HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

Similar documents
Effective Date: 4/3/17

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

Business Associate Risk

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HIPAA Compliance Guide

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

AFTER THE OMNIBUS RULE

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

2016 Business Associate Workforce Member HIPAA Training Handbook

HIPAA & The Medical Practice

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

HIPAA Privacy & Security. Transportation Providers 2017

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

HEALTHCARE BREACH TRIAGE

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

Privacy Rule - Complaint Investigations

Determining Whether You Are a Business Associate

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

"HIPAA RULES AND COMPLIANCE"

ARE YOU HIP WITH HIPAA?

Presented by Marti Arvin Chief Compliance Officer UCLA Health Sciences

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

HIPAA Compliance for Business Associates ISBA Health Law Symposium October 10, 2017

LEGAL ISSUES IN HEALTH IT SECURITY

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA FUNDAMENTALS For Substance abuse Treatment Industry

2. HIPAA was introduced in There are many facets to the law. Which includes the facets of HIPAA that have been implemented?

HIPAA Data Breach ITPC

It s as AWESOME as You Think It Is!

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

HIPAA Privacy Overview

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

HIPAA Security How secure and compliant are you from this 5 letter word?

The Security Risk Analysis Requirement for MIPS. August 8, 2017, 2:00 p.m. to 3:00 p.m. ET Peter Mercuri, Practice Transformation Specialist

HIPAA Background and History

ALERT. November 20, 2009

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

EXCERPT. Do the Right Thing R1112 P1112

Health Information and Technology Update

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

Medical Identity Theft Prevention Policy

The Privacy Rule. Health insurance Portability & Accountability Act

To: Our Clients and Friends January 25, 2013

Legislative Update HIPAA/HITECH

H E A L T H C A R E L A W U P D A T E

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

Priciest HIPAA Incidents of 2015

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA and Lawyers: Your stakes have just been raised

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA: Impact on Corporate Compliance

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

HIPAA Privacy, Breach, & Security Rules

HIPAA Omnibus Rule Compliance

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

BREACH NOTIFICATION POLICY

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

and disclosure of your PHI for treatment, payment, and health care operations

HIPAA COMPLIANCE. for Small & Mid-Size Practices

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

ARRA s Amendments to HIPAA Privacy & Security Rules

Breach Reporting and Record Keeping under PHIPA

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

Compliance Fraud, Waste and Abuse HIPAA Privacy and Security

The American Recovery Reinvestment Act and Health Care Reform Puzzle. Presentation Overview 2/27/2012

Notice of Privacy Practices

New Federal Legislation Affecting Health Plans

1 Security 101 for Covered Entities

RISK TRACK. Privacy and Data Protection

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

NMH HIPAA Privacy Training Version

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

OMNIBUS RULE ARRIVES

HIPAA Basic Training for Health & Welfare Plan Administrators

Highlights of the Omnibus HIPAA/HITECH Final Rule

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA Compliance Under the Magnifying Glass

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

Meaningful Use Requirement for HIPAA Security Risk Assessment

HIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017

8/30/2016 HIPAA: WHAT S CHANGED?

Transcription:

HIPAA Overview Health Insurance Portability and Accountability Act Premier Senior Marketing, Inc

HIPAA Defined Acronym that stands for the Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers. Developed by the Department of Health and Human Services, these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal floor of privacy protections for consumers across the country. State laws providing additional protections to consumers are not affected by this new rule. HIPAA took effect on April 14, 2003.

Definitions Authorization: a patient consent or permission form clearly defined in HIPAA law that allows a covered entity to disclose Protect Health Information (PHI) Disclose: give out or release PHI; can be lawful or unlawful Business Associate (BA): (us) person or company not part of covered entity s workforce, but works and uses medical and patient info; the ARRA made BA s a regulated entity under HIPAA law. Protected Health Information: (PHI) this is what HIPAA protects, includes medical records and billing records. Covered Entity (CE): entities covered by HIPAA law, must comply with HIPPA. Medical Providers, Health Plans, and Clearing Houses are the 3 types. American Recovery and Reinvestment Act (ARRA) and HiTech Act: (Feb 18, 2010) Expanded and modified HIPAA; the ARRA made BA s (us) a regulated entity under HIPAA law. The HiTech Act made rules and regulations pertaining to electronic PHI (ephi). Minimum Necessary Rule (MNR): only the minimum necessary amount of PHI should be used Electronic PHI: (ephi) electronic forms of PHI

