Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

Published byAsa Auton Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act."— Presentation transcript:

1 HIPAA What’s New? 2010

2 What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act of 1996 Administrative Simplification Subtitle Administrative Simplification Subtitle Privacy Rules Privacy Rules Electronic Data Sets Electronic Data Sets Security Rules Security Rules National Provider Identifiers National Provider Identifiers HI Tech Security Standards (ARRA Regulation) HI Tech Security Standards (ARRA Regulation)

3 Are we covered? HHS is a Covered Entity HHS is a Covered Entity A Covered Entity is an organization: A Covered Entity is an organization: Provider Provider Health Plan Health Plan Clearing House Clearing House HHS providers are Business Associates HHS providers are Business Associates A business associate is an organization that provides any health related services A business associate is an organization that provides any health related services

4 What Is ARRA? American Recovery and Reinvestment Act of 2009 American Recovery and Reinvestment Act of 2009 Required for Electronic Health Record Movement Required for Electronic Health Record Movement Required for Healthcare Reform Required for Healthcare Reform Holds Business Associates to the complete set of HIPAA Regulations

5 HITECH Security Standards Requires Business Associates to: Requires Business Associates to: Notify Covered Entity of Security Breaches Notify Covered Entity of Security Breaches Latest HI Tech Security Survey shows: Latest HI Tech Security Survey shows: 50 percent organizations have experienced at least one data breach this year; 50 percent organizations have experienced at least one data breach this year; 57 percent of the organizations reported that they now have a greater level of awareness of data breaches and breach risk; and 57 percent of the organizations reported that they now have a greater level of awareness of data breaches and breach risk; and 90 percent of the organizations plan to change policies and procedures to prevent and detect data breaches. 90 percent of the organizations plan to change policies and procedures to prevent and detect data breaches.

6 HITECH Security Standards Breach Notification Breach Notification Defines a breach Defines a breach Sets Standard Timeframes for notification Sets Standard Timeframes for notification 60 calendar days after discovery 60 calendar days after discovery Notification to individuals when their PHI is breached Notification to individuals when their PHI is breached Media Notification more than 500 patient records breached Media Notification more than 500 patient records breached Notice to Department Health and Human Services Notice to Department Health and Human Services Notice Letters to all involved Notice Letters to all involved

7 HITECH Security Standards Expanded Restrictions on Accounting and Disclosures Expanded Restrictions on Accounting and Disclosures Business Associates are required to provide an individual upon request with an accounting of disclosures of the information in her electronic health record (“EHR”) over the last three years Business Associates are required to provide an individual upon request with an accounting of disclosures of the information in her electronic health record (“EHR”) over the last three years Any organization bringing up an EMR/EHR in 2009 will be required to be compliant by 2011 Any organization bringing up an EMR/EHR in 2009 will be required to be compliant by 2011

8 HITECH Security Standards Prohibits sale of Patient Names without authorization Prohibits sale of Patient Names without authorization Restricts marketing practices to: Restricts marketing practices to: Free marketing if to communicate services within a program the individual is participating in; OR Free marketing if to communicate services within a program the individual is participating in; OR To describe healthcare options To describe healthcare options

9 HITECH Security Standards Minimum Data Set Minimum Data Set Limits the sharing of information to “data sets” that are de-identified Limits the sharing of information to “data sets” that are de-identified Requires the removal of Name, Address, Social Security Number and other key identifiers Requires the removal of Name, Address, Social Security Number and other key identifiers This is in addition to the HIPAA Privacy Rule Minimum Necessary This is in addition to the HIPAA Privacy Rule Minimum Necessary Share only the minimum necessary amount of information so the next person can complete their work responsibilities Share only the minimum necessary amount of information so the next person can complete their work responsibilities

10 HITECH Security Standards History of HIPAA Enforcement History of HIPAA Enforcement 48,000 complaints received by Department of Health &Human Services (HHS) 48,000 complaints received by Department of Health &Human Services (HHS) Vast majority resolved through voluntary compliance or corrective action Vast majority resolved through voluntary compliance or corrective action Handful of criminal prosecutions Handful of criminal prosecutions

11 Sanctions and Penalties The original HIPAA regulations held Covered Entities to potential sanctions and criminal penalties for breaches The original HIPAA regulations held Covered Entities to potential sanctions and criminal penalties for breaches HITECH holds Business Associates to the same level of requirements as Covered Entities HITECH holds Business Associates to the same level of requirements as Covered Entities

12 Case Study – We’ve Lost Our Client’s Data! A business associate discovers a computer belonging to its employee is missing. The last time they remember seeing it was three months ago. A business associate discovers a computer belonging to its employee is missing. The last time they remember seeing it was three months ago. Where do you start? Where do you start? What should you be concerned with? What should you be concerned with?

13 HIPAA Breaches Breaches are classified as Breaches are classified as Low Risk Low Risk Medium Risk Medium Risk High Risk High Risk Risk is defined as potential litigation, confidentiality breach or compliance liability to the organization Risk is defined as potential litigation, confidentiality breach or compliance liability to the organization

14 Breach Notification Business Associates are required to notify HHS of any breaches for HHS program participants being managed by the provider along with what has been done to mitigate the risk. Business Associates are required to notify HHS of any breaches for HHS program participants being managed by the provider along with what has been done to mitigate the risk. HIPAA issues can be sent to the HIPAA Privacy Officer at CQI@hhshealthoptions.org or faxed to 616-954-1520 HIPAA issues can be sent to the HIPAA Privacy Officer at CQI@hhshealthoptions.org or faxed to 616-954-1520

15 Questions Contact HHS via email CQI@hhshealthoptions.org or Contact HHS via email CQI@hhshealthoptions.org or call 616-954-1576

Download ppt "HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training

Similar presentations

Ads by Google