HITECH’s Impact on Research

Slides:

Advertisements

Similar presentations

HIPAA Health Insurance Portability and Accountability Act of 1996

Advertisements

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

Steps to Compliance: Managing Business Associates PRESENTED BY.

HIPAA Basics November 1, 2014.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

 July 10, 2013 Richard D. Sanders T HE S ANDERS L AW F IRM, P.C. 7 Piedmont Center, Suite Piedmont Road Atlanta, Georgia (404)

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.

HIPAA Update: So what’s new with HIPAA?? And, what does it have to do with you? Ellen Cannon, WV DHHR HIPAA Privacy Officer WV Attorney General’s Office.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health Insurance Portability & Accountability Act (HIPAA)

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

Security Breach Notification © 2009 Fox Rothschild A Webinar for the Medical Society of New Jersey October 28, 2009 Presented by Helen Oscislawski, Esq.

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

From HIPAA to HITECH OMH Briefing.

The Use of Health Information Technology in Physician Practices

Health Information Technology for Economic and Clinical Health Act (HITECH)

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

Update on Federal HIT Legislation Kirsten Beronio Mental Health America.

Arkansas State Law Which Governs Sensitive Information…… Part 3B

HITECH Act and HIPAA: Important Compliance Update Susan E. Ziel Gerald “Jud” DeLoss.

David G. Schoolcraft Ogden Murphy Wallace, PLLC

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

David G. Schoolcraft Ogden Murphy Wallace, PLLC

Configuring Electronic Health Records Privacy and Security in the US Lecture c This material (Comp11_Unit7c) was developed by Oregon Health & Science University.

HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

We’ve Had A Breach – Now What? Garfunkel Wild, P.C. 411 Hackensack Avenue 6 th Floor Hackensack, New Jersey Broadway Albany,

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

1 Kansas Health Solutions July 9, 2009 HIPAA Goes HITECH Martie Ross Lathrop & Gage LLP (913)

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Public Health IT Privacy, Confidentiality and Security of Public Health Information This material (Comp13_Unit2) was developed Columbia University, funded.

© 2016 McGraw-Hill Education. All rights reserved. Ch 8 Privacy, Security and Fraud.

PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.

WSOPP HIPAA Compliance

Health Insurance Portability and Accountability Act of 1996

HIPAA PRIVACY & SECURITY TRAINING

UNDERSTANDING WHAT HIPAA IS AND IS NOT

HIPAA THE PRIVACY RULE Reviewed December 2012.

Enforcement, Business Associates and Breach Notification. Oh my!

Patient Privacy for the Life Sciences Industry: 2012 Update Drew Gantt and David Sclar Cooley LLP 1.

Health Information Privacy & Security

Health Advocate HIPAA Privacy Information

Privacy, Security & NYS Confidentiality Laws

Mayo Clinic Privacy Office

Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.

Presentation transcript:

HITECH’s Impact on Research August 18, 2009

HITECH Act (1) Health Information Technology for Economic and Clinical Health Act Part of American Recovery and Reinvestment Act of 2009 (Stimulus Bill) Creates new federal Health and Human Services (HHS) Office Office of the National Coordinator for Health Information Technology (ONC)

HITECH Act (2) ONC to manage/allocate $20 billion in support of Health Information Technology (HIT) projects investment in HIT infrastructure to facilitate a nation wide HI network standards development incentives through Medicare & Medicaid reimbursement for using EHR technology Additional HIPAA Privacy and Security rules

New Rules Largest impact in clinical care arena Three provisions affect research Notification of breaches Sale of PHI Audits

Notification of Breaches (1) Notifications required when unsecured PHI is part of a security breach HHS has issued draft guidance on how to ‘secure’ PHI Only two acceptable methods; but are requesting feedback on additional security paramaters Encryption Data at rest (consistent with Nat. Inst. Of Standards & Technology Pub. # 800-111) Data in motion (comply with requirements of Fed. Info. Processing Standards 140-2) Destruction ‘breach’ broadly defined to include unauthorized acquisition, access, use or disclosure of PHI that compromises its security, privacy or integrity; excludes inadvertent disclosure when information is not further acquired, accessed, used or disclosed

Notification of Breaches (2) Must notify subject without unreasonable delay; at least within 60 days after discovery of breach A brief description of what happened PHI involved in the breach Steps the individual should take to protect him/herself What you are doing to investigate the breach, to mitigate losses and to prevent further breaches Contact information (a toll free #, e-mail address, website or postal address)

Notification of Breaches (3) Must notify prominent media outlets if breach affects 500 or more individuals Must notify Health and Human Services immediate notification if 500 or more subjects affected by the breach; posted on HHS website smaller breaches reported annually Effective 30 days following issuance of HHS regulations—approximately September 15, 2009

Sale of PHI Requires patient authorization Exception for research As long as the price charged is limited to data preparation and transmittal costs Awaiting guidance on what can be considered a ‘preparation’ cost

Audits Secretary of HHS to conduct periodic audits of CEs to ensure compliance Not a current requirement of HIPAA Privacy/Security Rules Criminal and civil penalties Not new What is new Apply to individual employees as well as organization Civil penalties substantially increased Was $100/violation up to $25K/year for same violation Now range of $100 to $50K/violation up to $25K to $1.5M/year Range based on level of culpability Penalties collected used to fund enforcement efforts Patients to receive a portion of the penalties