HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc 714 -558 - 3887.

Slides:



Advertisements
Similar presentations
HIPAA Health Insurance Portability and Accountability Act of 1996
Advertisements

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Training: Health Insurance Portability and Accountability Act.
HIPAA Basics November 1, 2014.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Presented by: Attorney Name Smith Moore Leatherwood LLP Address T: F: Investigating Privacy Breaches.
Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA In The Workplace What Every Employee Should Know and Remember.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Presented by: Thomas J. Weber, Esq. Goldberg Katzman, P.C. HIPAA 2013 Update Hosted by: Sponsored By:
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
 July 10, 2013 Richard D. Sanders T HE S ANDERS L AW F IRM, P.C. 7 Piedmont Center, Suite Piedmont Road Atlanta, Georgia (404)
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
W W W. L E C L A I R R Y A N. C O M Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third.
HIPAA Regulations What do you need to know?.
Importance of the Information Risk Assessment. Compliance Programs are intended to proactively audit and assess an organization’s operations to detect.
Impact of HITECH Act on HIPAA and the interface New Hampshire Privacy Law Cinde Warmington Shaheen & Gordon, P.A. 107 Storrs Street P.O. Box 2703 Concord,
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA Privacy of Health Information Claudia Allen, Esq. General Counsel HealthBridge.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Health Insurance Portability & Accountability Act (HIPAA)
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
Security Breach Notification © 2009 Fox Rothschild A Webinar for the Medical Society of New Jersey October 28, 2009 Presented by Helen Oscislawski, Esq.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Practical Steps to Minimize Privacy Risks: Understanding The Intersection Between Information Management and Privacy Law Presented by Alexandria McCombs.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Office of the Secretary Office for Civil Rights (OCR) HIPAA Privacy and Security Rules Updates HIPAA COW 2010 Spring Conference April 16, 2010.
From HIPAA to HITECH OMH Briefing.
HIPAA and HITECH The Latest Developments Presented By: Michele Madison Partner, Healthcare Practice Morris, Manning & Martin, LLP
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
American Recovery and Reinvestment Act of 2009 Changes to HIPAA and the Impact to YOU American Recovery and Reinvestment Act of 2009 Changes to HIPAA and.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
HITECH Act and HIPAA: Important Compliance Update Susan E. Ziel Gerald “Jud” DeLoss.
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
CAHF 2010 HIPAA II and HITECH “Your Plan” Rhonda Anderson, RHIA, President Lizeth Flores, RHIT, Consultant Anderson Health Information Systems, Inc. 940.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
The American Recovery and Reinvestment Act of 2009: Changes to HIPAA Privacy and Security Requirements And its Impact on Hospitals Presented By: Michele.
HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
CONFIDENTIALITY – REALITY AND MYTHS COUNTRY VILLA HEALTH INFORMATION/ RECORD DEPARTMENT ROLE JULY 16, 2012 Rhonda L. Anderson, RHIA President, AHIS, Inc.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
We’ve Had A Breach – Now What? Garfunkel Wild, P.C. 411 Hackensack Avenue 6 th Floor Hackensack, New Jersey Broadway Albany,
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
1 Kansas Health Solutions July 9, 2009 HIPAA Goes HITECH Martie Ross Lathrop & Gage LLP (913)
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
WSOPP HIPAA Compliance
HITECH’s Impact on Research
National HIPAA Audioconferences
Presentation transcript:

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

HITECH & HIPAA ACCESS HITECH HIPAA SB 541 BREACHES Privacy and Security

Agenda 1. What is HITECH 2. Breach Reporting 3. Business Associate Agreements 4. SB 541 – California 5. Penalties

Part of the American Recovery and Reinvestment Act of 2009 Applies the HIPAA privacy and security rules and their penalties to HIPAA business associates Creates a new breach reporting requirement for HIPPA CEs and BAs Effective Date February 2009 Part of the American Recovery and Reinvestment Act of 2009 Applies the HIPAA privacy and security rules and their penalties to HIPAA business associates Creates a new breach reporting requirement for HIPPA CEs and BAs Effective Date February 2009 California legislature that enforces reporting requirements for unlawful or unauthorized access, use or disclosure of a patient’s medical information Reporting requirement within 5 days of discovery Effective Date 2009 California legislature that enforces reporting requirements for unlawful or unauthorized access, use or disclosure of a patient’s medical information Reporting requirement within 5 days of discovery Effective Date 2009 Health Insurance Portability and Accountability Act Guidance for Privacy and Security of protected health information 45CFR Effective Date 2003 Health Insurance Portability and Accountability Act Guidance for Privacy and Security of protected health information 45CFR Effective Date 2003 HIPAA SB 541 HITECH ACT

HITECH Vocabulary Breach – the unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of such information Unsecured PHI – PHI that is not secured through the use of a technology or methodology that renders PHI “unusable, unreadable, or indecipherable to unauthorized individuals. Acceptable methodologies – Encryption as specified in the HIPAA security rule Shredding or destroying of non-electronic PHI

HITECH Reporting Requirements Notification to each individual whose unsecured PHI has been or is reasonably believed by the CE to have been accessed, acquired or disclosed as a result of such breach without reasonable delay no later than 60 days of discovery of the breach by the CE or BA Notice must be made by first-class mail or if specified by an individual.

If there are more than 10 affected individuals, the entity must do a conspicuous web site posting or notice in major print or broadcast media If there are more than 500 individuals all residents of the same State or jurisdiction the entity must provide immediate notice to HHS and notice to the media

Business associates must adhere to the same reporting timeline but are not required to provide notice of breach to the individual but instead notify the covered entity of a breach along with identification of the each affected individual The Covered Entity is then responsible for notifying each affected individual The clock starts for the CE when the BA reports the breach

Covered entities and Business associates are required to keep a log of breaches and submit it within 60 days after the end of the year unless immediate notification is required such as in the case of more than 500 affected individuals Documentation should also be maintained for suspected breaches that after investigation are deemed as not constituting a Breach under the HITECH requirements

The notice to individuals must contain a description of what happened and the unsecured PHI involved, steps for individuals to protect themselves, a description of the covered entity’s efforts to investigate, mitigate and prevent further breaches and contact information.

The HIPAA requirement for a six year accounting of disclosures still applies to non EHR disclosures.

Under HITECH covered entities and business associates are required to maintain an accounting of disclosures made through HER including disclosures made for treatment, payment and health care operations. Information is limited to three years of disclosure information rather than the current 6 year requirement under HIPAA

BA Agreements AHIS has updated the business associate agreement policy to include the new HITECH requirements Covered entities must update all business associate agreements and ensure that they include HITECH requirements

No Safe Harbor California covered entities are still required to report unlawful or unauthorized access, use or disclosure of a patient’s medical information within 5 days to comply with SB 541 – which has been in effect since January 2009

Penalties SB-541 – failure to report within 5 days $100 per day for each day that the unlawful or unauthorized access, use or disclosure is not reported up to a maximum of $250,000.

HIPPA civil penalties under new HITECH provisions Effective November 30, 2009 Violation CategoryEach Violation All such violations of an identical provision in a calendar year Did not know$100-50,000$1,500,000 Reasonable Cause$1,000-50,0001,500,000 Willful neglect corrected within 30 days $10,000-50,0001,500,000 Willful neglect - not corrected $50,0001,500,000

Risk analysis and implementation AHIS will help you analyze possible areas of risk Provide you with guidance on documentation of investigation and notification of breaches

AHIS as your partner Implementation Plan Risk Analysis Policy and Procedure Current system review Action as needed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.