What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

Similar documents
The wait is over HHS releases final omnibus HIPAA privacy and security regulations

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

Highlights of the Omnibus HIPAA/HITECH Final Rule

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA & The Medical Practice

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Compliance Steps for the Final HIPAA Rule

Omnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

To: Our Clients and Friends January 25, 2013

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

The Audits are coming!

What is HIPAA? (1 of 2)

"HIPAA RULES AND COMPLIANCE"

Determining Whether You Are a Business Associate

HHS, Office for Civil Rights. IAPP October 11, 2012

Getting a Grip on HIPAA

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA: Impact on Corporate Compliance

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

Compliance Steps for the Final HIPAA Rule

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

New HIPAA Rules and Implications for the Industry January 29, 2013

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

HIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

HEALTH LAW ALERT January 21, 2013

HIPAA Compliance Under the Magnifying Glass

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

HIPAA Omnibus Final Rule and Research

Highlights of the Final Omnibus HIPAA Rule

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

UNIVERSITY POLICY. Access of Individuals to Their Protected Health Information. Adopted: 01/23/2003 Reviewed: 3/11/2016

ACC Compliance and Ethics Committee Presentation February 19, 2013

HIPAA Privacy & Security. Transportation Providers 2017

Management Alert Final HIPAA Regulations Issued

ARTICLE 1. Terms { ;1}

The Privacy Rule. Health insurance Portability & Accountability Act

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

CROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF

Health Law Diagnosis

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

2016 Business Associate Workforce Member HIPAA Training Handbook

HIPAA Data Breach ITPC

HIPAA Final Omnibus Rule Playbook

The HIPAA/HITECH Final Rule: Time to Get More Serious About Compliance. Patricia A. Markus, Esq.

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

New HIPAA Rules A Briefing On HIPAA Rule Changes. Leader Guide

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA Privacy Overview

ARRA 2009: Privacy and Security Provisions. Deven McGraw

Notice of Privacy Practices Linn County Employee Health Care and Health Related Benefits Programs

New HIPAA-HITECH Proposed Regulations Issued

HIPAA Background and History

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

Fifth National HIPAA Summit West

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

Effective Date: 4/3/17

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA Business Associate Agreement

HIPAA Basic Training for Health & Welfare Plan Administrators

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

HIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017

HIPAA The Health Insurance Portability and Accountability Act of 1996

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

Privacy in Health Care

HIPAA Privacy Compliance Checklist

LEGAL ISSUES IN HEALTH IT SECURITY

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

Effective Date: March 23, 2016

ARE YOU HIP WITH HIPAA?

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017

UHIN Dental WG Mini-Clinic. March 14, 2014

NEWSLETTER. Volume Nine - Number One January The Final HIPAA HITECH Regulations: Making the Business Case for ERM

HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule

HIPAA and Lawyers: Your stakes have just been raised

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

HIPAA Redux 2013 Kim Cavitt, AuD Audiology Resources, Inc. Expert e-seminar 4/29/2013. HIPAA Redux Presented by: Kim Cavitt, AuD

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

HIPAA OMNIBUS FINAL RULE

Privacy Sleuths: Solving the Mystery of Wellness Program Privacy Compliance. Agenda. Health Data Exposure National Wellness Conference

Transcription:

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

HIPAA stands for Health Insurance Portability and Accountability Act

HIPAA is Federally Mandated legislation. Violations can bring civil as well as criminal penalties.

Congress provided civil and criminal penalties for covered entities that misuse personal health information. Penalties for civil violations. up to $100 per violation up to $25,000 per year for each requirement or prohibition violated.

Criminal penalties apply for knowingly obtaining protected health information in violation of the law. Criminal penalties can range: From up to $50,000 and one year in prison To $250,000 and up to 10 years in prison Depending on the severity of the offense.

The privacy regulations ensure a national floor of privacy protections for patients by limiting the ways that covered entities can use patients' personal medical information.

The Office of Civil Rights (OCR) has the authority for enforcing HIPAA Privacy regulations.

The OCR allows for more stringent state laws, but does not allow states to weaken the law.

Protect patient rights by giving them access to their health information and control over how it will be used. Improve the quality of care by restoring trust in the health care system. Improve the efficiency and effectiveness of health care delivery by standardizing systems. Protect the security and privacy of all medical records and other health information that is used or shared.

HIPAA Other Sections Administrative Simplification SECURITY PRIVACY Data Standards At Brown County, we are interested in the boxes in yellow Transactions Code Sets Identifiers Portability Medical Savings Accounts Group Health Provisions Revenue Offset Provisions

Administrative Simplification, with particular emphasis on the privacy regulations, is what concerns Brown County.

The Department of Health and Human Services (HHS) has the authority to mandate standards, require code systems and specify measures to guard protected health information.

