1 HIPAA Privacy & Security Overview Know HIPAA Presents.

Slides:



Advertisements
Similar presentations
HIPAA AWARENESS TRAINING
Advertisements

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health information security & compliance
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act of 1996.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
Public Health IT Privacy, Confidentiality and Security of Public Health Information This material (Comp13_Unit2) was developed Columbia University, funded.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA PRIVACY & SECURITY TRAINING
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA Privacy and Security For Employer Sponsored Health Plans
Health Insurance Portability and Accountability Act
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
Health Insurance Portability and Accountability Act
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Privacy & Security Overview
HIPAA Privacy & Security Overview
Presentation transcript:

1 HIPAA Privacy & Security Overview Know HIPAA Presents

Agenda 2 HIPAA Overview Privacy Practices Security definitions Security standards Security safeguards Security incidents Sanctions Breach notification Enforcement update

3 Overview of HIPAA We Focus on This Portion of HIPAA only. HIPAA Title I — Health Care Access, Portability and Renewability Title II — Preventing Health Care Fraud and Abuse Title III — Tax- Related Health Provisions Title IV — Group Health Plan Requirements Title V — Revenue Offsets Subtitle F — Administrative Simplification Privacy Electronic Transactions Unique Identifiers Information Security Employer Identifier Code Sets

Covered Entities - Must Comply #1 – Health care providers #2 - Group health plans (fully or self-insured employer sponsored plans & health insurance issuers) #3 - Clearinghouses Business Associate - Should Comply #4 – Firms working with covered entities. Examples include Billing Services, Transcription Services, TPA’s, brokers Who Does HIPAA Impact? 4

Protected Health Information (PHI) is information relating to past present or future physical or mental health of an individual (employee) whether they are active or terminated. Individually Identifiable PHI is that which identifies an individual. This could include: name, address, date of birth, Social Security number, telephone numbers, address, account numbers, Group Health Plan beneficiary number, or any other unique identifying number, characteristic or code. Protected Health Information (PHI) Individually Identifiable Health Information 5

Applies to paper/oral/electronic records Sets boundaries on the Use and Disclosure of health information Gives “individuals” more control over their own health information Establishes safeguards for protecting the privacy of health information. Holds covered entities accountable for violations of privacy requirements. Privacy Rule 6

Some requirements that a covered entity must comply with include, but is not limited to the following: Designating a Privacy Official. Designating a Contact for handling Complaints. Developing policies and procedures on the use and disclosure of individually identifiable health information. Providing training to all workforce members on the policies and procedures that affect their job duties. Providing a Notice of Privacy Practices to individuals Privacy Regulation 7

They share this information with other healthcare providers. They are permitted to use and/or disclose information for treatment, payment or health care operations without getting permission from an individual. To use information for any other reason or to disclose it to any one other than the patient or Covered Entity may require a signed and verified authorization. How Does Covered Entity Use Protected Health Information? 8

What is an authorization When is it used Authorizations 9

Individual has the right to access their protected health information, receive an accounting, amendment their protected health information, file a complaint, request confidential communications or restrict access to their protected health information. Other Aspects of HIPAA Administration 10

All Covered Entity employees that have access to protected health information agree that at no time, during or after their employment with Covered Entity, will they use, access or disclose protected health information to anyone except as required or permitted in the course and scope of their duties. Unauthorized use/disclosure may result in disciplinary action up to and including termination. Civil or criminal penalties may also apply. Confidentiality 11

Covered entities must implement appropriate safeguards to protect an individual’s protected health information. –Remember to do the following: Records that contain protected health information should be maintained in a secure location or locked away. Records that contain protected health information should be shredded before discarding the information. Passwords should not be shared with anyone. Electronic protected health information needs to be safeguarded as well. Safeguards 12

HIPAA Security 13 May 21, Purdue University May 21, Jackson Community College (Michigan) May 19, Westborough Bank (Florida) May, Business Week On-line forum May 14, MTSU May 5, Wharton school (MSU) May 2, Time Warner April 28, Bank of America, Commerce Bankorp, PNC Bank April 21, Carnegie Mellon University April 20, AmeriTrade April 8, San Jose Medical Group March 28, University of California, Berkley March 20, Kellogg MBA program March 17, Boston College March 17, Chico State University March 16, Kaiser Permanente March 8, DSW March, LexisNexis (Seisint) February 15, Bell v. Michigan Council 25 February, Bank of America February, Choice Point February, PayMaxx November, Wells Fargo November, Gibson Sentencing US District Court November, Minneapolis School District

Individually identifiable health information: –Transmitted by electronic media –Maintained in electronic media –Transmitted or maintained in any other form or medium What is Electronic PHI? 14

Only those that need access Physical access Technical access The covered entity is responsible for the confidentiality, integrity and availability of EPHI The covered entities safeguards are the first line of defense Security Standards 15

Must have Policies & Procedures Security measures are appropriate and reasonable Considerations: Size Complexity Mission Purposes of the EPHI created, maintained and transmitted Security Standards - General rules 16

Risk Analysis Risk Management Sanction Policy Information System Activity Review Security Management Process 17

Workforce security Information access Facility Security plan Workstation use Device & Media controls Access controls (technical) Administrative requirements Safeguards 18

Training Security reminders Protection against malicious software Password management Security Awareness 19

Data backups Disaster recovery Emergency operation plan May have –Critical applications and data –Testing and revisions Contingency Plans ( Availability) 20

Who When New employees or contractors Due to changes Workforce Security Training 21

Security Incidents Sanctions Breach Notification Events requiring action 22

What are they? What should you do? –Actions depend on the incident –Who was responsible, third party? –Are Sanctions required? Security Incidents 23

Workforce members who violate health plans Privacy or Security Policies may be subject to disciplinary actions, up to and including termination. The amount and type of corrective action used in any particular situation will depend on the facts and circumstances. The company maintains the discretion to determine whether corrective action is appropriate. Sanctions/Violations 24

Notification to individuals Notification to the media Notification to the Secretary Notification by a business associate Law enforcement delay Burden of proof Specifics 25

Annual guidance regards technology Random audits Reports to congress Increased fines 2013 changes Guidance & Enforcement 26

ProblemGeneral Penalty Civil Violation$100/offense; up to 1.5mil/ year Wrongful Action$50,000/offense; 1 year in prison False Pretense$100,000/offense; 5 years in prison Intent to Sell$250,000/offense; 10 years in prison Why Comply? 27 The price for non-compliance:

Questions 28 ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.