HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule

Similar documents
HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

Improving the Medical Records Request Process for Patients

Omnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule

Ensuring Interoperability of Health Information Technology Under the 21 st Century Cures Act

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

Compliance. TODAY May Meet Scott Killingsworth. Partner in the Atlanta offices of Bryan Cave LLP. See page 16

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

To: Our Clients and Friends January 25, 2013

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HHS, Office for Civil Rights. IAPP October 11, 2012

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules

HIPAA Omnibus Final Rule and Research

Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013

Highlights of the Omnibus HIPAA/HITECH Final Rule

Getting a Grip on HIPAA

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

Fifth National HIPAA Summit West

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Omnibus HIPAA Rule: Impact on Covered Entities

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

ACC Compliance and Ethics Committee Presentation February 19, 2013

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Rule. Research Changes to the Privacy Rule and GINA. Heather Pierce, JD, MPH Senior Director and Regulatory Counsel, Scientific Affairs

HIPAA & The Medical Practice

New HIPAA Rules and Implications for the Industry January 29, 2013

New HIPAA-HITECH Proposed Regulations Issued

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

Health Law Diagnosis

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

HIPAA: Impact on Corporate Compliance

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Management Alert Final HIPAA Regulations Issued

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

MEMORANDUM. Kirk J. Nahra, or

Changes to HIPAA Under the Omnibus Final Rule

Highlights of the Final Omnibus HIPAA Rule

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

The Impact of the Stimulus Act on HIPAA Privacy and Security

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

The HHS Breach Final Rule Is Out What s Next?

Omnibus Rule: HIPAA 2.0 for Law Firms

IT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW [OBER KALER]

NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH

Compliance Steps for the Final HIPAA Rule

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

HIPAA Compliance Under the Magnifying Glass

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

Practical Guidance and Proposed Solutions in Response to the HIPAA Final Omnibus Rule

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

HIPAA Final Omnibus Rule Playbook

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners

"HIPAA RULES AND COMPLIANCE"

HIPAA Omnibus Rule Compliance

HIPAA The Health Insurance Portability and Accountability Act of 1996

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

HIPAA OMNIBUS FINAL RULE

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

The HIPAA Omnibus Rule

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

Determining Whether You Are a Business Associate

Interpreters Associates Inc. Division of Intérpretes Brasil

AFTER THE OMNIBUS RULE

1.) The Privacy Rule (Part 164, Subpart E)

HIPAA Compliance Guide

Welcome to today s Webinar

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

HITECH/HIPAA (privacy) 2013 Omnibus Final Rule Rita Bowen Senior Vice President of HIM and Privacy Officer HealthPort

AETNA BETTER HEALTH OF KENTUCKY

Managing Information Privacy & Security in Healthcare. When an Authorization is Required

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

Compliance Steps for the Final HIPAA Rule

AROC 2015 HIPAA PRIVACY AND SECURITY RULES

NEWSLETTER. Volume Nine - Number One January The Final HIPAA HITECH Regulations: Making the Business Case for ERM

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

Privacy Sleuths: Solving the Mystery of Wellness Program Privacy Compliance. Agenda. Health Data Exposure National Wellness Conference

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

HIPAA and Lawyers: Your stakes have just been raised

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE

O n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report

AonLine Service Agreement Effective July 19, By logging into AonLine, user agrees to these terms and conditions (T&C):

Limited Data Set Data Use Agreement For Research

HEALTHCARE BREACH TRIAGE

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

Website Terms of Use Agreement

Modification of Services

VOL. 0, NO. 0 JANUARY 23, 2013

Tuesday, April 16, :00-2:15 pm Eastern. Presenters. Melissa Markey, Esquire Hall Render Killian Heath & Lyman PC Troy, MI

The HIPAA/HITECH Final Rule: Time to Get More Serious About Compliance. Patricia A. Markus, Esq.

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017

Transcription:

HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule Audio Seminar January 28, 2013 Practical Tools for Seminar Learning Copyright 2012 American Health Information Management Association. All rights reserved.