Covered Entities The law includes entities that provide, bill or pay for medical care or process health information, or request access to medical information in order to conduct financial and administrative transactions.

Health Care Providers - Any business that furnishes, bills or is paid for health care services. Health Plans - An individual or group plan that provides for, or pays the cost of medical care. Health Care Clearinghouses - An entity that receives health information from providers and plans, and helps standardize that information into the required format for claims processing. Business Associates of the entities above are ALSO considered covered entities.

Educational Institutions are NOT considered covered entities.

Business Associate: A person or organization that performs a function or activity on behalf of a covered entity, but is not part of the covered entity s workforce. A business associate can also be a covered entity in its own right. When Vendors signs a business associate agreement with a covered entity, the Vendor becomes a covered entity.

Business associates such as Vendors must warrant that all of their employees have been trained in HIPAA rules and regulations. Vendor Employees and contractors are responsible for compliance with HIPAA standards and regulations when. Working with client data Setting up client hardware and software

PHI: Protected Health Information. This includes individually identifiable health information transmitted by or maintained in print, spoken or electronic media or in any other form or medium.

Within HIPAA, Privacy provisions relate to Disclosure: The release, transfer, provision of, access to or divulging PHI outside of the business s internal operations. Use: With respect to PHI, means sharing, employment, application, utilization, examination or analysis of such PHI inside the business s internal operations.

The privacy rule sets limits on how identifiable health information may be used. The rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their patients.

Confidentiality regulations specify that Safeguarding the availability, integrity and confidentiality of protected health information is the responsibility of the covered entity and its business associates.

There are restrictions and limits on the use of protected health information, however. Brown County employees who are exposed to PHI while performing services for a client are NOT in violation of the law, unless they use or disclose the information improperly.

What is considered electronic? Computer entered data Electronic Data Interchange (EDI) data Data published as Intranet files E-mails Swipe card data Scanned data

Paper claims Paper fax Paper copies of memos or notes Telephone (voice) inquiries However, HIPAA regulations apply to BOTH electronic and non-electronic records.

The regulations protect medical records and other individually identifiable health information, whether it is on paper, in computers or communicated orally.

Patients generally should be able to see and obtain copies of their medical records and request corrections if they identify errors and mistakes.

Covered health plans, doctors and other health care providers must provide a notice to their patients concerning patients rights under the HIPAA privacy regulations.

The rule requires covered entities to have written privacy procedures. Covered entities must ensure that business associates agree to the same limitations on the use and disclosure of protected health information.

Covered entities must train their employees in their privacy procedures.

The provisions of the privacy rule generally apply equally to private sector and public sector covered entities. For example, private hospitals and government-run hospitals covered by the rule have to comply with the full range of requirements.

Covered entities must designate an individual who Ensures the procedures are followed Makes sure all employees are trained Initiates disciplinary action if the procedures are knowingly violated.

Brown County s HIPAA Compliance Officer is the Human Resources Director, Warren Kraft.

Review and monitor to ensure all Business Associate Agreements are in place Receive complaints, oversee mitigation efforts and resolve disputes over privacy violations Serve as a primary contact/resource for privacy issues/questions Collaborate with Corporation Counsel in handling federal or state government investigations

Tina Brunner, Dawn LaPlant, Lt. Heidi Michel and Chua Xiong are the Brown County Privacy Officers.

Guidance and technical assistance materials have been issued to make it as easy as possible for covered entities to comply with HIPAA requirements.

HHS's Summary of the HIPAA Omnibus Rule HHS summarized the over 500 pages of Omnibus Rule as follows: "This omnibus final rule is comprised of the following four final rules:

Omnibus Summary continued Final modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the Rules, which were issued as a proposed rule on July 14, 2010. These modifications: Make Business Associates of Covered Entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules' requirements. Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization. Expand individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full. Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices. Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others. Adopt the additional HITECH Act enhancements to the Enforcement Rule not previously adopted in the October 30, 2009, interim final rule, such as the provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect.

Final rule adopts changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act, originally published as an interim final rule on October 30, 2009. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold with a more objective standard and supplants an interim final rule published on August 24, 2009. Final rule modifies the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes, which was published as a proposed rule on October 7, 2009."

Guidance and technical materials to explain the privacy rule, including an extensive, searchable collection of frequently asked questions are available at http://www.hhs.gov/ocr/hipaa/assist.html

HIPAA s toll-free information line is (866) 627-7748.

Text of the HIPAA legislation can be found at: http://aspe.hhs.gov/admnsimp/pl104191.htm

Please proceed to the exam for Module 1. The exam is located on the intranet under Employee Training on the intranet home page.

Please click on the HIPAA Training and Testing Link

Successful completion of the exam is required. A record of your exam is automatically stored.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback