Presentation is loading. Please wait.

Presentation is loading. Please wait.

Northern Indiana Health Information Management Association

Published byKristýna Jandová Modified over 5 years ago

Similar presentations

Presentation on theme: "Northern Indiana Health Information Management Association"— Presentation transcript:

1 From HIPAA to IFHIMA Nationwide & Worldwide Privacy & Security Initiatives
Northern Indiana Health Information Management Association March 29, 2019 Dorinda Sattler, MJ, RHIA, CHPS, CPHRM Clinical Assistant Professor/HIT Program Director Owner/Consultant – Sattler Healthcare Consulting, Inc.

2 The good ole days… There was a patchwork of privacy laws.
From HIPAA to IFHIMA March 29, 2019 The good ole days… There was a patchwork of privacy laws. Health Insurance Portability and Accountability Act enacted 1996 compliance with Privacy Rule required by compliance with Security Rule by Initially, little enforcement “teeth”.

3 HIPAA Gets Tough Omnibus final rule 1.25.2013
From HIPAA to IFHIMA March 29, 2019 HIPAA Gets Tough Omnibus final rule implemented HITECH Act changes and GINA changes to HIPAA. Strengthened HIPAA’s Privacy and Security protections Extended applicability of certain provisions to BAs Established breach notification requirements Required periodic audits by HHS. Compliance by OCR charged with oversight and enforcement of HIPAA Privacy and Security Rules

4 From HIPAA to IFHIMA March 29, 2019 Breach notification With HITECH’s breach notification requirement implemented into HIPAA, CEs and BAs are now having to notify the OCR about breaches of PHI or ePHI. The notifications become triggers for future audits.

5 OCR Enforcement Process
From HIPAA to IFHIMA March 29, 2019 OCR Enforcement Process Investigates complaints received Conducts compliance reviews of circumstances brought to its attention Conducts audits Provides education and outreach to assist with compliance May issue subpoenas to compel cooperation with investigations Enters into resolution agreements, assesses CMPs Required to submit a report to Congress annually

6 From complaints to audits
From HIPAA to IFHIMA March 29, 2019 From complaints to audits Initially OCR was reactionary in determining compliance: Responded due to complaints received, or Responded if made aware of situations where compliance was suspect.

7 Phase 1 Audits Proactive audits began in 2011
From HIPAA to IFHIMA March 29, 2019 Phase 1 Audits Proactive audits began in 2011 Pilot audits performed Audit findings analyzed and the pilot audit program was evaluated throughout 2013 Planning activities for next phase

8 Phase 2 Audits Full implementation 2016
From HIPAA to IFHIMA March 29, 2019 Phase 2 Audits Full implementation 2016 CEs and BAs chosen for audit based on history of complaints and self-reported breaches Desk audits begin for randomly chosen CEs and BAs. Focus is on key non-compliance areas identified in Phase I. Also includes areas related to security

9 Phase 2 Audit Results (so far)
From HIPAA to IFHIMA March 29, 2019 Phase 2 Audit Results (so far) Desk audits completed 2017 166 covered entities 41 business associates Failure to implement effective risk analysis and RM strategies per the Security Rule Failure to adequately safeguard PHI and ensure individual access to PHI Incomplete NPPs Aggregate findings to be published 2019!

10 Totality of all enforcement actions =
From HIPAA to IFHIMA March 29, 2019 Totality of all enforcement actions =

11 OCR Stats as of 12.31.18* Complaints received: 197,049+
From HIPAA to IFHIMA March 29, 2019 OCR Stats as of * Complaints received: 197,049+ Compliance reviews initiated: 924 Cases resolved: 192,350 26,558 cases resolved by requiring changes in privacy practices 62 cases resulted in CMPs or settlements totaling $96,581,582.00 11,653 cases: No violation found *

12 OCR Stats as of 12.31.18* (continued)
From HIPAA to IFHIMA March 29, 2019 OCR Stats as of * (continued) Of the 197,049+ complaints: 122,019 were not eligible for enforcement OCR lacked jurisdiction (entity not a CE or BA) Untimely complaint or complaint withdrawn Activity described did not violate HIPAA (permitted privacy disclosures) *

13 OCR Stats as of 12.31.18* (continued)
From HIPAA to IFHIMA March 29, 2019 OCR Stats as of * (continued) Issues investigated most: Impermissible uses and disclosures Lack of safeguards of PHI Lack of patient access to their PHI Lack of administrative safeguards for ePHI Use or disclosure of more than the minimum necessary PHI *

14 OCR Stats as of 12.31.18* (continued)
From HIPAA to IFHIMA March 29, 2019 OCR Stats as of * (continued) Most common types of CEs required to take corrective action: General Hospitals Private Practices and Physicians Outpatient Facilities Pharmacies Health Plans (group health plans and health insurance issuers) *

15 In the in 2018 Jan. - Filefax, Inc. $100,000
From HIPAA to IFHIMA March 29, 2019 In the in 2018 Jan. - Filefax, Inc $100,000 Jan. - Fresenius Medical Care $3,500,000 Jun. - MD Anderson Ca. Center* $4,300,000 Sep. - Boston Medical Center, with Brigham and Women’s Hospital, and Massachusetts General Hospital $999,000 *Judgment, whereas others were settlements

16 In the in 2018 (still!) Oct. – Allergy Assoc. of Hartford $125,000
From HIPAA to IFHIMA March 29, 2019 In the in 2018 (still!) Oct. – Allergy Assoc. of Hartford $125,000 Oct. – Anthem, Inc $16,000,000 Nov. – Pagosa Springs $111,400 Dec. – Cottage Health $3,000,000 Total (Settlements and Judgments) $28,683,400

17 Onward and upward OCR Outreach Efforts Print materials Website
From HIPAA to IFHIMA March 29, 2019 Onward and upward OCR Outreach Efforts Print materials Website On-line provider education training Raise awareness of individuals’ rights

18 From HIPAA to IFHIMA March 29, 2019 So we can relax, right?

19 From HIPAA to IFHIMA March 29, 2019

20 HIPAA is not the only king!
From HIPAA to IFHIMA March 29, 2019 LOL, nope. OCR finalizing a permanent audit plan and protocols Enforcement activities show no sign of slowing down HIPAA is not the only king! California and other state data privacy laws GDPR Possible US-like GDPR? Which brings me to...

21 From HIPAA to IFHIMA March 29, 2019 IFHIMA International Federation of Health Information Management Associations Member nations: 23 as of representing 7 global regions Congress held every three years Work relative to HIM includes: ICD, EHR, HIM Education, IG and of course, Privacy!

22 IFHIMA Privacy Workgroup
From HIPAA to IFHIMA March 29, 2019 IFHIMA Privacy Workgroup Currently writing privacy whitepaper Global perspective, HIM highlight Case studies from some member nations US, India, Australia, Qatar, and S. Korea White paper to be published and presented to IFHIMA Congress in Dubai November 2019 Privacy panel anticipated

23 From HIPAA to IFHIMA March 29, 2019

24 From HIPAA to IFHIMA March 29, 2019 References IFHIMA

Download ppt "Northern Indiana Health Information Management Association"

Similar presentations

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Karen D. Smith, Esq. Partner Bricker & Eckler LLP 100 S. Third Street Columbus, OH 43215 (614) 227-2313.

Karen D. Smith, Esq. Partner Bricker & Eckler LLP 100 S. Third Street Columbus, OH (614)
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
OCR HITECH Enforcement Tips: Prevent, Detect and Quickly Correct HIPAA COW 2010 Spring Conference Privacy/Security Session 1 HIPAA Privacy Best Practices:

OCR HITECH Enforcement Tips: Prevent, Detect and Quickly Correct HIPAA COW 2010 Spring Conference Privacy/Security Session 1 HIPAA Privacy Best Practices:
Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and Cancer Registry Privacy Officer Woman’s Hospital.

Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and Cancer Registry Privacy Officer Woman’s Hospital.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

Similar presentations

Ads by Google