By accessing, purchasing, or registering for any AHIMA audio seminar or webinar, you agree to the terms and conditions outlined in the AHIMA Audio Seminar/Webinar Terms of Use Agreement. AHIMA Audio Seminar/Webinar Terms of Use Agreement If you do not accept and abide by this Agreement, you may not download, access, or attend AHIMA audio seminars or webinars. Nothing in this Agreement shall be deemed to confer any third party rights or benefits. Description of Service. AHIMA audio seminars and webinars are live or recorded events available via phone, Web, download, or Audio CD at a fee. AHIMA (American Health Information Management Association) reserves the right to modify, suspend or discontinue the product with or without notice at any time and without any liability to you. An executed registration or order form constitutes binding agreement between the parties. Personal Use. AHIMA audio seminars and webinars are made available to you for personal or single office (e.g. a conference room) use only and may not be rebroadcast, retransmitted, shared or disseminated without the express written permission of AHIMA. In addition, AHIMA component state associations (CSA) and local chapters or other groups of individuals representing multiple companies or separate offices within a single facility do not constitute a single office and may not share an audio seminar or webinar. If a registrant needs the ability to share audio seminar or webinar content outside his or her single office or facility, a multiple registration license is required. Unauthorized sharing of AHIMA audio seminar and webinar content through the sharing of user names and passwords or via alternative media (including, but not limited to ipod, CD-ROM and Flash Drive) through the sharing of said media, or via patching phone lines is restricted by law and may subject the copyright infringer to substantial civil damages. AHIMA reserves the right to refuse service to anyone at any time without notice for any reason. AHIMA audio seminar and webinar content may be available for licensed use for larger organizations and other uses under separate licensing arrangements made through AHIMA s business development team. You agree not to sell, reproduce, distribute, modify, display, publicly perform, prepare derivative works based on, or otherwise use, the AHIMA Programs in any way for any public or commercial purpose. Except as specifically agreed to by the parties in writing, you may not distribute, license, transfer or assign the AHIMA programs to any 3rd party. Proper Use. AHIMA reserves the right, but shall have no obligation, to investigate your use of the Product in order to determine whether a violation of the Agreement has occurred. Intellectual Property Rights. You acknowledge that AHIMA owns all right, title and interest in and to the Product content, except where stated otherwise, including without limitation all intellectual property rights (the "AHIMA Rights") specific to content, and such AHIMA Rights are protected by U.S. and international intellectual property laws. Accordingly, you agree that you will not copy, reproduce, alter, modify, or create derivative works from the Service. Disclaimers. AHIMA programs and services are provided on an "as is" and "as available" basis, with all faults. Neither AHIMA nor any person associated with AHIMA makes any warranty or representation with respect to the quality, accuracy or availability of the AHIMA programs or programs and services. Except as expressly stated herein, AHIMA disclaims all warranties, conditions, representations, indemnities and guarantees with respect to the AHIMA programs and programs and services, all components thereof whether express or implied, arising by law, custom or prior oral or written statements made by AHIMA, its representatives, third parties or otherwise, including but not limited to, the warranties or merchantability and fitness for a particular purpose. Further, the warranties stated above will not apply to the extent that there has been (A) use of the AHIMA programs in a manner for which it was not intended; or (B) modification of the AHIMA programs by anyone other than AHIMA. AHIMA does not warrant uninterrupted or error-free operation of the AHIMA programs, that AHIMA will correct all defects or that installation or operation of the AHIMA programs will not affect other software of systems of the user. Limitation of Liability. Except with respect to obligations under the indemnification section of this agreement, neither party will not be liable for any consequential, exemplary, incidental, indirect, or special damages or costs including, but not limited to, lost profits or loss of goodwill, resulting from any claim or cause of action based upon breach of warranty, breach of contract, negligence, strict liability, product liability, or any other legal theory, even if advised or should have known of the possibility thereof. Each party s maximum liability for direct damages is limited to the total fees paid and payable to AHIMA under this agreement during the then current term during which the incident that gave rise to the claim occurred. i

Disclaimer The American Health Information Management Association makes no representation or guarantee with respect to the contents herein and specifically disclaims any implied guarantee of suitability for any specific purpose. AHIMA has no liability or responsibility to any person or entity with respect to any loss or damage caused by the use of this audio seminar, including but not limited to any loss of revenue, interruption of service, loss of business, or indirect damages resulting from the use of this program. AHIMA makes no guarantee that the use of this program will prevent differences of opinion or disputes with Medicare or other third party payers as to the amount that will be paid to providers of service. CPT five digit codes, nomenclature, and other data are copyright 2012 by the American Medical Association. All Rights Reserved. No fee schedules, basic units, relative values or related listings are included in CPT. The AMA assumes no liability for the data contained herein. As a provider of continuing education the American Health Information Management Association (AHIMA) must assure balance, independence, objectivity and scientific rigor in all of its endeavors. AHIMA is solely responsible for control of program objectives and content and the selection of presenters. All speakers and planning committee members are expected to disclose to the audience: (1) any significant financial interest or other relationships with the manufacturer(s) or provider(s) of any commercial product(s) or services(s) discussed in an educational presentation; (2) any significant financial interest or other relationship with any companies providing commercial support for the activity; and (3) if the presentation will include discussion of investigational or unlabeled uses of a product. The intent of this requirement is not to prevent a speaker with commercial affiliations from presenting, but rather to provide the participants with information from which they may make their own judgments. This material is designed and provided to communicate information about clinical documentation, coding, and compliance in an educational format and manner. The author is not providing or offering legal advice but, rather, practical and useful information and tools to achieve compliant results in the area of clinical documentation, data quality, and coding. Every reasonable effort has been taken to ensure that the educational information provided is accurate and useful. Applying best practice solutions and achieving results will vary in each hospital/facility and clinical situation. AHIMA 2012 Audio Seminar Series http://www.ahima.org/continuinged/audio/default.aspx American Health Information Management Association 233 N. Michigan Ave., 21 st Floor, Chicago, Illinois ii

Disclaimer Document Usage Rights This document is exclusively for use by individuals attending the associated audio seminar or webinar (named on the first page of this document), in conjunction with their attendance of the live or recorded version of the presentation. All material herein is copyright 2012 American Health Information Management Association (AHIMA), except where otherwise noted. It may not be redistributed without prior written permission from AHIMA. Presented with the support of Integrity, regulatory compliance and safeguarding a healthcare facility s bottom line - these are the founding principles of Gatehouse Consulting, Inc. (GCI). GCI partners with healthcare facilities and physicians to ensure the accuracy of ICD-9 and ICD-10 coding and billing practices. Through a combination of revenue cycle assessments, proven workflow improvement strategies and subsequent continuing education, GCI establishes best practices for quality coding, the underpinning of your financial longevity. Additionally, these best practices secure your continued regulatory compliance. Please visit us a www.gatehouse-consulting.com or 770-814-4250. Presented with the support of The ICD-10 transition is looming and never before has it been more important for Healthcare Providers to align with the right HIM companies. Allicay Health is a technology company building compliant solutions to streamline utilization and simplify the insatiable demand for these critical resources as we approach 2014 and beyond. By fostering an environment of accountability using best practice metrics, we will securely connect the right resources at the right time to the demands of providers. Find us @: www.allicayhealth.com AHIMA 2012 Audio Seminar Series http://www.ahima.org/continuinged/audio/default.aspx American Health Information Management Association 233 N. Michigan Ave., 21 st Floor, Chicago, Illinois iii

Faculty Adam Greene, JD, MPH is a partner in the Washington, DC office of Davis Wright Tremaine and co-chair of its Health Information Group. Mr. Greene primarily counsels healthcare providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Adam was a regulator at the US Department of Health and Human Services (DHHS), where he played a fundamental role in administering and enforcing the HIPAA rules. At DHHS, Mr. Greene was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Mr. Greene is the chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues AHIMA 2012 Audio Seminar Series http://www.ahima.org/continuinged/audio/default.aspx American Health Information Management Association 233 N. Michigan Ave., 21 st Floor, Chicago, Illinois iv

Table of Contents AHIMA Audio Seminar/Webinar Terms of Use Agreement... i Disclaimer... ii Document Usage Rights... iii Sponsors... iii Faculty... iv Agenda... 1 The Wait is Over... 1 The Omnibus Rule... 2 What s Still Missing?... 2 Breach Notification Rule... 3 New Compromise Standard... 3 Risk Assessment Factors... 4 Risk Assessment... 4 New Limits on Uses and Disclosures of PHI... 5 The Good News: Fundraising... 5-6 The Good News: Research... 6-7 The Good News: Student Immunization Records... 8 The Good News: Decedent Information... 8 The Bad News: Marketing... 9-10 The Bad News: Sale of PHI... 10-11 The Bad News: Genetic Information... 11 Business Associates and Subcontractors... 12 Who Is A Business Associate?... 12 Subcontractors, Welcome to the HIPAA Party... 13 Liability of Business Associates... 13 Business Associate Contracts... 14 Increased Patient Rights... 14 Electronic Copy of PHI... 15-16 Restriction for Out-of-Pocket Payments... 17 Notice of Privacy Practices... 17 Changes to Notice of Privacy Practices... 18 Increased Enforcement... 18 Focus on Willful Neglect... 19 Other Enforcement Changes... 19 Action Items... 20 HIM Impact... 21 Questions... 22 AHIMA 2012 Audio Seminar Series http://www.ahima.org/continuinged/audio/default.aspx American Health Information Management Association 233 N. Michigan Ave., 21 st Floor, Chicago, Illinois v

Agenda Breach Notification Rule New Limits on Uses and Disclosures of PHI Business Associates and Subcontractors Increased Patient Rights Notice of Privacy Practices Increased Enforcement Action Items 1 The Wait is Over 2 AHIMA 2013 Audio Seminar Series 1

The Omnibus Rule Most of HITECH Act privacy and security provisions Breach Notification Rule Genetic Information Nondiscrimination Act (limit on underwriting) Enforcement Rule Several workability amendments General Compliance Date: September 23, 2013 3 What s Still Missing? Accounting of disclosures/access reports Minimum necessary guidance Distribution of penalties/settlements to harmed individuals 4 AHIMA 2013 Audio Seminar Series 2

BREACH NOTIFICATION RULE 5 New Compromise Standard Significant risk of financial, reputational, or other harm Exception for limited data set without ZIP codes or dates of birth Presumption of reportable breach, unless low probability the PHI has been compromised after risk assessment 6 AHIMA 2013 Audio Seminar Series 3

Risk Assessment Factors Nature and extent of PHI involved The unauthorized person who used the PHI or to whom the disclosure was made Whether the PHI actually was acquired or viewed The extent to which the risk to the PHI has been mitigated 7 Risk Assessment Comment to interim final Breach Notification Rule suggesting compromise standard: inappropriately viewed, re-identified, re-disclosed, or otherwise misused 8 AHIMA 2013 Audio Seminar Series 4

NEW LIMITS ON USES AND DISCLOSURES OF PHI 9 The Good News: Fundraising Adds categories of PHI that may be used or disclosed for fundraising: Department of service Treating physician Outcome information Health insurance status 10 AHIMA 2013 Audio Seminar Series 5

The Good News: Fundraising Strengthens opt-out for fundraising: Clear and conspicuous Must not require undue burden May not condition treatment or payment Covered entity may not make fundraising communications after opt-out (previous standard was reasonable effort ) Covered entity may provide method of opting back in 11 The Good News: Research Covered entities may combine conditioned and unconditioned authorizations For example, conditioned authorization for clinical trial may be combined with unconditioned authorization for tissue specimen repository 12 AHIMA 2013 Audio Seminar Series 6

The Good News: Research Authorization must differentiate between conditioned and unconditioned portions Unconditioned authorization must be opt in, e.g., Check box Second signature line 13 The Good News: Research HHS changed interpretation on authorization for future research: Prior interpretation Authorization for research must be study specific New interpretation Authorization may govern future research Authorization must reasonably put individual on notice of potential future research 14 AHIMA 2013 Audio Seminar Series 7

The Good News: Student Immunization Records Covered entity may release student immunization records to school without authorization If state law requires school to have immunization record Written or oral agreement (must be documented) 15 The Good News: Decedent Information No longer PHI 50 years after death Covered entity may disclose PHI to persons involved in decedent s care or payment if not contrary to prior expressed preference 16 AHIMA 2013 Audio Seminar Series 8

The Bad News: Marketing General Rule: Communication about a product or service that encourages purchase or use is marketing and requires an authorization 17 The Bad News: Marketing Old Exception to Definition of Marketing: Treatment (e.g., providing alternative treatment options) Health care operations (e.g., describing health-related product or service offered by covered entity) 18 AHIMA 2013 Audio Seminar Series 9

The Bad News: Marketing New Exception to the Old Exception Marketing if covered entity receives financial remuneration from the third party whose product or service is described New Exception to Definition of Marketing Marketing does not include subsidized refill reminders about drug that is currently prescribed remuneration must be reasonably related to cost of communication 19 The Bad News: Sale of PHI Covered entity may not receive remuneration in exchange for PHI Exceptions (no limit): Treatment Payment Sale of covered entity and related due diligence Required by law 20 AHIMA 2013 Audio Seminar Series 10

The Bad News: Sale of PHI Exceptions (no limit) Business associate activities Exceptions (limits) Research To an individual for access and accounting Any other permissible purpose if remuneration limited to reasonable, costbased fee for preparation and transmittal 21 The Bad News: Genetic Information Clarification that genetic information is health information Health plan (other than long-term care plan) may not use or disclose genetic information for underwriting purposes 22 AHIMA 2013 Audio Seminar Series 11

