Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

Similar documents
Business Associates: How to become HIPAA compliant, increase revenue, and gain new clients

The Privacy Rule. Health insurance Portability & Accountability Act

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

HHS, Office for Civil Rights. IAPP October 11, 2012

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

HIPAA and Lawyers: Your stakes have just been raised

AFTER THE OMNIBUS RULE

HIPAA Compliance Guide

Determining Whether You Are a Business Associate

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

LEGAL ISSUES IN HEALTH IT SECURITY

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

HEALTHCARE BREACH TRIAGE

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense

ARE YOU HIP WITH HIPAA?

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

Getting a Grip on HIPAA

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

The Audits are coming!

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

HIPAA Background and History

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

Highlights of the Omnibus HIPAA/HITECH Final Rule

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

HIPAA Compliance Under the Magnifying Glass

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA & The Medical Practice

HIPAA OMNIBUS FINAL RULE

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

ARRA s Amendments to HIPAA Privacy & Security Rules

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

HIPAA: Impact on Corporate Compliance

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

To: Our Clients and Friends January 25, 2013

BUSINESS ASSOCIATE AGREEMENT

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

Be Careful What You Wish For: The Final Rule Is Out

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

2016 Business Associate Workforce Member HIPAA Training Handbook

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

New HIPAA Rules and Implications for the Industry January 29, 2013

HIPAA Compliance for Business Associates ISBA Health Law Symposium October 10, 2017

OMNIBUS RULE ARRIVES

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

Health Law Diagnosis

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

Omnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule

ACC Compliance and Ethics Committee Presentation February 19, 2013

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

RISK ANALYSIS VERSUS RISK ASSESSMENT:

Omnibus Rule: HIPAA 2.0 for Law Firms

HIPAA The Health Insurance Portability and Accountability Act of 1996

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

Effective Date: 4/3/17

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

HIPAA Privacy & Security. Transportation Providers 2017

HIPAA Privacy Overview

HIPAA Omnibus Final Rule and Research

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

HIPAA Final Omnibus Rule Playbook

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

ARRA 2009: Privacy and Security Provisions. Deven McGraw

HIPAA COMPLIANCE. for Small & Mid-Size Practices

Management Alert Final HIPAA Regulations Issued

HIPAA Security How secure and compliant are you from this 5 letter word?

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

HIPAA Omnibus Rule Compliance

Presented by Marti Arvin Chief Compliance Officer UCLA Health Sciences

Transcription:

Industry leading Education Certified Partner Program Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Past webinars and recordings http://compliancy- group.com/webinar/ 855.85HIPAA www.compliancygroup.com

HIPAA New Final Omnibus Rule: Key Business Associate Implications for Your Organization

Your Presenter A.J. (Andy) Weitzberg President of HIPAA Continuity Planners President of the Association of Contingency Planners Long Island Chapter

History Health Insurance Portability and Accountability Act (HIPAA)of 1996 The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 Omnibus Rule of 2013

Omnibus Rule conforms HIPAA regulations to HITECH Act changes: Before HITECH, BAs regulated through business associate contracts or agreements ("BAAs") After HITECH, BAs and subcontractors are now regulated directly under HIPAA, therefore they: Must comply with Security Rules Must comply with some of Privacy Rule and provisions of BAA

By the Numbers 2009 through 2012* 538 breaches of protected health information (PHI) 21,408,505 patient health records affected 21.5% increase in # of large breaches in 2012 over 2011 77% decrease in # of patient records impacted 67% of all breaches have been the result of theft or loss 57% of all patient records breached involved a business associate Business associates have impacted 5 X times as many patient records as those at a covered entity 38% of incidents were as a result of an unencrypted laptop or other portable electronic device 63.9% percent of total records breached in 2012 resulted from the 5 largest incidents 780,000 number of records breached in the single largest incident of 2012 *These numbers include breaches that affected >500 individuals and were reported to HHS from August 2009 to January 17, 2013.

Expanded definition of Business Associates "Business associate : one who, on behalf of a covered entity creates, receives, maintains or transmits PHI* Status as BA based upon role and responsibilities, not upon who are the parties to the contract Contract between the covered entity's BA and that BA's subcontractor must satisfy the BA agreement requirements Subcontractor of business associate: one who creates, receives, maintains or transmits PHI* on behalf of a business associate *Personal Health Information

Business Associate - Consequences Secretary (HHS) authorized to receive and investigate complaints against BAs (including subcontractors), and to take action regarding complaints and noncompliance BAs (incl. subs) required to maintain records and submit compliance reports to Secretary, cooperate in complaint investigations and compliance reviews, give Secretary access to information BAs (incl. subs) forbidden to intimidate, discriminate against, etc. those who make complaints, cooperate with regulators or oppose unlawful actions BAs (incl. subcontractors) subject to civil money penalties for HIPAA violations BA/Subs remain liable under contract to Covered Entity and BA

How do these updates affect your Business As a Business Associate you have HIPAA/ HITECH Compliance Requirements: 1. A Written Risk Analysis 2. A Written Continuity Plan 3. A Documented Security Practices and Procedures 4. An Incident Response Plan (Breach Response) 5. A Record Disposal Procedure for Electronic Media and Paper Records 6. Employee Training Program 7. Termination Procedures 8. Documentation and Logs

Definition of a Breach The final rule also changes the risk analysis requirements for determining when a breach has occurred. Previously, a risk of harm threshold was considered in determining whether a breach had occurred. The Office of Civil Rights (OCR) changes in the final rule create almost a presumption of a breach, which will seemingly make it more likely that a business will be required to notify those individuals whose personal health information has been affected, HHS and possibly the media.

Penalties for Your non-compliance CATEGORIES OF VIOLATIONS AND RESPECTIVE PENALTY AMOUNTS AVAILABLE Violation Category Section 1176(a)(1) (A) Did Not Know (B) Reasonable Cause (C)(i) Willful Neglect-Corrected (C)(ii) Willful Neglect-Not Corrected Each Violation $100 to Max $50,000 $1,000 to Max $50,000 $10,000 to Max $50,000 All such violations of an identical provision in a calendar year $1,500,000 $1,500,000 $1,500,000 $50,000 $1,500,000

HITRUST* now has several of its members that will require business associates to follow the framework and document compliance with it. *The Health Information Trust Alliance, or HITRUST, in collaboration with healthcare, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. The most widely adopted security control framework in the U.S. healthcare industry, the CSF includes a prescriptive set of controls and supporting requirements that clearly define how organizations meet the objectives of the framework

Are you a Business Associate? Illustration of the types of firms that are now considered Business Associates IT Support and Software Vendors IT Equipment Vendors Leasing firms Telephone CPE Vendors Shredding Vendors Data Centers Cloud Computing Providers Answering Services for Medical Offices Medical Billing Services Medical Transcriptions Services Medical Collection Agencies Temporary Employment Agencies

Questions A.J. (Andy) Weitzberg President HIPAA Continuity Planners Email: AJ@HIPAACP.COM 1.800.654.2041 Toll Free 1.631.654.4001 Office 1.516.641.4001 Mobile

HIPAA Compliance HITECH Attestation Omnibus Rule Ready Meaningful Use core measure 15 Free Demo and 60 Day Evaluation www.compliancy- group.com HIPAA Hotline 855.85HIPAA 855.854.4722

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback