“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

Slides:

Advertisements

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Advertisements

Implementing the New HIPAA Rules

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

2013 HIPAA/ HITECH UPDATE Dirk D. Wilke, J.D., M.B.A. North Dakota Department of Health HIPAA Coordinator and Privacy Officer.

Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.

Steps to Compliance: Managing Business Associates PRESENTED BY.

WHAT IS HIPAA? HBR Training – New Rules May 15, 2013.

HIPAA Update: The Omnibus Rule Kathleen Stillwell, MPA/HSA,RN,CPHRM Patient Safety Risk Management Account Executive Matthew L. Kinley, Esq., Partner -

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Presented by: Thomas J. Weber, Esq. Goldberg Katzman, P.C. HIPAA 2013 Update Hosted by: Sponsored By:

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.

W W W. L E C L A I R R Y A N. C O M Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Regulations What do you need to know?.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

Importance of the Information Risk Assessment. Compliance Programs are intended to proactively audit and assess an organization’s operations to detect.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

HIPAA Privacy of Health Information Claudia Allen, Esq. General Counsel HealthBridge.

What You Don’t Know Can Cost You HIPAA in a HITECH World Alaina N. Crislip, Esq. October 10, 2013.

Hot Topics Legal Update Jill D. Moore, JD, MPH University of North Carolina School of Government September 2014.

April 19, 2013Karen Smith Claire Turcotte © Bricker & Eckler LLP v3.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health Insurance Portability & Accountability Act (HIPAA)

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

HIPAA Update – Significant Omnibus Rule Changes Rose Willis Billee Lightvoet Ward Dickinson Wright PLLC.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Office of the Secretary Office for Civil Rights (OCR) HIPAA Privacy and Security Rules Updates HIPAA COW 2010 Spring Conference April 16, 2010.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.

HIPAA and HITECH The Latest Developments Presented By: Michele Madison Partner, Healthcare Practice Morris, Manning & Martin, LLP

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Polsinelli Shughart PC In California, Polsinelli Shughart LLP Final HIPAA Omnibus Rule Highlights Presented to the Colorado Bar Association, Health Law.

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

HIPAA Omnibus Rule of 2013 POSA August 29, 2013 Renee H. Martin, JD, RN, MSN Tsoules, Sweeney, Martin & Orr, LLC 29 Dowlin Forge Road Exton, PA Tel.:

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

The New HIPAA Era: What's New, What's Different and What's Actually Important Kirk J. Nahra Wiley Rein LLP Washington, D.C

Overview of the Omnibus Final HIPAA Rule Kohler HealthCare Consulting, Inc. Deanna Turner

HITECH Act and HIPAA: Important Compliance Update Susan E. Ziel Gerald “Jud” DeLoss.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

Final HIPAA-HITECH Rules, Cybersecurity, and Privacy Dino TsibourisMehmet Munur (614) (614)

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

1 Kansas Health Solutions July 9, 2009 HIPAA Goes HITECH Martie Ross Lathrop & Gage LLP (913)

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.

Main Line Hospitals Institutional Review Board HIPAA Policy Changes 2013 Anne Marie Hobson, BSN, JD, ORA Director.

PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.

Enforcement, Business Associates and Breach Notification. Oh my!

HIPAA CONFIDENTIALITY

HIPAA Administrative Simplification

HIPPA/HITECH Act Requirements Under the Business Associate Agreement Between CNI and Military Health Services.

Presentation transcript:

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment System HIPAA Privacy and Security 2013: The New Regulations By Melanie A. Herring, Esq.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care arizona health care cost containment system 2 Major Provisions  Breach Notification Regulations  Business Associate (BA) Changes  Enhanced Enforcement and Penalties  New Privacy Requirements  Amended Notice of Privacy Practices (NPP)

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care arizona health care cost containment system 3 Important Deadlines  January 25, 2013: Final Regs were issued  March 22, 2013: Effective Date  September 23, 2013: Compliance Date (180 days from Effective Date)*  September 22, 2014: Deferred Compliance Date for Certain BA Contracts *For all future HIPAA amendments, default 180 day compliance deadline

“Reaching across Arizona to provide comprehensive quality health care for those in need” Breach Notification Standards... When a CE is required to report a privacy or security breach to HHS-OCR, the affected individuals, and/or the media.... Our first care is your health care arizona health care cost containment system 4

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care arizona health care cost containment system 5... Breach Notification Standards  Under the old rule, breaches were not reported unless they posed “a significant risk of reputational, financial or other harm”  Under the new rule, “harm threshold” is eliminated and replaced with a more objective standard  Under the new rule, the “safe harbor” provisions for encrypted and PHI secure disposal remain intact

“Reaching across Arizona to provide comprehensive quality health care for those in need”... Breach Notification Standards New Rule: All incidents are assumed to be a reportable breach to HHS-OCR unless a Risk Analysis (RA) reveals a “low probability” that PHI has been compromised Our first care is your health care arizona health care cost containment system 6

“Reaching across Arizona to provide comprehensive quality health care for those in need”... Breach Notification Standards 4 factors to a Risk Analysis: The nature and extent of PHI involved, including the types of identifiers and the likelihood of re- identification The unauthorized person who used or received the PHI Whether the PHI was actually acquired and viewed, and Our first care is your health care arizona health care cost containment system 7

“Reaching across Arizona to provide comprehensive quality health care for those in need”... Breach Notification Standards  The extent to which any risk to the PHI has been mitigated Notification to HHS-OCR will be required if the RA reveals any risk except “Low Probability that the PHI will be or has been compromised” Our first care is your health care arizona health care cost containment system 8

“Reaching across Arizona to provide comprehensive quality health care for those in need”... Breach Notification Standards  The CE’s Risk Analysis must be in writing and retained by the CE.  Willful Negligence: If a breach reported to HHS-OCR suggests “willful negligence” by the CE or its BA, then HHS-OCR must investigate Our first care is your health care arizona health care cost containment system 9

“Reaching across Arizona to provide comprehensive quality health care for those in need” Business Associate Requirements This section of the regulation has the most changes. Highlights:  Amended BA definition: Clarify that a BA is also an entity that “maintains” PHI on behalf of the CE (i.e.: record storage services, record locator services) E-prescribing Gateways, HIO’s, PSO’s are a BA Our first care is your health care arizona health care cost containment system 10

“Reaching across Arizona to provide comprehensive quality health care for those in need”...Business Associate Requirements  Security Rule, Minimum Necessary Rule, Accounting of Disclosures Rule now apply directly to BA’s  Our BA contracts will require amendments  Our BA’s must now have BA contracts in place with their subcontractors Our first care is your health care arizona health care cost containment system 11

“Reaching across Arizona to provide comprehensive quality health care for those in need”... Business Associate Requirements  BA’s are now directly liable for their own breaches, and the CE of a BA remains liable as well for its BA’s breaches  Subcontractors to BA’s are directly liable for their own breaches Our first care is your health care arizona health care cost containment system 12

“Reaching across Arizona to provide comprehensive quality health care for those in need” Enhanced Penalties and Enforcement  HHS-OCR may fine all parties responsible (i.e.: can fine the CE and the BA for the same violation)  The General Rule: Monetary penalties will be tallied on a per person and per day basis  Maximum Annual Cap for Violations of a Provision: 1.5 million dollars  A few defenses are allowed but if you do not cure the violation within 30 days of the breach you may lose that defense Our first care is your health care arizona health care cost containment system 13

“Reaching across Arizona to provide comprehensive quality health care for those in need” New Privacy Requirements  50 year deceased exception  BA’s are now directly required to comply with significant provisions of the privacy rule  Genetic information (GINA) is now expressly included within the definition of “health information”  Amendments to the Marketing Requirements (mostly dealing with financial remuneration marketing) Our first care is your health care arizona health care cost containment system 14

“Reaching across Arizona to provide comprehensive quality health care for those in need”... New Privacy Requirements  Prohibits the sale of PHI without individual authorization (data use agreements)  Enhances an individual’s right to request and receive a copy of their PHI records  An individual can restrict disclosures of his/her PHI to health plans if the PHI pertains solely to a service that the individual has paid for in full Our first care is your health care arizona health care cost containment system 15

“Reaching across Arizona to provide comprehensive quality health care for those in need”... New Privacy Requirements  Relaxes the regulations surrounding disclosures of PHI to family members or others involved in the person’s care  Allows disclosure of immunization records to schools Our first care is your health care arizona health care cost containment system 16

“Reaching across Arizona to provide comprehensive quality health care for those in need” Notice of Privacy Practices Must Amend the CE’s Notice of Privacy Practices and mail to all individuals by September 23, 2013 Our first care is your health care arizona health care cost containment system 17

“Reaching across Arizona to provide comprehensive quality health care for those in need” Genetic Information Nondiscrimination Act (GINA) GINA prohibits the use of genetic information for underwriting purposes. HHS has made this prohibition applicable to all health plans subject to HIPAA, not just the limited set of plans covered by GINA Our first care is your health care arizona health care cost containment system 18