BUSINESS ASSOCIATES AND SUBCONTRACTORS 23 Who Is a Business Associate? New definition of business associate Uses or discloses individually identifiable health information Creates, receives, maintains, or transmits protected health information 24 AHIMA 2013 Audio Seminar Series 12

Subcontractors, welcome to the HIPAA Party! Subcontractor + PHI = Business Associate Subcontractor = Person to whom a business associate delegates a function, activity, or service Subcontractor workforce member All the way down the chain (contractual relationships should remain the same) 25 Liability of Business Associates Impermissible uses and disclosures Breach notification to covered entity Failure to provide e-copy of ephi as specified in the business associate contract Failure to disclose PHI to HHS for HIPAA investigation Failure to provide an accounting of disclosures Failure to comply with the applicable requirements of the Security Rule 26 AHIMA 2013 Audio Seminar Series 13

Business Associate Contracts Must specify compliance with Breach Notification Rule Should specify to whom BA provides electronic access If CE delegates HIPAA responsibility, must specify that BA will comply with HIPAA Grandfathering may be available 27 INCREASED PATIENT RIGHTS 28 AHIMA 2013 Audio Seminar Series 14

Electronic Copy of PHI Old Rule: Form or format requested, if readily producible If not readily producible, then readable hard copy 29 Electronic Copy of PHI New Rule: Form or format requested, if readily producible If not readily producible and maintained in paper, then readable hard copy 30 AHIMA 2013 Audio Seminar Series 15

Electronic Copy of PHI New Rule: If not readily producible and maintained electronically, then electronic copy May charge for only labor and electronic media 31 Electronic Copy of PHI Individual may designate third party to receive copy Must be in writing Clearly identify the designated person Clearly identify where to send the copy Access vs. Authorization further confused 32 AHIMA 2013 Audio Seminar Series 16

Restriction for Out-of-Pocket Payments Covered entity must agree to individual s request to restrict disclosure to health plan For payment or health care operations Unless required by law Individual or person on individual s behalf pays for item or service out of pocket in full 33 NOTICE OF PRIVACY PRACTICES 34 AHIMA 2013 Audio Seminar Series 17

Changes to Notice of Privacy Practices Prohibition on sale of PHI Duty to notify affected individuals of a breach of unsecured PHI Right to opt out of fundraising (if applicable) Right to restrict disclosure of PHI when paid out of pocket Limit on use of genetic information (certain health plans only) 35 INCREASED ENFORCEMENT 36 AHIMA 2013 Audio Seminar Series 18

Focus on Willful Neglect Willful neglect: Conscious, intentional failure or reckless indifference OCR will investigate all cases of possible willful neglect OCR will impose penalty on all violations due to willful neglect 37 Other Enforcement Changes Revised definition of reasonable cause (fills gap between did not know and willful neglect) Greater OCR discretion to proceed directly to penalty without seeking informal resolution Vicarious liability for business associate agents (discussed in next webinar) Factors impacting CMP calculation 38 AHIMA 2013 Audio Seminar Series 19

ACTION ITEMS 39 Action Items Review and revise policies, procedures, and training Opportunity to consider what has not been working Consider addressing issues such as social media, use of personal mobile devices, etc. Create/revise breach response plan Begin process of updating BA agreements Consider whether BA is agent What are BA s safeguards? Amend notice of privacy practices 40 AHIMA 2013 Audio Seminar Series 20

HIM Impact Address operation for: Fundraising Restrictions Decedents Access Form and format Fees 41 HIM Impact Authorization Marketing Sale of PHI Research 42 AHIMA 2013 Audio Seminar Series 21

Questions 43 HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule Presentation to AHIMA January 28, 2013 Adam H. Greene, JD, MPH Partner, Washington, DC AHIMA 2013 Audio Seminar Series 22

AHIMA 2013 Audio Seminar Series 23

To receive your CE Certificate Please go to the AHIMA Web site http://www.ahima.org/continuinged/audio/2012seminars.aspx click on the link to Sign In and Complete Online Evaluation listed for this seminar. You will be automatically linked to the CE certificate for this seminar after completing the evaluation. Each person seeking CE credit must complete the mandatory self-assessment which can be found in the appendix of the resource materials, as well as complete the sign-in form and evaluation to view and print their CE certificate.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback