Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
NAU HIPAA Awareness Training
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
Culture of Compliance HIPAA Privacy & Security Compliance Office.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Eliza de Guzman HTM 520 Health Information Exchange.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
The Health Insurance Portability and Accountability Act 
Understanding HIPAA Dr. Jennifer Lu.
By: Eamon Callahan and Wilston Johnston
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
Health Care: Privacy in a Digital Age
Risk Management: why and how to protect your health center
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Lesson 1  7 Basic Components of an Effective Compliance Plan
HIPAA Security Standards Final Rule
Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.
Presentation transcript:

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer Responsibilities HIPAA Security Rule Components

The Rules Have Changed The recent HIPAA law changes started in 2009, when the American Recovery and Reinvestment Act included the Health Information Technology for Economic Clinical Health Act (“HITECH Act”). The HITECH Act impacted HIPAA covered entities and required revisions to the HIPAA regulations. On January 25, 2013, these new HIPAA regulations were published and made changes or additions to rules on breach notification, the marketing and sale of PHI, right to access of electronic copies of PHI, additional restrictions on disclosures, updates to the requirements for Notice of Privacy Practices, and changes to the applicability of HIPAA rules to business associates of covered entities.

The Federal Government is conducting HIPAA audits and doling out penalties In 2011, the Office of Civil Rights for the US Department of Health and Human Services began conducting HIPAA audits of covered entities. This includes counties! In 2014, OCR opened an investigation of Skagit County upon receiving a breach report that money receipts with electronic protected health information (ePHI) of seven individuals were accessed by unknown parties after the ePHI had been inadvertently moved to a publicly accessible server maintained by the County. OCR’s investigation revealed a broader exposure of protected health information involved in the incident, which included the ePHI of 1,581 individuals. Many of the accessible files involved sensitive information, including protected health information concerning the testing and treatment of infectious diseases. OCR’s investigation further uncovered general and widespread non-compliance by Skagit County with the HIPAA Privacy, Security, and Breach Notification Rules. Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program.

There is no magic bullet for HIPAA Compliance HIPAA Compliance Magic Bullet

The Truth: It takes a team. Assigning one or two people to do HIPAA Compliance is assigning failure. Myth: We’ve appointed people to our privacy and security officer positions. We’re going to be in compliance in no time.

The Truth: If you’re not reviewing and updating your HIPAA policies and procedures on a regular basis, you’re not compliant. Myth: We’ve adopted the new policies and procedures. They look nice on the shelf. We’re compliant now!

HIPAA Culture of Compliance A robust compliance program includes: Employee training Vigilant implementation of policies and procedures Regular audits Prompt Action Plan to respond to incidents

Step 1 Step 2 Step 3 Step 4 Step 5 - Form a HIPAA Compliance Committee - Perform a thorough Risk Assessment (Baseline your compliance). - Identify High Risk Areas and Mitigation Plan. - Implement Mitigation Plan - Implement HIPAA Policies and Procedures “HIPAA Compliance Program”. - Train Staff and Validate That it Works - Conduct Annual Reviews and Updates Foundation to HIPAA Privacy and Security Compliance

Develop and revise HIPAA Security Policies and Procedures. Answer all questions from employees concerning EPHI. Prepare cost benefits analyses of appropriate EPHI safeguards and make recommendations regarding the adoption of safeguards. Budget annually for EPHI security. Meet regularly with committee to discuss EPHI security issues, policies and planning. Monitor compliance with security laws and among the county and third parties. Maintain records of access authorizations Develop appropriate security training program. Prepare and periodically assess County’s security response procedures, disaster recovery plan and business continuity plan for systems and devices containing EPHI. Perform security audits and risk assessments of ongoing systems. Investigate EPHI system security breaches. Facilitate a process for Individuals to file a compliant regarding Security Policies. Security Officer responsibilities

HIPAA Committee Example Organization

Administrative Safeguards Security Management Process Assigned Security Responsibility Workforce Security Information Access Management Security Awareness and Training Contingency Plan Evaluation Business Associate Agreements Physical Safeguards Facility Access Control Workstation Use Workstation Security Device and Media Control Technical Safeguards Access Control Audit Control Integrity Personal or Entity Authentication Transmission Security HIPAA Security Rule Components

Important Resources Security Rule Booklet leguidance.html leguidance.html Security Risk Assessment Tool (SRAT) ISAC HIPAA Program for-counties/ for-counties/

Discussion

ISAC-HIPAA-Program-summary-for-publication (3).docx Iowa-Counties-and-Regions-HIPAA-Privacy-and-Security-Policies- Template-For-Counties-not-ISAC-2 (3).docx Iowa-Counties-and-Regions-HIPAA-Privacy-and-Security-Policies- Template-For-Counties-not-ISAC-2 (3).docx