmitting PHI Via Patient Portals, and Texting
Presenting a live 90-minute webinar with interactive Q&A Ensuring HIPAA Compliance When Transmitting PHI Via Patient Portals, Email and Texting Protecting Patient Privacy, Complying with State and Federal
More informationHIPAA Data Breach ITPC
HIPAA Data Breach Objectives Overview of Omnibus Rule - Data Breach Suspected Breach - Investigation Audit Risk Assessment Corrective Action Plan Written Notification Elements NYS Rules on Data Breach
More informationHIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA OMNIBUS FINAL RULE HITECH GINA TERMINOLOGY OMNIBUS FINAL RULE Issued January 23, 2013 Effective March 26, 2013 Modified HIPAA privacy and security
More informationGUIDE TO PATIENT PRIVACY AND SECURITY RULES
AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist
More informationHIPAA Compliance Under the Magnifying Glass
HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information
More informationIT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW [OBER KALER]
IT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW Publication IT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW [OBER KALER] Author James B. Wieland 2012: Issue
More informationHIPAA Privacy Overview
HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview
More informationSUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT
SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (Revised on March 1, 2016) THIS HIPAA SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into on (the Effective Date ), by and between ( EMR ),
More information6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group
855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 HIPAA Compliance Simplified Marc Haskelson, President Compliancy Group Agenda Why HIPAA? Common misunderstandings What is a Audit? Real World Stories
More informationBreach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule
Breach Policy To provide guidance for breach notification when impressive or unauthorized access, acquisition, use and/or disclosure of the ephi occurs. Breach notification will be carried out in compliance
More informationHayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule
Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA
More informationNew HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda
New HIPAA Breach Rules NAHU presents the WHAT and WHYs Presenters: David Smith JD, Vice President, Ebenconcepts Tom Jacobs JD, co-ceo eflexgroup Moderator: Ric Joyner CEBS CFCI, co-ceo, eflexgroup 1 Agenda
More informationGUIDANCE ON HIPAA & CLOUD COMPUTING
GUIDANCE ON HIPAA & CLOUD COMPUTING http://www.hhs.gov/hipaa/for-professionals/special-topics/cloudcomputing/index.html January 26, 2017 Health Care Cloud Coalition Deven McGraw, Deputy Director, Health
More informationManufacturer Patient Support Initiatives: Current Practices and Recent Challenges. Andrew Ruskin Morgan Lewis
Intersecting Worlds of Drug, Device, Biologics and Health Law AHLA/FDLI May 22, 2012 Manufacturer Patient Support Initiatives: Current Practices and Recent Challenges by Andrew Ruskin Morgan Lewis The
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationAuditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees
Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees San Antonio IIA: I HEART AUDIT CONFERENCE February 24,
More informationHIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities
Health Care Focus March 2013 HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Peggy L. Barlett 608.284.2214 pbarlett@gklaw.com M. Scott LeBlanc 414.287.9614 sleblanc@gklaw.com
More informationCompliance. TODAY May Meet Scott Killingsworth. Partner in the Atlanta offices of Bryan Cave LLP. See page 16
Compliance TODAY May 2013 a publication of the health care compliance association www.hcca-info.org Meet Scott Killingsworth Partner in the Atlanta offices of Bryan Cave LLP See page 16 25 Medicare Coverage
More informationKey Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style
Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style July 27, 2016 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP hcarnell@mcguirewoods.com
More informationAn Overview of the Impact of the American Recovery and Reinvestment Act of 2009 on the HIPAA Medical Privacy and Security Rules
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. An Overview of the Impact of the American Recovery and Reinvestment Act of 2009 on the HIPAA Medical Privacy and Security Rules Alden J. Bianchi Updated
More informationHIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA
HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA ALLISON SHUREN, J D, MSN Financial Disclosure Gerald Meltzer is a consultant for imedicware Allison Shuren co-chairs the Life Sciences and Healthcare Regulatory
More informationSupplemental Special Advisory Bulletin: Independent Charity. Patients who cannot afford their cost-sharing obligations
Supplemental Special Advisory Bulletin: Independent Charity Patient Assistance Programs I. Introduction Patients who cannot afford their cost-sharing obligations for prescription drugs may be able to obtain
More informationBusiness Associate Risk
Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation
More informationHIPAA: Impact on Corporate Compliance
HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal
More informationICAHN Presentation. Final Omnibus Rule and Security Risk Analysis. July 26, David Ginsberg
ICAHN Presentation Final Omnibus Rule and Security Risk Analysis July 26, 2013 David Ginsberg PrivaPlan Associates, Inc. PrivaPlan Associates, Inc. is the leading authority in HIPAA Privacy and Security
More informationHIPAA Omnibus Final Rule and Research
Office of the Secretary Office for Civil Rights () HIPAA Omnibus Final Rule and Research Federal Demonstration Partnership September 17, 2013 Christina Heide, JD Senior Health Information Privacy Policy
More informationHIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.
HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,
More information[Name of Organization] HIPAA Incident/Breach Investigation Procedure 4
Addendum II [Name of Organization] HIPAA Incident/Breach Investigation Procedure 4 I. Purpose To distinguish between (1) cases in which our HIPAA policy was not correctly followed but such violation did
More informationColorado Medical Society. June 3, Presented by David A. Ginsberg President, PrivaPlan Associates, Inc.
Colorado Medical Society The HIPAA OMNIBUS RULE June 3, 2013 Presented by David A. Ginsberg President, PrivaPlan Associates, Inc. Agenda The HIPAA Omnibus Rule - a high level overview Effective dates SpeciLic
More informationVOL. 0, NO. 0 JANUARY 23, 2013
Health IT Law & Industry Report VOL. 0, NO. 0 JANUARY 23, 2013 Reproduced with permission from Health IT Law & Industry Report, 5 HILN 4, 01/23/2013. Copyright 2013 by The Bureau of National Affairs, Inc.
More information2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.
HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,
More informationWhat Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers?
Visit our Practice Group blog: www.workplaceprivacycounsel.com What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers? Philip L. Gordon, Esq. Littler Mendelson,
More informationPATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS
PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached
More informationPharmaceutical Regulatory and Compliance Congress
Pharmaceutical Regulatory and Compliance Congress Dean Forbes, Esq. Director of Corporate Privacy Global Compliance and Business Practices November 16, 2004 1 IPPC What is the IPPC? The International Pharmaceutical
More informationHIPAA Compliance for Business Associates ISBA Health Law Symposium October 10, 2017
HIPAA Compliance for Business Associates ISBA Health Law Symposium October 10, 2017 Presenters: Isaac M. Willett & Doriann H. Cain Business Associates & HIPAA in 2017 Increasing focus on business associates
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationReedSmith. The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived. Reed Smith Client Alert
The business of relationships. SM Reed Smith Client Alert The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived Written by Brad M. Rostolsky, Nancy E. Bonifant, Salvatore
More information