HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

Size: px
Start display at page:

Download "HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia"

Transcription

1 HIPAA in the Digital Age Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

2 Virginia MGMA reminds attendees that the program is not intended to provide legal advice and advises participants to obtain such advice from their own legal counsel who is more familiar with their particular situation.

3 Healthcare Insurance Portability and Accountability Act

4 Background and History of HIPAA Signed into law by Bill Clinton in 1996 Original Objectives: Improve portability and accountability of health insurance coverage for employees changing jobs Bring individual privacy rights to patients Require providers to notify patients of their rights Eliminate fraud, waste and abuse in healthcare

5 How did we get from there to here?

6 2003 Updates Privacy, Security, and Enforcement Rules enacted Gave individuals rights regarding their protected health information (PHI) PHI includes any individually identifiable health information Examples names, addresses, Social Security Numbers, addresses, etc. Set national privacy standards for protecting information Addressed covered entities compliance with these Rules

7 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) Entities transitioned from paper-based medical records to electronic health records (EHR) Addressed the electronic transmission of PHI and the security concerns associated with e-transmission Business Associates Limitations on the sale of PHI, marketing, and fundraising communications

8 2013 Final Omnibus Rule Updates to Security and Breach notification Larger penalties Direct application of Privacy and Security Rules to business associates = direct liability for business associates

9 Business Associates A person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. Or a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate. A contractor is a BA if it uses, receives, discloses, or maintains PHI.

10 Examples of BAs: Claims processors Accounting firms Attorneys Consultants IT companies Shredding services Billing companies Medical transcription Business Associates

11 Examples of Non-BAs: Business Associates Employees of the covered entity Other healthcare providers treating patients Vendors not handling PHI as part of their job Examples Cleaning company, software provider, etc. Entities not acting on behalf of the covered entity Entities acting on their own behalf or on the behalf of the patient

12 Business Associates - Contracts BAs are held to the same standard as Covered Entities. Covered entities enter into contracts with BAs to ensure that the they will appropriately safeguard protected health information. Contracts also clarify and limit, as appropriate, the permissible uses and disclosures of PHI by the BA, based on the relationship between the parties and the activities or services the business associate is performing. Contracts are required Office of Civil Rights (OCR) has penalized Covered Entities for failing to implement a BA agreement

13 HIPAA enforcement has been strengthened over the years Recently, this has led to increased OCR audits Phased audits Desk audits vs. onsite audits Enforcement Covered entities and business associates can be audited

14 Penalties For HIPAA Violations

15 Civil Penalties For disclosures of PHI, each individual constitutes a separate violation. Example A computer stolen from a vehicle contains the PHI of 5,250 patients. This constitutes 5,250 violations of HIPAA. For a failure to implement policies, each day the policy was not implemented is a separate violation. Example An entity has been in noncompliance with the HIPAA Security Rule for one year. This would amount to 365 violations. This continuing violations concept allows for stacked penalties. There are maximum penalties.

16 Civil Penalties $100-$50,000 minimum range Maximum penalty assessed per covered entity is $1.5 million per calendar year for all violations of an identical HIPAA provision Four tiers of Civil Penalties

17 Tier One Penalties Covered entity or individual did not know of the act that violated HIPAA - and by exercising reasonable diligence would not have known. Penalties range from $100 - $50,000 for each violation. Maximum penalty of $1.5 million for all violations of identical HIPAA provision during a calendar year.

18 Tier Two Penalties Violations with reasonable causes that were not due to covered entity s willful neglect. Penalties range from $1,000 - $50,000 for each violation. Maximum penalty of $1.5 million for all violations of identical HIPAA provision during a calendar year.

19 Tier Three Penalties Violations due to the willful neglect of the covered entity, but the violation was corrected within the required time period. Penalties range from $10,000 - $50,000 for each violation. Maximum penalty of $1.5 million for all violations of identical HIPAA provision during a calendar year.

20 Tier Four Penalties Violations due to the willful neglect of the covered entity, and were not corrected by the covered entity within the required time period. Penalties range from $50,000 or more for each violation. Maximum penalty of $1.5 million for all violations of identical HIPAA provision during a calendar year.

21 Criminal Penalties Unknowingly or with reasonable cause Up to 1-year sentence Under false pretenses Up to 5-year sentence For personal gain or malicious reasons Up to 10-year sentence

22 Recent OCR Resolutions for HIPAA Violations

23 The Case of the Stolen Laptop CardioNet, a Pennsylvania company, reported that an employee s laptop was stolen from a parked vehicle outside of the employee s home. The laptop contained the ephi of 1,391 individuals. OCR s investigation into the impermissible disclosure revealed that CardioNet had an insufficient risk analysis and risk management processes in place at the time of the theft.

24 CardioNet s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented. CardioNet was unable to produce any final policies or procedures regarding the implementation of safeguards for ephi, including those for mobile devices.

25 CardioNet paid a $2.5 million settlement. HHS says not understanding HIPAA requirements creates risk.

26 Mobile devices in the healthcare sector remain particularly vulnerable to theft and loss, said Roger Severino, OCR Director. Failure to implement mobile device security by Covered Entities and Business Associates puts individuals sensitive health information at risk. This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.

27 The Case of the Stolen USB Drive MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) is a subsidiary company of a global multinational insurance company. It underwrites and administers a variety of insurance products and services in Puerto Rico, including personal and group health insurance plans.

28 On September 29, 2011, MAPFRE filed a breach report with OCR indicating that a USB data storage device (described as a pen drive ) containing ephi was stolen from its IT department, where the device was left without safeguards overnight. According to the report, the USB data storage device included complete names, dates of birth and Social Security numbers. report noted that the breach affected 2,209 individuals. The MAPFRE informed OCR that it was able to identify the breached ephi by reconstituting the data on the computer on which the USB data storage device was attached.

29 OCR s investigation revealed MAPFRE s noncompliance with the HIPAA Rules, specifically a failure to conduct its risk analysis and implement risk management plans, contrary to its prior representations, and a failure to deploy encryption or an equivalent alternative measure on its laptops and removable storage media until September 1, MAPFRE also failed to implement or delayed implementing other corrective measures it informed OCR it would undertake.

30 $2.2 million HIPAA settlement demonstrates importance of implementing safeguards for ephi. Covered entities must not only make assessments to safeguard ephi, they must act on those assessments as well, said OCR Director Jocelyn Samuels. OCR works tirelessly and collaboratively with covered entities to set clear expectations and consequences. 01/18/hipaa-settlement-demonstrates-importance-implementingsafeguards-ephi.html

31 The Case of the Disabled Firewall Idaho State University operates 29 outpatient clinics, for which it provides health information technology systems security. Due to the disabling of firewall protections at servers maintained by ISU, the ephi of approximately 17,500 patients was unsecured for at least 10 months.

32 OCR opened an investigation after ISU notified HHS of the breach. OCR s investigation indicated that ISU s risk analyses and assessments of its clinics were incomplete and inadequately identified potential risks or vulnerabilities. ISU did not assess the likelihood of potential risks occurring.

33 OCR concluded that ISU did not apply proper security measures and policies to address risks to ephi. OCR found that ISU did not have procedures for routine review of their information system in place, which could have detected the firewall breach sooner. ISU has agreed to a comprehensive corrective action plan to address the issues uncovered by the investigation and its failure to ensure uniform implementation of required HIPAA Security Rule protections at each of its covered clinics.

34 $400,000 was paid by ISU to settle the alleged Security Rule violations. Risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program, said OCR Director Leon Rodriguez. Proper security measures and policies help mitigate potential risk to patient information.

35 HIPAA in the Digital Age Addressing HIPAA Requirements in the Face of Changing Technology

36 ephi and HIPAA ephi = individually identifiable protected health information sent or stored electronically Examples PHI sent using , stored on a computer, sent via text message, etc. Privacy and Security Rules are both important when analyzing your practice s ephi protections.

37 HIPAA Privacy Rule

38 HIPAA Privacy Rule Addresses the use and disclosure of individuals health information by covered entities, as well as standards for individuals' privacy rights to understand and control how their health information is used. Assures that individuals health information is properly protected while allowing the flow of health information needed to provide and promote high quality healthcare and to protect the public's health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Flexible and comprehensive to cover the variety of uses and disclosures of PHI.

39 Uses and disclosures of protected health information: General rules. A covered entity is permitted to use or disclose protected health information as follows: (i) To the individual; (ii) For treatment, payment, or healthcare operations ; (iii) Incident to a use or disclosure otherwise permitted or required by this subpart ; (iv) pursuant to and in compliance with valid authorization ; (v) Pursuant to an agreement under, or as otherwise permitted by, ; and (vi) As permitted by and in compliance with this section, , (e), (f), or (g);

40

41 HIPAA Security Rule

42 HIPAA Security Rule Requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-phi. Covered entities must: Ensure confidentiality, integrity, and availability of all e-phi; Identify and protect against security threats; Protect against disclosures and impermissible uses; Ensure staff compliance.

43 Security standards: General rules. Covered entities and business associates must do the following: (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits. (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. (3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part. (4) Ensure compliance with this subpart by its workforce.

44 (b) Flexibility of approach. (1) Covered entities and business associates may use any security measures that allow the covered entity or business associate to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart. (2) In deciding which security measures to use, a covered entity or business associate must take into account the following factors: (i) The size, complexity, and capabilities of the covered entity or business associate. (ii) The covered entity's or the business associate's technical infrastructure, hardware, and software security capabilities. (iii) The costs of security measures. (iv) The probability and criticality of potential risks to electronic protected health information.

45 Size and complexity of the covered entity matters! OCR does not expect the same level of sophistication from all entities vs.

46 How to comply with HIPAA for ephi First step assess your risk to determine potential areas of concern for your entity s ephi Perform a HIPAA Risk Analysis required for HIPAA Compliance Risk Assessment Tool Available at:

47 HIPAA Risk Analysis (a)(1)(ii)(A) states: RISK ANALYSIS (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].

48 The following questions adapted from NIST Special Publication (SP) are examples organizations could consider as part of a risk analysis. These sample questions are identify issues an organization may wish to consider in implementing the Security Rule: Have you identified the e-phi within your organization? This includes e-phi that you create, receive, maintain or transmit. What are the external sources of e-phi? For example, do vendors or consultants create, receive, maintain or transmit e- PHI? What are the human, natural, and environmental threats to information systems that contain e-phi?

49 HIPAA Quiz Brought to you by HHS

50 Guidance and Tips for a HIPAA-Compliant Practice

51 HHS Cloud Computing Guidance HHS has issued guidance specific to Cloud Computing This guidance and HHS s answers to specific questions related to Cloud Computing is located at:

52 HHS Ransomware Guidance HHS has issued guidance specific to Ransomware This guidance regarding Ransomware is located at:

53 Personal devices and PHI Benefits to using personal devices Accessibility Preference from providers/staff Ease of use Inexpensive Can use anywhere Telework for providers

54 Personal devices and PHI Drawbacks to using personal devices Theft of device Who owns the device or is responsible for purchasing? Who maintains or repairs the device? Compatibility among companies i.e. P.C. vs. Mac

55 Guidance from HHS on Mobile Devices Government run website providing helpful resources on technology issues

56 Use a password or other authentication Combine password with fingerprint I.D. on phones Require that passwords are changed regularly Implement strong policies and procedures no sharing of passwords

57 Install and enable data encryption Protect stored data on mobile devices Full disk encryption for mobile phones, USBs and computers Protect transmitted data Encryption for texting and ing of PHI.

58 Install and enable encryption Third party text encryption Useful in verifying the identity of sender and receiver and provide secure messaging platform TigerText DocsInk OhMD MEDX Imprivata Cortext Vocera

59 Install and enable encryption Third party encryption working to verify identity, provide secure messaging platform, and encrypt content Citrix Appriver NeoCertified Pros PauBox

60 Install and activate remote wiping and/or remote disabling Should a phone or computer be lost or stolen, remote protections for your device are crucial Recall the two examples during the beginning of the presentation Stolen USB and stolen laptop Remote tracking is additionally useful Mitigate theft risk by password and fingerprint protecting

61 Technology Fixes to Promote Security and Help Ensure HIPAA Compliance Secure the server or use a cloud-based protected program Do not store ephi on flash drives or portable disks Update passwords regularly Implement HIPAA policies and procedures Train staff on these policies and procedures

