THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HITECH Regulations and Enforcement Director Leon Rodriguez U.S. Department of Health and Human Services Office for Civil Rights.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Red Flag Rules: What they are? & What you need to do

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

1 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18, 2008 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18,

Dr. Don Lloyd Cook Gill Ragon Owen, PA.  Practicing law in AR since 1989  Virginia Tech, Ph.D. in Marketing ◦ Virginia Tech Congressional Fellow in.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

NAU HIPAA Awareness Training

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

HIPAA Enforcement Past, Present and Future [Cyndi Moore] [Kevin Bernys] Rose Willis Dickinson Wright PLLC.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives ing Patient Information.

HIPAA PRIVACY AND SECURITY AWARENESS.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

Working with HIT Systems

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

HIPAA/HITECH TRAINING. Why are we here?  HIPAA  HITECH  PHI  Minimum Necessary “Need to Know”  Breaches and Fines.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Office of the Secretary Office for Civil Rights (OCR) Update: Enforcement of the HIPAA Privacy Rule HIPAA Summit August 19, 2008.

Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.

TRIAGE LOGIC 2013  The Health Insurance Portability and Accountability Act of 1996 was part of the Clinton healthcare reform agenda. Its original intention.

PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Patient Privacy for the Life Sciences Industry: 2012 Update Drew Gantt and David Sclar Cooley LLP 1.

Rational HIPAA Woes for the CFO and Business Leaders

REDCap and Vanderbilt’s Human Research Protection Program (VHRPP)

By: Eamon Callahan and Wilston Johnston

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Enforcement and Policy Challenges in Health Information Privacy

Auditing Compliance with the Privacy Rule

Introduction to the PACS Security

Presentation transcript:

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA Enforcement Highlights

Copyright 2012 Strategic Management Services, LLC Providence Health & Services (Providence) July 2008 Resolution Agreement with HHS to settle potential violations of the HIPAA Privacy and Security Rules. Providence removed and left backup tapes, optical disks, and laptops containing unencrypted protected health information unattended. Subsequently, the media and laptops were lost or stolen. Compromised the protected health information for over 300,000 patients. 2

Copyright 2012 Strategic Management Services, LLC Providence Health & Services (Providence) July 2008 Under the three year Resolution Agreement, Providence agreed to: Pay $100,000. Implement a corrective action plan: Revise policies and procedures. Train workforce members. Conduct audits and site-visits. Submit compliance reports. 3

Copyright 2012 Strategic Management Services, LLC Blue Cross and Blue Shield of Tennessee (BCBST) October 2009 Settled with the government in response to alleged violations of the HIPAA requirements. 57 unencrypted computer hard drives were stolen, containing over one million individuals protected health information. BCBST had not performed the necessary security evaluation prior to storing individuals protected health information at the facility. 4

Copyright 2012 Strategic Management Services, LLC Blue Cross and Blue Shield of Tennessee (BCBST) October 2009 Under Settlement Agreement, BCBST is required to: Pay $1.5 million. Develop a corrective action plan: Review and update HIPAA policies and procedures. Administer HIPAA training to its workforce. Update the facility access plans to prevent future thefts of protected health information. 5

Copyright 2012 Strategic Management Services, LLC Cignet Health of Prince Georges County, MD October 2010 OCR fined Cignet Health with a civil money penalty (CMP) for violating HIPPA requirements. Cignet Health denied 41 patients access to their medical records. They received a $1.3 million CMP. Cignet Health failed to cooperate in the OCR investigation. They received a $3 million CMP. Cignet did not request a hearing, and therefore, the total CMP of $4.3 million is final. 6

Copyright 2012 Strategic Management Services, LLC Massachusetts General Hospital (MGH) February 2011 Settled with the government in response to violation of HIPAA Privacy Rule. An MGH employee lost information on the subway train for 192 patients of MGHs Infectious Disease Associates outpatient practice. These unrecovered documents included information such as patient names, date of birth, medical record number, health insurer and policy numbers, diagnosis and names of providers. 7

Copyright 2012 Strategic Management Services, LLC Massachusetts General Hospital (MGH) February 2011 Under the three year Resolution Agreement, MGH agreed to: Pay $1 million. Develop a corrective action plan: Revise policies and procedures. Train workforce members. Authorize Director of Internal Audit Services of Partners Healthcare System Inc. to act as an internal monitor. 8

Copyright 2012 Strategic Management Services, LLC The University of California at Los Angeles Health System (UCLAHS) July 2011 Resolution agreement with HHS to settle potential violations of the HIPAA Privacy and Security Rules. Two complaints that employees were inappropriately examining protected health information of patients. UCLAHS had not documented or made available Security Rule training for employees, sanction employees for their actions, or have adequate security measures to protect patient health information. 9

Copyright 2012 Strategic Management Services, LLC Under the three year Resolution Agreement, UCLAHS agreed to: Pay $865,500. Enforce a Corrective Action Plan: Revise policies and procedures. Distribute and update policies and procedures. Train workforce members. Assign an independent individual or agency to monitor compliance. The University of California at Los Angeles Health System (UCLAHS) July

Copyright 2012 Strategic Management Services, LLC Conclusion Under the Patient Protection and Affordable Care Act, the HHS Office for Civil Rights is required to increase enforcement activities of security, privacy, and breach. Providers must ensure they have adopted the necessary safeguards. Safeguard include: Developing HIPAA policies and procedures. Developing and administering HIPAA compliance training. Conducting HIPAA Risk Assessments. Forming HIPAA-related strategies and business plans. Strategic Management help your organization with these safeguards and more. 11