HIPAA and the TAS: Is it As Bad As We Thought It Would Be? Thoughts on Current Experiences and Problems Marty Ween, Esq Wilson Elser Moskowitz Edelman.

Slides:



Advertisements
Similar presentations
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Advertisements

HIPAA Basics November 1, 2014.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability and Accountability Act (HIPAA)
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
Health Insurance Portability & Accountability Act (HIPAA)
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Colorado Springs, Colorado June 23, 2007 Martin M. Ween Senior Partner 63.
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
HIPAA PRIVACY AND SECURITY AWARENESS.
California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
1 Ethics For the Employee Benefits Agent.  Ethics – defined as a principle of right or good conduct; a system of moral principles or values; the rules.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAAand Disaster Situations By LYNDA M. JOHNSON Friday, Eldredge & Clark.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA.
Health Advocate HIPAA Privacy Information
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
The Health Insurance Portability and Accountability Act
Presentation transcript:

HIPAA and the TAS: Is it As Bad As We Thought It Would Be? Thoughts on Current Experiences and Problems Marty Ween, Esq Wilson Elser Moskowitz Edelman & Dicker LLP Henry Cifuentes Vice President – Hays Affinity April 30, 2014

Webinar Agenda ATSI / Hays Program Intro Speaker Intro ATSI / Hays PL Policy Highlights Questions

About the ATSI/Hays Insurance Program The same program underwriters and defense law firm for over 20 years Program exclusively offered to ATSI members, however, all may obtain a quote Policy is tailored to your industry, it is not a miscellaneous policy – common in the marketplace ATSI and Hays are both constantly working with the underwriters to provide a competitive and industry leading product

Program Enhancements  Cyber Liability Coverage $100,000 Now included at no additional cost. Higher options available for nominal premium, up to $1,000,000 Coverage provides protection for: –Allegations of failing to prevent unauthorized access to computer systems –Releases or transmitting of a computer virus –Destruction, corruption or removal of electronic data stored or transmitted  HIPPA/HITECH Fines Coverage Important if you have any medical related clients/business Reimbursement for Fines and Penalities - $50,000/$100,000 at no additional cost. Higher limits available for a nominal additional premium. HIPPA/HITECH – if a third party claim, coverage up to your policy limit.

Program Enhancements With the Professional Liability Insurance in place, we can also assist with:  Business Owners Package  General Liability  Business Property  Workers Compensation  Commercial Business Auto  Employment Practices Liability Just launched in the past month:  Life  Disability  Long-Term  Personal Umbrella Please visit the program website for more information.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Martin M. Ween Senior Partner Association of TeleServices International Webinar – April 30, 2014 HIPAA and the TAS: Is it as Bad as We Thought it Would Be? Thoughts on Current Experiences and Problems Albany Baltimore Boston Chicago Connecticut Dallas Denver ∙ Detroit ∙Houston Las Vegas London ∙ Long Island Los Angeles Miami New Jersey New York Orlando Philadelphia San Diego San Francisco Virginia Washington, DC White Plains Affiliate Offices: Berlin Cologne Frankfurt am Main Munich Paris

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP HIPAA and the TAS: Is it as Bad as We Thought It Would Be? Purpose of this Webinar –1. Provide a short description of HIPAA, HITECH, the Privacy and Security Rules and what is required for Business Associate Agreements –2. What issues have arisen since the final Privacy and Security Rules became effective –3. Provide some suggestions to approach these issues

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act of It is a federal law that protects the privacy of individually identifiable health information, or “Protected Health Information” (“PHI”).

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What is Protected Health Information?  PHI can include, name, age, gender and other personal demographic information such as phone number, address and more, health status information, prescription drug information, healthcare payment information and prior existing conditions.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Privacy Rule The Secretary of Health and Human Resources established the Privacy Rule effective April 14, 2001 to set national standards to protect individuals’ medical records and other personal health information and applied to health plans, health care clearinghouses and to any health care provider who transmits health information (also known as “Covered Entities”).

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Privacy Rule The Privacy Rule also dealt with “Business Associates” of the Covered Entities and the need for these parties to enter into “Business Associate Agreements” (later referred to as “Business Associate Contracts”) confirming compliance with the Privacy Rule.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Security Rule The Security Rule, effective February 2003, requires the “Covered Entities” to use measures that would reasonably and appropriately ensure the confidentiality, integrity and availability of electronic PHI (or “ePHI”); protect against reasonably anticipated threats, hazards, uses or disclosures of ePHI; and ensure that the work force of a covered entity complies with this rule.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What is HITECH? HITECH is the Health Information Technology for Economic and Clinical Health Act, as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”), or the “Stimulus” Act. HITECH was aimed at various areas of concern under HIPAA and the Privacy and Security Rules, including establishing greater protections for ePHI by encryption, as well as to promote the use of electronic information systems. HITECH obligated Business Associates to comply with the HIPAA Privacy and Security Rules on the same basis as Covered Entities and made the Business Associates directly subject to the same civil and criminal penalties for violations.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Why Does Compliance Matter? Audits Civil Penalties $100 to $50,000 per individual violation $25,000 to $1.5 million for multiple violations in a single year. Criminal penalties can range up to $50,000 to as much as $250,000, with imprisonment from one year to as much as ten years. Both the civil and criminal penalties can apply to the organization and its officers, as well as to the individual violators.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Final Privacy and Security Rules After a lengthy public comment process, the final Privacy and Security Rules under HIPAA/HITECH were adopted as of January 25, 2013 Business Associate Agreements were required to be in compliance with these final Rules between September 23, 2013 and September 23, 2014, depending on their renewal date

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? HHS has required ten items for the Business Associate Contract: 1.The permitted and required uses by and disclosures of potential Protected Health Information to the Business Associate; 2.The acknowledgement by the Business Associate that it will not use or further disclose the protected information other than as permitted or required by the services agreement or by law; (

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 3.The agreement of the Business Associate that it will implement appropriate safeguards to protect against unauthorized use or disclosure of the protected information, including safeguards as to Electronic Protected Health Information; 4.The Business Associate must report to the Covered Entity any use or disclosure of the protected information not permitted within the services contract within sixty days of the disclosure;

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 5.The Business Associate has to disclose protected health information if the Covered Entity receives a request from an individual for his or her protected health information, as well as making the protected health information available for amendments and accountings; 6.The Business Associate has to acknowledge that it will comply with the Privacy Rule to the extent the Business Associate is performing the work of the Covered Entity;

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 7.The Business Associate has to make available to HHS its internal practices, books and records in connection with the use and disclosure of protected health information received from, or created or received by the Business Associate on behalf the Covered Entity; 8.If the telephone answering services contract is terminated and, as a result, the Business Associate Contract is terminated, the Business Associate must return or destroy the protected health information it received or created for the Covered Entity;

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 9.The Business Associate must ensure that any subcontractors it may retain that has access to protected health information agree to the same restrictions and conditions that apply to the Business Associate; and 10.The Business Associate Contract must be terminable by the Covered Entity if the Business Associate violates a material term of the contract.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? The Business Associate Contracts in place as of the final Rules that were based on the ATSI sample agreement were generally compliant with these Rules, but needed review and revision for a number of differences.

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What are the Issues That Have Come Up after the Final Rules? 1.Clients who refuse to sign a Business Associate Contract 2.Clients who refuse to sign your proposed Business Associate Contract and propose their own form, with unfair or unacceptable terms 3.Getting your subcontractors to sign a Business Associate Contract

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Some Suggested Approaches to these Issues Establish a Business Associate Agreement by your unilateral written agreement to comply with the statutes and the Rules For new clients, or clients being given new service contracts, put in a requirement that all parties will execute a Business Associate Contract and/or put into the services contract the agreement to comply Ask HHS for an interpretation or opinion

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Some Suggested Approaches to these Issues Agree to the use of the client’s own form with modifications to avoid losing insurance coverage Alternative pricing to take into consideration increased risk if the client insists on the use of its form

Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP For more information, please contact: Martin M. Ween Senior Partner Wilson, Elser, Moskowitz, Edelman & Dicker, LLP 150 East 42 nd Street New York, NY T: F:

Questions ?

ATSI / Hays Insurance Program For more information, please contact: Henry Cifuentes or

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.