Effects of the American Recovery and Reinvestment (ARRA) and Hi-Tech Acts Tougher enforcement of HIPAA regulations, higher fines for violations Mandatory investigations and fines for willful neglect Affected people MUST be notified of the breach regarding their PHI Added Business Associates (us) as a regulated entity under HIPAA law Made laws and regulations pertaining to ephi

5 Objectives of HIPAA 1. Make Health Insurance affordable and easier to change (i.e. easier to change when changing jobs) 2. Prevent/Reduce Health Care fraud 3. Improve efficiency and effectiveness of Healthcare transactions (i.e. insurance claims) 4. Protect personal/confidential medical info, with mandatory privacy and security safeguards 5. Gather statistical data to protect the population against disease

2 Primary Reasons HIPAA Exists To Protect Medical Privacy To Prevent Crime

2 Most Important HIPAA Rules Privacy Rule A set of national standards for the protection of health information Addresses the use and disclosure of individuals Protected Health Information (PHI) Security Rule A set of national standards for the protection of ELECTRONIC forms of protected health information Addresses the use and disclosure of individuals electronic Protected Health Information (ephi)

Tips for Protecting ephi Never Access ephi unless authorized to do so Use strong passwords, phrases, and timed screensavers Never access computers under someone else s password Don t leave PHI or ephi files open Use encryption for emailing ephi, or DON T email it Properly lock, store, and dispose of PHI and ephi Be aware of hackers, scammers impersonating authorized personnel Verify identities before giving out ephi

Fines for Violations There is a minimum $100 fine per violation per person, With a maximum fine of $50,000 per violation per person, and a $1.5 million yearly cap

Examples of HIPAA Violations The business associate incorrectly updated the contract holders addresses resulting in the mailing of protected health information to incorrect recipients. The breach affected approximately 3,400 members. The protected health information involved included demographic information, EOBs, clinical information, and diagnoses. In response to this incident, the covered entity took steps to enforce the requirements of its business associate agreement with SBP. The business associate improved its code review process to catch the system error that caused this incident and instituted a manual quality review process designed to identify bad addresses. The covered entity inadvertently sent 23 boxes containing protected health information to a recycling center. These boxes contained the names, addresses, Social Security numbers, insurance identification numbers, clinical information, and credit/debit card numbers of 1,590 individuals. Following the breach, the covered entity reviewed its policies and procedures, suspended several employees, and set up credit monitoring for those individuals affected. As a result of OCR s investigation, the covered entity placed a record into its accounting of disclosure log for each member impacted, terminated the suspended employees, revised its policies and procedures, and retrained staff.

Examples of HIPAA Violations On April 6, 2010, the covered entity learned that a filing cabinet it donated to a non-profit organization on December 20, 2009, contained members protected health information (PHI). The cabinet contained the PHI of approximately 12,000 individuals. The PHI involved member information for Medicare Health Surveys from 2001 to 2004, which contained names, addresses, telephone numbers, Social Security numbers, and Medicare identification numbers. Following the breach, the covered entity notified the affected individuals of the breach, notified the media, sanctioned the employees involved in the incident, held a mandatory training for all departments involved in the breach regarding Privacy, Security, and Compliance rules, regulations, and responsibilities, revised the policy for office moves requiring a series of checklists and approvals prior to moving furniture offsite, and offered all affected individuals free credit monitoring, including assistance with identify theft protection. An unencrypted laptop computer was stolen from the covered entity s unlocked testing office. The laptop computer contained the protected health information of approximately 689 individuals. The protected health information involved in the breach included names, dates of birth, Social Security numbers, and the age, gender, race, and medication information of affected individuals. Following the breach, the covered entity restricted the storage of electronic protected health information to network drives. Additionally, OCR s investigation resulted in the covered entity improving their physical safeguards and in retraining employees.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback