Final PRIVACY RULE Presentation by Richard Campanelli, Director OCR/HHS at 5 th National HIPAA Summit Washington, D.C. October 31, 2002.

Slides:

Advertisements

Similar presentations

Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.

Advertisements

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA Basics November 1, 2014.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

Anne Arundel County Fire Department

HIPAA Privacy Rule Training

North Carolina State University Health Information Privacy 4/16/03.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

1 Electronic Transactions and Code Sets Enforcement CMS Office of HIPAA Standards.

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

HIPAA As It Applies To The DENTAL OFFICE PRESENTED TODAY BY Marybeth Crouch, RDH Executive Director Doral Dental Services of Ky, Inc.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Implementing and Enforcing the HIPAA Privacy Rule.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

Confidentiality, Patient Safety Work Product, and PSOs The Proposed Rule Implementing the Patient Safety and Quality Improvement Act of 2005 AHRQ Annual.

HIPAA PRIVACY AND SECURITY AWARENESS.

California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.

HIPAA and HITECH The Latest Developments Presented By: Michele Madison Partner, Healthcare Practice Morris, Manning & Martin, LLP

1 Disclosures © HIPAA Pros 2002 All rights reserved.

PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.

1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.

Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.

Compliance and Enforcement of the Privacy Rule. HHS/OCR February/March Compliance Date  April 14, 2003 – Compliance for all but small health plans.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

HIPAA’s Medical Privacy Standards: The Long and Really Winding Road Michael D. Bell, Esq. Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Washington,

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAAand Disaster Situations By LYNDA M. JOHNSON Friday, Eldredge & Clark.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

HIPAA Privacy Rule Implementation Status Report Richard M. Campanelli, J.D. Director, Office for Civil Rights Before the The Tenth National HIPAA Summit.

Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

Copyright © 2002 PricewaterhouseCoopers LLP 1 HIPAA Privacy Modification Rule - Final Harvard Colloquium August 21, 2002 Tom Hanks Director Client Services.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

 Health Insurance and Accountability Act Cornelius Villalon Jr.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.

What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

UNDERSTANDING WHAT HIPAA IS AND IS NOT

Enforcement, Business Associates and Breach Notification. Oh my!

HIPAA Administrative Simplification

HOGAN & HARTSON, L.L.P. “Publications” “Health”

HIPAA Pros - Disclosures

Disability Services Agencies Briefing On HIPAA

National Congress on Health Care Compliance

Compliance and Enforcement of the Privacy Rule

Analysis of Final HIPAA Privacy Modification Rule

South Jordan City Fire Department

Presentation transcript:

Final PRIVACY RULE Presentation by Richard Campanelli, Director OCR/HHS at 5 th National HIPAA Summit Washington, D.C. October 31, 2002

2 Some of the Key Modifications to the Privacy Rule: August 14, 2002  Consent made voluntary & notice strengthened  Clearer rules for marketing uses of information  Permits incidental uses and disclosures with reasonable safeguards  Facilitates research activities  Simplifies and consolidates authorization requirements  Continues reporting of adverse events related to FDA regulated products/activities  Defers to state law on parental access to medical information of minors  Gives covered entities up to an additional year to conform business associate contracts

3 OCR HIPAA Privacy Resources  Available at:  Resources include:  Complete Privacy Rule Text, as modified  Fact Sheets and Press Releases on modifications  Frequently Asked Questions about the Privacy Rule  Sample Business Associate Contract Provisions

4 Privacy Rule Modifications Uses and Disclosures for Treatment, Payment and Health Care Operations (TPO) Consent no longer mandated, but is permitted  Consent no longer mandated, but is permitted Voluntary consent permits providers to retain existing consent mechanisms Voluntary consent permits providers to retain existing consent mechanisms  PHI sharing allowed for treatment, payment, and quality related health care operations of others  Strengthened notice and right to request restrictions maintain values public attributed to consent

5 Privacy Rule Modifications Notice  Notice strengthened by requiring direct treatment providers to make good faith effort to get acknowledgement of receipt of notice preserves “initial moment” to discuss privacy issues preserves “initial moment” to discuss privacy issues emergency exception to good faith effortemergency exception to good faith effort  Otherwise retains Notice of information practices and individual rights at first service delivery for direct treatment providers

6 Privacy Rule Modifications Marketing Definition (1)  MARKETING IS: to make a communication that encourages a person to purchase or use a product or service to make a communication that encourages a person to purchase or use a product or service  MARKETING IS ALSO: Arrangements where covered entity is paid to disclose PHI to a 3rd party for that party to market its own products or services directly to individuals Arrangements where covered entity is paid to disclose PHI to a 3rd party for that party to market its own products or services directly to individuals  Authorization is always required for marketing, unless Communication is face-to-face or involves promotional gifts of nominal value Communication is face-to-face or involves promotional gifts of nominal value

7 Privacy Rule Modifications Marketing Definition (2)  MARKETING IS NOT a communication about : A covered entity’s own health-related products and services A covered entity’s own health-related products and services The individual’s treatment The individual’s treatment Care coordination, case management, or recommending treatment alternatives for an individual Care coordination, case management, or recommending treatment alternatives for an individual  Eliminates remuneration as condition for these exceptions

8 Privacy Rule Modifications Incidental Disclosures  Adds express permission to use/disclose PHI that is incidental to an otherwise permitted use or disclosure, provided minimum necessary and safeguard standards are met Allows for common practices if reasonably performedAllows for common practices if reasonably performed Examples: Talking to patient in semi-private room;Examples: Talking to patient in semi-private room; Talking to other providers if passers-by are present; Waiting room sign in sheets; Patient chart at bedside, etc.

9 Privacy Rule Compliance and Enforcement Compliance and Enforcement

10 Privacy Rule Compliance and Enforcement  Technical Assistance from OCR/HHS FAQs FAQs Privacy Rule Guidance Privacy Rule Guidance Sample Business Associate Contract Provisions Sample Business Associate Contract Provisions Technical assistance for targeted audiences, including patients Technical assistance for targeted audiences, including patients OCR website: OCR website: Public education – conferences, seminars Public education – conferences, seminars Secretary’s Regional HIPAA Conferences Secretary’s Regional HIPAA Conferences

11 Privacy Rule Standards for Civil Money Penalties  CMPs may be imposed on a “person who violates a provision of this part.”  CMPs may not be more than – –$100/violation –$25,000/calendar year/same violation  CMPs may not be imposed if – –The act is punishable as criminal offense –HHS determines that the person “did not know, and by exercising reasonable diligence would not have known” of the violation, or –The failure to comply was due to reasonable cause and not willful neglect and is corrected in the 30-day cure period (or longer period as determined by Secretary)