62 Technology Fixes to Promote Security and Help Ensure HIPAA Compliance Disable and do not install or use file sharing applications Install and enable a firewall file sharing applications Install and enable security software Keep the software up to date Wipe devices when no longer using Physical protection for devices

63 Additional Tips to Help Ensure HIPAA Compliance Perform required security risk assessment to identify weaknesses in your plan Yearly risk assessments as your needs change Develop office policies and procedures Educate and train staff on policies and procedures Mandate continuing education Have a HIPAA Champion on your team

64 OCR Audits Increased in numbers in recent years What are auditors looking for? The Phase 2 HIPAA Audit Program reviews the policies and procedures adopted and employed by covered entities and business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. These analyses are conducted using a comprehensive audit protocol that has been updated to reflect the Omnibus Final Rule.

65 OCR Audits OCR Audit Protocol is available online

66 Conclusion

67 Questions?

68 Contact Information Anisa P. Kelley Rachel P. Maryan (703)

ARE YOU HIP WITH HIPAA?

ARE YOU HIP WITH HIPAA? ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined

More information

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA ALLISON SHUREN, J D, MSN Financial Disclosure Gerald Meltzer is a consultant for imedicware Allison Shuren co-chairs the Life Sciences and Healthcare Regulatory

More information

HIPAA Compliance Guide

HIPAA Compliance Guide This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your

More information

Determining Whether You Are a Business Associate

Determining Whether You Are a Business Associate The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information

More information

The Privacy Rule. Health insurance Portability & Accountability Act

The Privacy Rule. Health insurance Portability & Accountability Act The Privacy Rule Health insurance Portability & Accountability Act Enacted on August 21, 1996 to amend the Internal Revenue Code of 1986 To improve portability and continuity of health insurance coverage

More information

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know? HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS What do I need to know? INITIAL AUDITS PERFORMED IN 2016 Covered Entities Business associates AUDIT PURPOSE: SUPPORT IMPROVED COMPLIANCE

More information

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,

More information

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement

More information

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group 855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 HIPAA Compliance Simplified Marc Haskelson, President Compliancy Group Agenda Why HIPAA? Common misunderstandings What is a Audit? Real World Stories

More information

LEGAL ISSUES IN HEALTH IT SECURITY

LEGAL ISSUES IN HEALTH IT SECURITY LEGAL ISSUES IN HEALTH IT SECURITY Webinar Hosted by Uluro, a Product of Transformations, Inc. March 28, 2013 Presented by: Kathie McDonald-McClure, Esq. Wyatt, Tarrant & Combs, LLP 500 West Jefferson

More information

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees San Antonio IIA: I HEART AUDIT CONFERENCE February 24,

More information

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile

More information

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013 HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable

More information

Business Associate Risk

Business Associate Risk Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation

More information

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice

More information

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15) Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent

More information

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement

More information

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA

More information

2016 Business Associate Workforce Member HIPAA Training Handbook

2016 Business Associate Workforce Member HIPAA Training Handbook 2016 Business Associate Workforce Member HIPAA Training Handbook Using the Training Handbook The material in this handbook is designed to deliver required initial, and/or annual HIPAA training for all

More information

HIPAA Privacy & Security. Transportation Providers 2017

HIPAA Privacy & Security. Transportation Providers 2017 HIPAA Privacy & Security Transportation Providers 2017 HIPAA Privacy & Security As a non emergency medical transportation provider, you deal directly with Medicare and Medicaid Members healthcare information

More information

To: Our Clients and Friends January 25, 2013

To: Our Clients and Friends January 25, 2013 Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health

More information

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com

More information

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available   group. Industry leading Education Certified Partner Program Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Past webinars and recordings http://compliancy- group.com/webinar/

More information

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation HIPAA UPDATE: WHY AND HOW YOU MUST COMPLY 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its long-awaited Omnibus Rule 2 implementing regulations required by the HITECH Act

More information

HEALTHCARE BREACH TRIAGE

HEALTHCARE BREACH TRIAGE IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards

More information

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional) HIPAA Infection Control OSHA Dental Practice Act HIPAA What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional) In the dental field since 1972, Leslie

More information

The Security Risk Analysis Requirement for MIPS. August 8, 2017, 2:00 p.m. to 3:00 p.m. ET Peter Mercuri, Practice Transformation Specialist

The Security Risk Analysis Requirement for MIPS. August 8, 2017, 2:00 p.m. to 3:00 p.m. ET Peter Mercuri, Practice Transformation Specialist The Security Risk Analysis Requirement for MIPS August 8, 2017, 2:00 p.m. to 3:00 p.m. ET Peter Mercuri, Practice Transformation Specialist Today s Speaker Peter Mercuri Peter Mercuri, MBA, HCISPP, CHSA,CMQP,CEHR,CHTS,CHWP

More information

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.

More information

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: UPDATE 2015 February 20, 2015 I. Executive Summary HIPAA is a federal law passed by Congress to protect medical patient data privacy from misuse or disclosure

More information

503 SURVIVING A HIPAA BREACH INVESTIGATION

503 SURVIVING A HIPAA BREACH INVESTIGATION 503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,

More information

HIPAA COMPLIANCE. for Small & Mid-Size Practices

HIPAA COMPLIANCE. for Small & Mid-Size Practices HIPAA COMPLIANCE for Small & Mid-Size Practices Golden State Web Solutions 619.825.GSWS (4797) INTRODUCTION Most individuals reading this are interested in HIPAA, GSWS, or some combination of the two;

More information

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability

More information

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas

More information

AFTER THE OMNIBUS RULE

AFTER THE OMNIBUS RULE AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member

More information

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc HIPAA Overview Health Insurance Portability and Accountability Act Premier Senior Marketing, Inc HIPAA Defined Acronym that stands for the Health Insurance Portability and Accountability Act, a US law

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

AMA Practice Management Center, What you need to know about the new health privacy and security requirements 1. HIPAA Security Rule Johns, Merida L., Information Security, in Johns, Merida L. (ed.) Health Information Management Technology, an Applied Approach, AHIMA: Chicago, IL, 2nd ed. 2007, chapter 19, pp.

More information

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

The wait is over HHS releases final omnibus HIPAA privacy and security regulations The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under

More information

HIPAA: Impact on Corporate Compliance

HIPAA: Impact on Corporate Compliance HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal

More information

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style July 27, 2016 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP hcarnell@mcguirewoods.com

More information

HIPAA Compliance Under the Magnifying Glass

HIPAA Compliance Under the Magnifying Glass HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information

More information

HHS, Office for Civil Rights. IAPP October 11, 2012

HHS, Office for Civil Rights. IAPP October 11, 2012 HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities

More information

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background

More information

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) Delhaize America, LLC Pharmacies and Welfare Benefit Plan 2013 Health Information Security and Procedures (As

More information

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment

More information

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know 1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE January 3, I. Executive Summary.

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE January 3, I. Executive Summary. HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE 2017 January 3, 2017 I. Executive Summary. The Health Insurance Portability and Accountability Act ( HIPAA ) is

More information

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996. What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996. HIPAA stands for Health Insurance Portability and Accountability

More information

1 Security 101 for Covered Entities

1 Security 101 for Covered Entities HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

"HIPAA RULES AND COMPLIANCE"

HIPAA RULES AND COMPLIANCE PRESENTER'S GUIDE "HIPAA RULES AND COMPLIANCE" Training for HIPAA REGULATIONS Quality Safety and Health Products, for Today...and Tomorrow OUTLINE OF MAJOR PROGRAM POINTS OUTLINE OF MAJOR PROGRAM POINTS

More information

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA / HITECH. Ed Massey Affiliated Marketing Group HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health

More information

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates

More information

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205) HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information

More information

Privacy Rule Primer. 45 CFR Part 160 and Subparts A and E of Part CFR , 45 CFR CFR

Privacy Rule Primer. 45 CFR Part 160 and Subparts A and E of Part CFR , 45 CFR CFR Resource provided by Page 1 of 10 Contents I. The Privacy Rule The Fundamental HIPAA Rule... 1 II. Privacy Rule Overview... 1 III. Privacy Rule Standards and Implementation Specifications Covered in Section

More information

How to mitigate risks, liabilities and costs of data breach of health information by third parties

How to mitigate risks, liabilities and costs of data breach of health information by third parties How to mitigate risks, liabilities and costs of data breach of health information by third parties April 17, 2012 ID Experts Webinar www.idexpertscorp.com Rick Kam President and Co-Founder richard.kam@idexpertscorp.com

More information

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY LEGAL ISSUES IN PHYSICAL THERAPY Paul J. Welk, PT, JD Tucker Arensberg, P.C. pwelk@tuckerlaw.com 2017 PHCA Annual Convention 1 Disclaimer The purpose of this presentation is to provide a general overview

More information

HIPAA Background and History

HIPAA Background and History Agenda Jeffery P. Drummond Lawyers as HIPAA Business Associates: Ethical Obligations and Practical Tips for Compliance Dallas Bar Association January 17, 2018 Jamie Sorley An Overview of HIPAA The Privacy

More information

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes

More information

Future of Healthcare in Washington April 2, Christiansen IT Law

Future of Healthcare in Washington April 2, Christiansen IT Law An Ounce (or More) of Prevention: Getting Ready for OCR Breach Notification and Regulatory Investigations. Future of Healthcare in Washington April 2, 2014 Presenter CV John R. Christiansen, J.D. - Christiansen

More information

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure

More information

HIPAA and Lawyers: Your stakes have just been raised

HIPAA and Lawyers: Your stakes have just been raised HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory

More information

It s as AWESOME as You Think It Is!

It s as AWESOME as You Think It Is! It s as AWESOME as You Think It Is! Fine Print This presentation and any materials and/or comments are training and educational in nature only. They do not establish an attorney-client relationship, are

More information

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

NOTIFICATION OF PRIVACY AND SECURITY BREACHES NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally

More information

GUIDANCE ON HIPAA & CLOUD COMPUTING

GUIDANCE ON HIPAA & CLOUD COMPUTING GUIDANCE ON HIPAA & CLOUD COMPUTING http://www.hhs.gov/hipaa/for-professionals/special-topics/cloudcomputing/index.html January 26, 2017 Health Care Cloud Coalition Deven McGraw, Deputy Director, Health

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection

More information

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

Legal and Privacy Implications of the HIPAA Final Omnibus Rule Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,

More information

HIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.

HIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102a What You Don t Know About HIPAA Privacy and Security Can Really Hurt You! Revision 2015 Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) About Myself - Jack Kolk, CEO

More information

Meaningful Use Requirement for HIPAA Security Risk Assessment

Meaningful Use Requirement for HIPAA Security Risk Assessment Meaningful Use Requirement for HIPAA Security Risk Assessment The MU attestation requirement does not state that any gaps must be resolved prior to meaningful use attestation. Mary Sirois, MBA, PT, CPHIMSS

More information

Effective Date: 4/3/17

Effective Date: 4/3/17 HIPAA AND HITECH ADM 067.4 Attachment D Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule Health Information Technology for Economic and Clinical Health (HITECH)

More information

Ensuring HIPAA Compliance When Transmitting PHI Via Patient Portals, and Texting

Ensuring HIPAA Compliance When Transmitting PHI Via Patient Portals,  and Texting Presenting a live 90-minute webinar with interactive Q&A Ensuring HIPAA Compliance When Transmitting PHI Via Patient Portals, Email and Texting Protecting Patient Privacy, Complying with State and Federal

More information

Negotiating Business Associate Agreements

Negotiating Business Associate Agreements Negotiating Business Associate Agreements February 19, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON, DC About HIPAA HIPAA is a federal

More information

HIPAA Privacy, Breach, & Security Rules

HIPAA Privacy, Breach, & Security Rules HIPAA Privacy, Breach, & Security Rules An Eagle Associates Presentation Eagle Associates, Inc. www.eagleassociates.net info@eagleassociates.net P.O. Box 1356 Ann Arbor, MI 48106 800-777-2337 Eagle Associates,

More information

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA The Health Insurance Portability and Accountability Act of 1996 HIPAA The Health Insurance Portability and Accountability Act of 1996 Results Physiotherapy s policy regarding privacy and security of protected health information (PHI) is a reflection of our commitment

More information

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT HIPAA OMNIBUS FINAL RULE HITECH GINA TERMINOLOGY OMNIBUS FINAL RULE Issued January 23, 2013 Effective March 26, 2013 Modified HIPAA privacy and security

More information

HIPAA, Privacy, and Security Oh My!

HIPAA, Privacy, and Security Oh My! 2014 CliftonLarsonAllen LLP HIPAA, Privacy, and Security Oh My! Chad D. Kunze CPA Health Care Principal Phoenix, AZ CLAconnect.com Learning Objectives At the end of this learning session, you will be able

More information

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V. HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES January 23, 2014 I. Executive Summary I: The HIPAA Final Rule

More information

How to Cut Down on Security Risks:

How to Cut Down on Security Risks: How to Cut Down on Security Risks: What You Don t Know About HIPAA Security October 29, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com Presented by Adam Solander Member of the Firm

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

HIPAA Final Omnibus Rule Playbook

HIPAA Final Omnibus Rule Playbook DOWNLOADABLE GUIDE HIPAA Final Omnibus Rule Playbook Your Ticket to Winning the Compliance Game Offensive Plays HIPAA Privacy Rule Defensive Plays HIPAA Security Rule Special Team Plays Breach Notification

More information

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors CLIENT UPDATE February 20, 2013 HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors On January 25, 2013, the U.S. Department of Health and Human Services ( DHHS )

More information

March 1. HIPAA Privacy Policy

March 1. HIPAA Privacy Policy March 1 HIPAA Privacy Policy 2016 1 PRIVACY POLICY STATEMENT Purpose: The following privacy policy is adopted by the Florida College System Risk Management Consortium (FCSRMC) Health Program and its member

More information

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Health Care Focus March 2013 HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Peggy L. Barlett 608.284.2214 pbarlett@gklaw.com M. Scott LeBlanc 414.287.9614 sleblanc@gklaw.com

More information

Highlights of the Omnibus HIPAA/HITECH Final Rule

Highlights of the Omnibus HIPAA/HITECH Final Rule Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737

More information

Getting a Grip on HIPAA

Getting a Grip on HIPAA Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy

More information

Cyber, Data Risk and Media Insurance Application form

Cyber, Data Risk and Media Insurance Application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached

More information

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014. HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,

More information

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense View the Replay on YouTube HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense FairWarning Ready Executive Webinar Series June 4, 2013 Agenda HIPAA Omnibus Rule s effects on future enforcement

More information

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017 HIPAA Tool Kit 2017 Contents Introduction...1 About This Manual... 1 A Word About Covered Entities... 1 A Brief Refresher Course on HIPAA... 2 A Brief Update on HIPAA... 2 Progress Report... 4 Ongoing

More information

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners 2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners Providers, and Partners 2 Editor s Foreword What follows are excerpts from the U.S. Department of Health and

More information

H 7789 S T A T E O F R H O D E I S L A N D

H 7789 S T A T E O F R H O D E I S L A N D ======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives

More information

HIPAA Security How secure and compliant are you from this 5 letter word?

HIPAA Security How secure and compliant are you from this 5 letter word? HIPAA Security How secure and compliant are you from this 5 letter word? January 29, 2014 www.prnadvisors.com 1 1 About me Over 20 Years in IT as hand-on leader Implemented EMR s of all sizes for Hospitals,

More information

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC Understanding Cyber Risk in the Dental Office Melissa Moore Sanchez, CIC Data Breaches are Escalating Between February 5, 2005 and May 26, 2012 561,465,563 records containing sensitive personal information

More information

The Audits are coming!

The Audits are coming! HIPAA and Meaningful Use (MU) Governmental Program Audits The Audits are coming! The Audits are coming! 1 Audit Readiness Meaningful Use and HIPAA Both CMS and the Office for Civil Rights (OCR) have been

More information

"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA

HIPAA FOR LAW FIRMS WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA "HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA Jeanne M. Born, RN, JD SOUTH CAROLINA ASSOCIATION OF LEGAL ADMINISTRATORS THURSDAY, APRIL 14, 2016 Jborn@nexsenpruet.com What Every Law

More information

Georgia Health Information Network, Inc. Georgia ConnectedCare Policies

Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Version History Effective Date: August 28, 2013 Revision Date: August 2014 Originating Work Unit: Health Information Technology Health

More information

Management Alert Final HIPAA Regulations Issued

Management Alert Final HIPAA Regulations Issued Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,

More information