UNDERSTANDING HIPAA COMPLIANCE IN 2014: ETHICS, TECHNOLOGY, HEALTHCARE & LIFE

Similar documents
Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

HIPAA The Health Insurance Portability and Accountability Act of 1996

Changes to HIPAA Privacy and Security Rules

AFTER THE OMNIBUS RULE

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

BREACH NOTIFICATION POLICY

Interim Date: July 21, 2015 Revised: July 1, 2015

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

Compliance Steps for the Final HIPAA Rule

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

ALERT. November 20, 2009

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

H E A L T H C A R E L A W U P D A T E

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

Management Alert Final HIPAA Regulations Issued

HIPAA Compliance Guide

503 SURVIVING A HIPAA BREACH INVESTIGATION

HIPAA Breach Notification Case Studies on What to Do and When to Report

LEGAL ISSUES IN HEALTH IT SECURITY

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

The American Recovery Reinvestment Act. and Health Care Reform Puzzle

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities

HIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

HIPAA, Privacy, and Security Oh My!

HEALTHCARE BREACH TRIAGE

Compliance Steps for the Final HIPAA Rule

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Nancy Davis, Ministry Health Care Peg Schmidt, Aurora Health Care Teresa Smithrud, Mercy Health System

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

HIPAA OMNIBUS FINAL RULE

HIPAA: Impact on Corporate Compliance

OMNIBUS RULE ARRIVES

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Be Careful What You Wish For: The Final Rule Is Out

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

SECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations

ARE YOU HIP WITH HIPAA?

HIPAA Compliance Under the Magnifying Glass

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA & The Medical Practice

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA Notice of Privacy Practices

HIPAA Data Breach ITPC

The American Recovery Reinvestment Act and Health Care Reform Puzzle. Presentation Overview 2/27/2012

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

OVERVIEW OF RECENT CHANGES IN HIPAA AND OHIO PRIVACY LAWS

HIPAA PRIVACY AND SECURITY AWARENESS

COMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

Highlights of the Omnibus HIPAA/HITECH Final Rule

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

45 CFR Part 164. Interim Final Rule Breach Notification for Unsecured Protected Health Information

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

Determining Whether You Are a Business Associate

NEW DATA BREACH RULES HAVE BIG IMPACT

The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure

The HIPAA Omnibus Rule

2016 Business Associate Workforce Member HIPAA Training Handbook

HIPAA Breach Notice Rules New notice requirements for HIPAA covered entities when there is a breach of Protected Health Information (PHI)

Business Associate Risk

Personal Information Protection Act Breach Reporting Guide

What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers?

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

HIPAA Privacy Overview

Getting a Grip on HIPAA

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

EXCERPT. Do the Right Thing R1112 P1112

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

[Name of Organization] HIPAA Incident/Breach Investigation Procedure 4

ACC Compliance and Ethics Committee Presentation February 19, 2013

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

HIPAA Privacy, Breach, & Security Rules

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

To Notify Or Not To Notify Is No Longer The Question Robin Campbell Chandra Westergaard

"HIPAA RULES AND COMPLIANCE"

"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA and Lawyers: Your stakes have just been raised

ICAHN Presentation. Final Omnibus Rule and Security Risk Analysis. July 26, David Ginsberg

Transcription:

UNDERSTANDING HIPAA COMPLIANCE IN 2014: ETHICS, TECHNOLOGY, HEALTHCARE & LIFE JULIE MEADOWS-KEEFE GROSSMAN, FURLOW, AND BAYÓ, LLC 2022-2 RAYMOND DIEHL RD. TALLAHASSEE, FL. 32308 (850) 385-1314 J.MEADOWS-KEEFE@GFBLAWFIRM.COM

DOES IT PUT YOU IN A BAD MOOD?

HOW MUCH PRIVACY DO YOU HAVE? How Much Privacy Are You Willing To Give Up?

PERCEIVED BARRIERS?

WIRED MAGAZINE 11-15-12 The age of the password has come to an end; we just haven t realized it yet. And no one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets a string of characters, 10 strings of characters, the answers to 50 questions that only we re supposed to know. The Internet doesn t do secrets. Everyone is a few clicks away from knowing everything.

SO WE RECOGNIZE WE ARE ALL VULNERABLE

A stolen medical identity has a $50 street value whereas a stolen social security number, on the other hand, only sells for $1.00 said Kirk Herath, Nationwide Chief Privacy Officer.

FACTS ABOUT MEDICAL IDENTITY THEFT 1.5 Million American Affected Average cost to restore identity is over $20,000. Medical identity theft comprises 3% of all identity thefts Nearly half of victims lose their coverage Can take a year to discover Healthcare was most breached industry in 2011

SO WHAT DOES HIPAA DO? HIPAA sets a national standard for accessing and handling medical information Access to your own medical records, prior to HIPAA, was not guaranteed by federal law. Notice of privacy practices about how your medical information is used and disclosed must now be given to you. An accounting of disclosures

HIPAA 1996

1996 MAC

POPULAR SONG & DANCE IN 1996

IN 1996 Google.com didn t exist yet. In January 1996 there were only 100,000 websites, compared to more than 160 million in 2008. The web browser of choice was Netscape Navigator, followed by Microsoft Internet Explorer as a distant second (Microsoft launched IE 3 in 1996). Most people used dial-up Internet connections

ARRA February 17, 2009. ARRA Signed into Law. Also known as the Stimulus $ 25.8 Billion for Health IT Increased Regulation of Organizations Contracting with Covered Entities Covered Entities Must Carefully Monitor Disclosures of PHI Increased Limitations on use of PHI Increased Penalties and Enforcement Mechanisms Breach notification and reporting requirements.

EVIDENCE BASED MEDICINE Conscientious, explicit and judicious use of current best evidence in making decisions about the care of individual patients Use of mathematical estimates of the risk of benefit and harm, derived from high-quality research on population samples, to inform clinical decisionmaking in the diagnosis, investigation or management of individual patients."

BIG DATA How much regulation is needed for electronic health records and systems? How much is too much? Does technology harm patients? How much risk do patients face in the era of "big data? Can data reach level of necessary granularity to only show minimum amount of data necessary to provide a particular treatment?

EXPRESS SCRIPTS HAS BIG DATA Provides Pharmacy Benefits to over 100 million people. They see 1.4 billion prescriptions a year, each one of which generates adds a little more data to their pile. They now have 100 people sorting through that information trying to detect fraud. They've got nurses and pharmacists and forensic accountants, along with a group of data nerds investigating thousands of cases of shady dealings a year.

SOME FEAR

WHAT IS A BREACH? A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual. There are three exceptions to the definition of breach. The first exception applies to the unintentional acquisition, access, or use of protected health information by a workforce member acting under the authority of a covered entity or business associate. The second exception applies to the inadvertent disclosure of protected health information from a person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule. The final exception to breach applies if the covered entity or business associate has a good faith belief that the unauthorized individual, to whom the impermissible disclosure was made, would not have been able to retain the information.

TAKE-AWAY PLEASE MAKE SURE ALL STAFF ARE UTILIZING ENCRYPTION FOR TRANSMISSION OF PHI.

BREACHES BIG IN OMNIBUS the nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification the unauthorized person who used the protected health information or to whom the disclosure was made whether the protected health information was actually acquired or viewed the extent to which the risk to the protected health information has been mitigated

BREACHES SO FAR January, 2013-First HIPAA breach settlement involving less than 500 patients (Idaho Hospice) April 2012 HHS settles case with Phoenix Cardiac Surgery for lack of HIPAA safeguards

ALASKA DEPARTMENT OF HEALTH AND HUMAN SERVICES Settled for 1.7 million dollars. One lost unencrypted flash drive from an employee s car led to extensive HHS investigation. Insufficient training and risk assessment.

2013 VERIZON BREACH REPORT THREAT ACTORS External 92% Internal 14% Partners 1%

THREAT ACTIONS Malware 10% Hacking 52% Social 29% Misuse 13% Physical 35% Error 2%

ATTACKED ENTITIES Financial Organizations 37% Utilities 24% Manufacturing, transportation 20% Healthcare organizations 0.90%

BUSINESS ASSOCIATE REQUIREMENTS Extends HIPAA s requirements, not just to business associates, but to subcontractors that handle protected health information on behalf of business associates

NOTICE OF PRIVACY PRACTICES Need to revise to reflect patient s right to receive breach notifications.

REQUEST FOR RESTRICTIONS Specifically, covered entities must agree to restrict disclosures of protected health information about the individual if the disclosure is for payment or healthcare operations purposes, is not required by law, and the protected health information pertains solely to a healthcare item or service for which the individual, or someone on the individual's behalf other than the health plan, has paid the covered entity in full.

JULIE S STORY Real-life experience with too much data being included in an EHR. https://www.youtube.com/watch? v=tk1kecy5j9q

LICENSURE Licensure involves providing a full explanation and record documenting any affirmative responses to health questions, including emotional/mental illness, chemical dependency.

THANK YOU JULIE MEADOWS-KEEFE GROSSMAN, FURLOW, AND BAYÓ 2022-2 RAYMOND DIEHL RD. TALLAHASSEE, FL. 32308 (850) 385-1314 J.MEADOWS-KEEFE@GFBLAWFIRM.COM

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback