HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HIPAA Training: Health Insurance Portability and Accountability Act.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

NAU HIPAA Awareness Training

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Health Insurance Portability & Accountability Act (HIPAA)

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

POP QUIZ!!! Can fraud be accidental? What do you call organizations who must abide HIPAA regulations? What does ‘minimum standard necessary’ mean?

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

 Health Insurance and Accountability Act Cornelius Villalon Jr.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

Health Insurance Portability and Accountability Act of 1996

HIPAA PRIVACY & SECURITY TRAINING

HIPAA THE PRIVACY RULE Reviewed December 2012.

Health Information Privacy & Security

Disability Services Agencies Briefing On HIPAA

Lesson 1  7 Basic Components of an Effective Compliance Plan

Presentation transcript:

HIPAA What’s New? 2010

What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act of 1996 Administrative Simplification Subtitle Administrative Simplification Subtitle Privacy Rules Privacy Rules Electronic Data Sets Electronic Data Sets Security Rules Security Rules National Provider Identifiers National Provider Identifiers HI Tech Security Standards (ARRA Regulation) HI Tech Security Standards (ARRA Regulation)

Are we covered? HHS is a Covered Entity HHS is a Covered Entity A Covered Entity is an organization: A Covered Entity is an organization: Provider Provider Health Plan Health Plan Clearing House Clearing House HHS providers are Business Associates HHS providers are Business Associates A business associate is an organization that provides any health related services A business associate is an organization that provides any health related services

What Is ARRA? American Recovery and Reinvestment Act of 2009 American Recovery and Reinvestment Act of 2009 Required for Electronic Health Record Movement Required for Electronic Health Record Movement Required for Healthcare Reform Required for Healthcare Reform Holds Business Associates to the complete set of HIPAA Regulations

HITECH Security Standards Requires Business Associates to: Requires Business Associates to: Notify Covered Entity of Security Breaches Notify Covered Entity of Security Breaches Latest HI Tech Security Survey shows: Latest HI Tech Security Survey shows: 50 percent organizations have experienced at least one data breach this year; 50 percent organizations have experienced at least one data breach this year; 57 percent of the organizations reported that they now have a greater level of awareness of data breaches and breach risk; and 57 percent of the organizations reported that they now have a greater level of awareness of data breaches and breach risk; and 90 percent of the organizations plan to change policies and procedures to prevent and detect data breaches. 90 percent of the organizations plan to change policies and procedures to prevent and detect data breaches.

HITECH Security Standards Breach Notification Breach Notification Defines a breach Defines a breach Sets Standard Timeframes for notification Sets Standard Timeframes for notification 60 calendar days after discovery 60 calendar days after discovery Notification to individuals when their PHI is breached Notification to individuals when their PHI is breached Media Notification more than 500 patient records breached Media Notification more than 500 patient records breached Notice to Department Health and Human Services Notice to Department Health and Human Services Notice Letters to all involved Notice Letters to all involved

HITECH Security Standards Expanded Restrictions on Accounting and Disclosures Expanded Restrictions on Accounting and Disclosures Business Associates are required to provide an individual upon request with an accounting of disclosures of the information in her electronic health record (“EHR”) over the last three years Business Associates are required to provide an individual upon request with an accounting of disclosures of the information in her electronic health record (“EHR”) over the last three years Any organization bringing up an EMR/EHR in 2009 will be required to be compliant by 2011 Any organization bringing up an EMR/EHR in 2009 will be required to be compliant by 2011

HITECH Security Standards Prohibits sale of Patient Names without authorization Prohibits sale of Patient Names without authorization Restricts marketing practices to: Restricts marketing practices to: Free marketing if to communicate services within a program the individual is participating in; OR Free marketing if to communicate services within a program the individual is participating in; OR To describe healthcare options To describe healthcare options

HITECH Security Standards Minimum Data Set Minimum Data Set Limits the sharing of information to “data sets” that are de-identified Limits the sharing of information to “data sets” that are de-identified Requires the removal of Name, Address, Social Security Number and other key identifiers Requires the removal of Name, Address, Social Security Number and other key identifiers This is in addition to the HIPAA Privacy Rule Minimum Necessary This is in addition to the HIPAA Privacy Rule Minimum Necessary Share only the minimum necessary amount of information so the next person can complete their work responsibilities Share only the minimum necessary amount of information so the next person can complete their work responsibilities

HITECH Security Standards History of HIPAA Enforcement History of HIPAA Enforcement 48,000 complaints received by Department of Health &Human Services (HHS) 48,000 complaints received by Department of Health &Human Services (HHS) Vast majority resolved through voluntary compliance or corrective action Vast majority resolved through voluntary compliance or corrective action Handful of criminal prosecutions Handful of criminal prosecutions

Sanctions and Penalties The original HIPAA regulations held Covered Entities to potential sanctions and criminal penalties for breaches The original HIPAA regulations held Covered Entities to potential sanctions and criminal penalties for breaches HITECH holds Business Associates to the same level of requirements as Covered Entities HITECH holds Business Associates to the same level of requirements as Covered Entities

Case Study – We’ve Lost Our Client’s Data! A business associate discovers a computer belonging to its employee is missing. The last time they remember seeing it was three months ago. A business associate discovers a computer belonging to its employee is missing. The last time they remember seeing it was three months ago. Where do you start? Where do you start? What should you be concerned with? What should you be concerned with?

HIPAA Breaches Breaches are classified as Breaches are classified as Low Risk Low Risk Medium Risk Medium Risk High Risk High Risk Risk is defined as potential litigation, confidentiality breach or compliance liability to the organization Risk is defined as potential litigation, confidentiality breach or compliance liability to the organization

Breach Notification Business Associates are required to notify HHS of any breaches for HHS program participants being managed by the provider along with what has been done to mitigate the risk. Business Associates are required to notify HHS of any breaches for HHS program participants being managed by the provider along with what has been done to mitigate the risk. HIPAA issues can be sent to the HIPAA Privacy Officer at or faxed to HIPAA issues can be sent to the HIPAA Privacy Officer at or faxed to

Questions Contact HHS via or Contact HHS via or call