2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Slides:



Advertisements
Similar presentations
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Advertisements

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Training: Health Insurance Portability and Accountability Act.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
2013 HIPAA/ HITECH UPDATE Dirk D. Wilke, J.D., M.B.A. North Dakota Department of Health HIPAA Coordinator and Privacy Officer.
Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.
HIPAA Basics November 1, 2014.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Update: The Omnibus Rule Kathleen Stillwell, MPA/HSA,RN,CPHRM Patient Safety Risk Management Account Executive Matthew L. Kinley, Esq., Partner -
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA Health Insurance Portability and Accountability Act
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA
What You Don’t Know Can Cost You HIPAA in a HITECH World Alaina N. Crislip, Esq. October 10, 2013.
Health Insurance Portability & Accountability Act (HIPAA)
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.
2015 User Conference HIPAA and Patient Safety: Why It Matters April 24, 2015 (GEN-AO1) Presented by: Susan J. Kressly, MD, FAAP Medical Director, Office.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
Overview of the Omnibus Final HIPAA Rule Kohler HealthCare Consulting, Inc. Deanna Turner
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
HIPAA BASIC TRAINING MODULE 1C – Overview (For all staff including those who do not generally create Protected Health Information) RHONDA L. ANDERSON,
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
Main Line Hospitals Institutional Review Board HIPAA Policy Changes 2013 Anne Marie Hobson, BSN, JD, ORA Director.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
Health Insurance Portability and Accountability Act of 1996
Privacy & Information Security Basics
HIPAA Privacy & Security
HIPAA CONFIDENTIALITY
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Privacy & Security ABC Family Practice.
The Health Insurance Portability and Accountability Act
Presentation transcript:

2014 HIPAA Refresher Omnibus Rule & HIPAA Security

What is the Omnibus Rule? 2 The Omnibus Rule modifies the HIPAA Privacy, Security, Breach Notification and Enforcement rules. The Omnibus Rule implements the HITECH Act (Health Information Technology for Economic and Clinical Health) that were not implemented in 2010 The Omnibus Rule implements the provisions of the Genetic Information Non-discrimination Act of 2008 (GINA).

Overview of Omnibus Rule Impact Breach Notification Civil and Monetary Penalties Business Associate Agreements Notice of Privacy Practices Fundraising and Marketing Research Self Pay Patients Release of Information New and revised policies New and revised forms 3

Breach Notification 4 Definition of breach amended to clarify the impermissible acquisition, access, use or disclosure of protected health information (PHI) is presumed to be a breach. Breach notification is necessary unless Covered Entity or Business Associate can demonstrate low probability that PHI has been compromised through documented risk assessment.

Reminder! 5 A breach is a violation of patient privacy that occurs when patient information is impermissibly acquired, accessed, used or disclosed. Report all breaches or suspected breaches as soon as possible to the Privacy Officer by calling , or using ComplyLine

Civil Monetary Penalties Maximum Penalty Amount: $100 to $50,000 per violation Calendar Year Cap: $1.5 million FYI – The Kentucky Attorney General may sue on behalf of the patient. 6

Business Associate Agreements 7 Much of the Privacy Rule and Security Rule now applies to business associates and their subcontractors. Covered entities and business associates may now be held liable for acts of their agents, including business associates and subcontractors of business associates. This includes the civil monetary penalties for violations of HIPAA

Business Associate Agreements Review all vendors and verify whether they work with UKHC protected health information (PHI). Contact the Privacy Officer at with your questions about vendors and business associate agreements. 8

Notice of Privacy Practices - Revised 9 Patient has right to request restriction when paying out- of-pocket, in-full, at time of visit. Patient has right to be informed about breach of unsecured health information. Operations – Add “safety” as in “We may use your PHI to assess your care in an effort to improve the quality and safety of our service to you.”

10 Notice of Privacy Practices - Revised Fundraising communications require giving option and contact information to opt out of fundraising effort and further fundraising communications. Marketing requires patient authorization. PHI (protected health information) may not be sold without patient authorization. Most disclosures regarding psychiatric notes require an authorization. Patient has right to receive copies of medical records in electronic form, if available.

Research Compound authorizations are permitted for multiple research purposes. Compound authorizations must be clear : –When provision of research–related treatment is conditioned upon authorization –When treatment is not conditioned upon authorization

12 Research Authorizations for future research must continue to describe future research purposes although they do not need to be study specific. Authorizations related to use of psychotherapy notes can only be compounded to authorizations also related to use of psychotherapy notes.

13 Self Pay Patients Patients may restrict visits from disclosure to health plans and Medicare if they self pay, in full, (or someone with the patient pays) at the time of the visit. Patient must complete and sign the Self-Pay Restriction form at the time of visit. Visits the patients restrict from disclosure to health plans may not be audited by the health plans. However, Medicare patient restricted visits may be audited by Medicare.

14. Release of Information Verbal authorization is allowed for sharing only immunization records with schools. Document in the medical record. HIPAA protection of records has changed for deceased patients from ‘forever’ to 50 years after the patient’s death. Patients may restrict release of genetic information.

Look for New and Revised Policies 15 New Policies Fundraising Self Pay Restriction Revised Policies A Release of Medical Records/Information A Privacy Investigations and Breach Notification

Look for New and Revised Forms 16 New form – Self Pay Visit Restriction Revised - Notice of Privacy Practices Revised - Authorization to Release Medical Records/Information Revised - Business Associate Agreement

17 Please read the following Confidentiality Expectations. Indicate your understanding by checking the ‘Yes’ box. Yes

Confidentiality Expectations I agree to keep patient information confidential by observing the following: 1.I will signoff/log off the system when I leave the workstation and not allow others to use my access. 2.I will only look up information on patients for whom I have direct responsibility. I will not look up my own medical information on the computer. 3.I will protect my password from use by others or theft. 18

Confidentiality Expectations 4. I will follow all UK HealthCare and department rules of conduct whenever I use 5.I will password protect any personal digital assistant device that contains patient or confidential information. 6.I will share patient information only with people who have a right to access the information in order to perform their job function. 19

Confidentiality Expectations 7. I will not disseminate confidential patient information from my home computer without appropriate authorization for release of information. 8.I will dispose of confidential information properly in accordance with all applicable policies. 9. I understand that audits will be performed on computer usage to ensure compliance with all computer-related policies and this confidentiality agreement. 20

Confidentiality Expectations 10. I will follow other specific confidentiality rules for special situations. When departments have standards more stringent than this statement, I will abide by their standards. 11.I understand that audits will be performed on computer usage to ensure compliance with all computer-related policies and this confidentiality agreement. 12. I will follow other specific confidentiality rules for special situations. When departments have standards more stringent than this statement, I will abide by their standards. 21

Confidentiality Expectations 13.will comply with UK Enterprise electronic signature policies and protect my electronic signature, when issued to me, from use or theft by others. 14. I understand that my employer has the right to take disciplinary action up to and including termination of my employment for breaches of confidentiality. 22

Lynn Crothers Privacy Officer Office of Corporate Compliance /23/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.