Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steps to Compliance: Managing Business Associates PRESENTED BY.

Published byAmya Wilbourn Modified over 9 years ago

Similar presentations

Presentation on theme: "Steps to Compliance: Managing Business Associates PRESENTED BY."— Presentation transcript:

1 Steps to Compliance: Managing Business Associates PRESENTED BY

2 Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT Total HIPAA Compliance Today’s Presenters

3 This program is educational and does not constitute, and may not be construed as, legal advice to, or creating an attorney-client relationship with, any person or entity. Housekeeping The materials referenced here are subject to change, so frequent review of the source material is suggested. 3

4 Who Are The Players? Covered Entities Business Associates Business Associate Subcontractors 4

5 Any person who performs functions or activities on behalf of, or certain services for, a Covered Entity that involves the use or disclosure of protected health information. Who is a Business Associate? 5

6 Examples of Business Associates  Lawyers  IT Contractors  Billing Companies  Email Encryption Provider  Web Hosts  Cloud Storage 6

7 Make a List  List your Business Associates with contact information  Request that your BA make a list of subcontractors and provide you a copy 7

8 Who is NOT a Business Associate?  Cleaning Company  Laboratories  Physician Referrals 8 These entities may have access to PHI, but access alone does not make them a Business Associate.

9 Am I a HIPAA Conduit? This is narrow exception and only applies to:  US Postal Services  Internet Service Providers (ISPs)  Physician Referrals 9

10 Requirements for a Business Associate  Document Privacy/Security Policies & Procedures  Protect PHI and ePHI  Train Employees  Work with C.E. to send Breach Notifications  Manage Subcontractors 10

11 Liability 11 Violations by a Business Associate also affect Covered Entities.  Business Associates are liable for…  Violations they have created  Violations of a Subcontractor

12 Common Law of Agency This change makes a Covered Entity liable for the mistakes of the Business Associate when the Business Associate is an agent of the Covered Entity and is acting in the scope of the agency. 12

13 What is a Breach 13 PHI that has been accessed, used, acquired by or disclosed to an unauthorized person HIPAA Rules apply to PHI in any format: ePHI Paper Oral

14 Permitted Uses for PHI 14  Treatment  Payment  Health Care Operations  Certain Public Policy Exceptions  All other uses require an individual’s written authorization

15 Breach Exceptions 15  Unintentional access by an employee  Inadvertent disclosure by a covered entity or business associate employee authorized to access PHI to a co- employee also authorized to access PHI  Unauthorized access to PHI by a third party who can’t reasonably use the information in its current format, or retain the disclosed information

16 Breach Notification 16 Notice Requirements:  Notify without unreasonable delay and at least within 60-day timeframe  This starts the date one knew, or reasonably should have known about the Breach

17 Individuals Affected By Breaches 17 Source: "Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance." 1 Jan. 2013. Web. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/compliancereport2011-2012.pdf http://www.hhs.gov/ocr/privacy/hipaa/enforcement/compliancereport2011-2012.pdf

18 @nuemd @totalhipaa + Auditing Your Business Associates 18  Privacy and Security Policies and Procedures  Privacy and Security Personnel  Workforce Training and Management  Data Safeguards  Document and Record Retention

19 Managing Your Business Associates 19  Periodically review them  Alert to changes in how they conduct business  B.A. should provide updated compliance plan

20 Special Thanks Taylor English Duma LLP is a full-service law firm built from the ground up to provide highest-quality legal services for optimal value. The firm was founded in 2005 and its attorneys work each day to provide timely, creative and cost-effective counsel to help clients solve problems and achieve goals. Taylor English represents all types of clients— from Fortune 500 companies to start-ups to individuals. 20

21 Questions?

Download ppt "Steps to Compliance: Managing Business Associates PRESENTED BY."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.

Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
W W W. L E C L A I R R Y A N. C O M Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third.

W W W. L E C L A I R R Y A N. C O M Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.
Importance of the Information Risk Assessment. Compliance Programs are intended to proactively audit and assess an organization’s operations to detect.

Importance of the Information Risk Assessment. Compliance Programs are intended to proactively audit and assess an organization’s operations to detect.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Similar presentations

Ads by Google