Privacy Trends TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
JCAHO –A HIPAA Business Associate National HIPAA Summit
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
1 Targeted Case Management (TCM) Changes Iowa Medicaid Enterprise October 14, 2008.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA AWARENESS TRAINING
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Surveillance TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.
HIPAA Privacy Rule Training
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.
HIPAA Privacy Rule Training
UNDERSTANDING WHAT HIPAA IS AND IS NOT
HIPAA Administrative Simplification
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Enforcement and Policy Challenges in Health Information Privacy
Presentation transcript:

Privacy Trends TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office

Privacy Trends TRICARE Management Activity HEALTH AFFAIRS

TRICARE Management Activity HEALTH AFFAIRS 3 Privacy Trends Purpose The purpose of this presentation is to provide awareness and insight into current privacy initiatives and activities that could one day potentially impact operations

TRICARE Management Activity HEALTH AFFAIRS 4 Privacy Trends Objectives Upon completion of this presentation, you should be able to: − Identify Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Privacy and Security Framework principles − Explain recent Health Insurance Portability and Accountability Act (HIPAA) enforcement examples − Describe applicable provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)

TRICARE Management Activity HEALTH AFFAIRS 5 Privacy and Security Framework & Toolkit

TRICARE Management Activity HEALTH AFFAIRS 6 Privacy Trends Privacy and Security Framework In December 2008, OCR published the “Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information” (the framework) − Establishes privacy and security principles for health care stakeholders engaged in the electronic exchange of information − Designed to complement and work with existing federal, state, territorial, local and tribal laws and regulations − Provides a single, consistent approach to address the privacy and security challenges related to electronic health information exchange

TRICARE Management Activity HEALTH AFFAIRS 7 Privacy Trends Privacy and Security Framework (continued) The framework consists of eight guiding principles − Individual access − Correction − Openness and transparency − Individual choice − Collection, use & disclosure limitation − Data quality & integrity − Safeguards − Accountability

TRICARE Management Activity HEALTH AFFAIRS 8 Privacy Trends Privacy and Security Framework (continued) Individual access: Individuals should be provided with a simple and timely means to access and obtain their individually identifiable health information in a readable form and format Correction: Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied

TRICARE Management Activity HEALTH AFFAIRS 9 Privacy Trends Privacy and Security Framework (continued) Openness and transparency: There should be openness and transparency about policies, procedures, and technologies that directly affect individuals and/or their individually identifiable health information Individual choice: Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information

TRICARE Management Activity HEALTH AFFAIRS 10 Privacy Trends Privacy and Security Framework (continued) Collection, use & disclosure limitation: Individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately Data quality & integrity: Persons and entities should take reasonable steps to ensure that individually identifiable health information is complete, accurate, and up-to-date to the extent necessary for the person’s or entity’s intended purposes and has not been altered or destroyed in an unauthorized manner

TRICARE Management Activity HEALTH AFFAIRS 11 Privacy Trends Privacy and Security Framework (continued) Safeguards: Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure Accountability: This principle should be implemented, and adherence assured, through appropriate monitoring and other means and methods should be in place to report and mitigate non-adherence and breaches

TRICARE Management Activity HEALTH AFFAIRS 12 Privacy Trends Privacy and Security Toolkit OCR also published the “Privacy and Security Toolkit to Implement the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information” (the toolkit) The toolkit is a series of documents that clarify how the HIPAA Privacy Rule applies to, and can be used to help structure the privacy policies behind, electronic health information exchange in a networked environment − How HIPAA covered entities can utilize the Privacy Rule’s established baseline of privacy protections and individual rights with respect to elicit greater consumer confidence, trust, and participation − Includes Frequently Asked Questions (FAQs), fact sheets, and information papers relating to each of the framework principles

TRICARE Management Activity HEALTH AFFAIRS 13 Privacy Trends Privacy and Security Framework & Toolkit No new rules, regulations, or mandates have been made as a result of the framework that was issued by OCR on December 15, 2008 Staff can utilize the fine points provided within the framework and toolkit for informational purposes

TRICARE Management Activity HEALTH AFFAIRS 14 Privacy Trends Recent HIPAA Enforcement

TRICARE Management Activity HEALTH AFFAIRS 15 Privacy Trends Providence Health and Services Resolution Agreement − Includes OCR and Centers for Medicare & Medicaid Services (CMS) − Terms and conditions include a fine of $100,000 and a Corrective Action Plan (CAP) − Covered incidents refer to Providence Health and Services (PHS) of Seattle, Washington loss of electronic backup media containing records of 386,000+ PHS patients and laptop computers containing individually identifiable health information in 2005 and 2006

TRICARE Management Activity HEALTH AFFAIRS 16 Privacy Trends Providence Health and Services (continued)  Corrective Action Plan − Policies and Procedures: Consistent with federal standards that govern Protected Health Information (PHI) and electronic Protected Health Information (ePHI); submit policies and procedures to HHS for approval − Training: Within 90 days of HHS approval of policies, PHS shall provide evidence that training has been provided to all members of PHS workforce − Monitoring (quarterly): Ensures understanding of policies and procedures, may include unannounced site visits − Implementation and Annual Reports: Within 120 days after receiving HHS approval of policies and procedures, a written report summarizing status of PHS implementation of CAP requirements must be submitted to HHS

TRICARE Management Activity HEALTH AFFAIRS 17 Privacy Trends CVS Resolution Agreement − Agreement includes OCR and CVS Pharmacy, Inc. (CVS Entities) − Covered conduct includes disposing of PHI in dumpsters, lack of policies and procedures, lack of sanctions policy, and insufficient HIPAA Privacy Rule training − CVS Entities must designate a compliance representative that will be responsible for ensuring compliance with the Resolution Agreement and CAP (including providing policies, procedures, training, and internal monitoring services) − CVS Entities must pay HHS $2,250,000 − Execute and comply with the CAP

TRICARE Management Activity HEALTH AFFAIRS 18 Privacy Trends CVS (continued) Corrective Action Plan − Policies and procedures: Develop, maintain, and revise uniform, written privacy policies and procedures and submit to OCR for review and approval. Each member of workforce must submit a compliance certification acknowledging receipt and understanding − Training: Provide to all workforce members with access to PHI − Monitoring Internal: Written internal monitoring plan describing plan to monitor compliance with policies and procedures Assessments: Annual third party assessments on compliance with CAP obligations − Internal reporting: Procedure for reporting violation of policies and procedures

TRICARE Management Activity HEALTH AFFAIRS 19 Privacy Trends American Recovery and Reinvestment Act

TRICARE Management Activity HEALTH AFFAIRS 20 Privacy Trends American Recovery and Reinvestment Act HIPAA Privacy & Security Rules extended to business associates − Requirements, as well as civil and criminal penalties, now apply to business associates in the same manner as covered entities − Business associate contracts must include new requirements Breaches − Current DoD breach notification requirements are MORE stringent − Covered entities must notify individuals whose unsecured PHI has been breached within 60 days of discovery − Notification to HHS based on number of individuals affected − Business associates must notify covered entities of a breach and provide each individual’s name − Methods and content of notification are specified

TRICARE Management Activity HEALTH AFFAIRS 21 Privacy Trends ARRA (continued) Health Information Technology (HIT) − Appropriates approximately $20 billion to HIT − HHS will appoint a National Coordinator for HIT responsible for Coordinating HIT policies and programs Developing a voluntary HIT certification program Setting milestones for electronic health records by 2014 Accounting of disclosures − Covered entities that maintain ePHI must include routine disclosures for treatment, payment, or health care operations (TPO) in its accounting list − Limited to three years (other accounting of disclosures remain for six years)

TRICARE Management Activity HEALTH AFFAIRS 22 Privacy Trends ARRA (continued) Remuneration for the exchange of PHI − Prohibits direct or indirect exchange of remuneration for any exchange of PHI, unless authorized by individual Disclosure restrictions for payment and health care operations − Covered entities must agree to an individual’s request to restrict disclosure to a health plan when payments have been paid out of pocket in full

TRICARE Management Activity HEALTH AFFAIRS 23 Privacy Trends Summary You should now be able to: − Identify OCR Privacy and Security Framework principles − Explain recent HIPAA enforcement examples − Describe applicable provisions of ARRA

TRICARE Management Activity HEALTH AFFAIRS 24 Privacy Trends Resources for further information on Privacy and Security Framework and Toolkits and HIPAA enforcement actions =111_cong_bills&docid=f:h1enr.pdf for a link to the complete ARRA for subject matter questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.