© Clearwater Compliance LLC | All Rights Reserved Module 9. Starter Questions 1 1.BAs can often be silent behind the scenes partners of CEs. How should.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

H OGAN & H ARTSON, L.L.P.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.

Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.

Steps to Compliance: Managing Business Associates PRESENTED BY.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

W W W. L E C L A I R R Y A N. C O M Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

Managing the HIPAA & The Audit Trail Wayne Pierce, C|CISO.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

HIPAA in a Post-HITECH World

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA Privacy of Health Information Claudia Allen, Esq. General Counsel HealthBridge.

Karen D. Smith, Esq. Partner Bricker & Eckler LLP 100 S. Third Street Columbus, OH (614)

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

HIPAA Privacy and Information Security Management Briefing Tuesday, June 14, 2011 Karen Pagliaro-Meyer Privacy Officer (212)

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Steps to Compliance: Electronic Devices Overview PRESENTED BY.

Steps to Compliance: Risk Assessment PRESENTED BY.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.

CONFIDENTIALITY GUIDELINES FOR PA STAFF Based on HIPAA Regulations & General Confidentiality Protocols.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Western Asset Protection

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Final HIPAA-HITECH Rules, Cybersecurity, and Privacy Dino TsibourisMehmet Munur (614) (614)

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

WHAT GUARDIANSHIP ATTORNEYS SHOULD KNOW BY RACHEL ANNE BROOKS MARCH 15, 2016 Health Care Privacy.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

FERPA AND HIPAA COMPLIANCE AS COMMUNITY PARTNERS

Enforcement, Business Associates and Breach Notification. Oh my!

HIPAA CONFIDENTIALITY

Regulatory Compliance

HIPAA/HITECH – The Final Omnibus Rule

By: Eamon Callahan and Wilston Johnston

Chapter 3: IRS and FTC Data Security Rules

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Strategies to Comply with the HPAA Privacy Rule Before the HIPAA Security and Enforcement Rules are Final Presented by: Steven S. Lazarus, PhD, FHIMSS.

Colorado “Protections For Consumer Data Privacy” Law

Office of Audit, Compliance & Privacy

Presentation transcript:

© Clearwater Compliance LLC | All Rights Reserved Module 9. Starter Questions 1 1.BAs can often be silent behind the scenes partners of CEs. How should they approach fielding complaints from consumers or persons whose PHI they are using or manipulating for analysis? 2.As a business that is just a BA, not a covered entity, do we need to worry about breach notification at all outside of the context of what is in out BA agreements? If we are audited, will OCR just look at our agreements and ignore policies and procedures on breach notification? 3.Compliance date of 9/22/2014 applies to existing previously compliant BAAs. What should be compliant - the agreement between the CE and the BA, or the actions taken by the BA to be compliant or both? 4.What should I ask of / expect of my BAs, given that many are small companies? 1.Or…As a BA, what can covered entities require of me? Can they all require something different? Is there anything I can do that will enable me to “standardize” the evidence of my compliance? 5.What about law firms? My defense firm? Did something change with Omnibus that made them more liable and attentive?

© Clearwater Compliance LLC | All Rights Reserved 2 6.Am I liable for the actions of my BAs? Can I be penalized if one of my BAs is found to be non-compliant? 7.In a recent motion to dismiss a data-mining lawsuit, Google says people have "no legitimate expectation of privacy in information" voluntarily turned over to third parties. What are your thoughts? Probably won’t sign a BAA? 8.How much of the privacy rule applies to me as a BA? 9.When must my BAAs be updated? 10.If my company stores PHI but doesn't access it, does HIPAA apply to me? If I am providing and arranging for the hosting of an application, but my medical providers control the access to their data, and I have no access to their data unless they permit me, does HIPAA apply to me? 11.Are there differences between what a BA must do if they directly serve patients/members (B2C) versus those who serve another business (B2B)? 12.What kinds of penalties could BAs face if found non-compliant? Module 9. Starter Questions

© Clearwater Compliance LLC | All Rights Reserved 3 13.We've been "negotiating" with Google (we use Google docs, gmail, etc) forever. They will not sign our BAA. Any advice? 14.Big companies such as Google, Amazon, UPS, FedEx are seemingly ‘getting away’ with not adhering to certain rules and regs. If I continue to work with them, am I leaving myself exposed? 15.What can a CE or do if a downstream BA refuses to sign a BA agreement? 16.From a LinkedIn discussion group: Here's an interesting question for you. Are co-location vendors business associates? "I believe the answer is yes but could see the argument co-location vendors are not BAs. if a co-location vendor only houses a server and that server is locked in its own cage and the customer supplied the lock and the co-location vendor can't unlock the cage, is the co-location vendor a business associate because they store and protect an inaccessible server?"Here's an interesting question for you. Are co-location vendors business associates? 17.Will HHS go after non-US based BAs who suffer a breach? 18.Workforce training requirements in the Security Rule seem gray for BAs. ‘Strongly recommended’ vs ‘Required’- I know what we *should do, but what exactly does ‘strongly recommended’ mean? Module 9. Starter Questions