Presentation is loading. Please wait.

Presentation is loading. Please wait.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Published byFrank Burbey Modified over 9 years ago

Similar presentations

Presentation on theme: "2014 HIPAA Refresher Omnibus Rule & HIPAA Security."— Presentation transcript:

1 2014 HIPAA Refresher Omnibus Rule & HIPAA Security

2 What is the Omnibus Rule? 2 The Omnibus Rule modifies the HIPAA Privacy, Security, Breach Notification and Enforcement rules. The Omnibus Rule implements the HITECH Act (Health Information Technology for Economic and Clinical Health) that were not implemented in 2010 The Omnibus Rule implements the provisions of the Genetic Information Non-discrimination Act of 2008 (GINA).

3 Overview of Omnibus Rule Impact Breach Notification Civil and Monetary Penalties Business Associate Agreements Notice of Privacy Practices Fundraising and Marketing Research Self Pay Patients Release of Information New and revised policies New and revised forms 3

4 Breach Notification 4 Definition of breach amended to clarify the impermissible acquisition, access, use or disclosure of protected health information (PHI) is presumed to be a breach. Breach notification is necessary unless Covered Entity or Business Associate can demonstrate low probability that PHI has been compromised through documented risk assessment.

5 Reminder! 5 A breach is a violation of patient privacy that occurs when patient information is impermissibly acquired, accessed, used or disclosed. Report all breaches or suspected breaches as soon as possible to the Privacy Officer by calling 323-1184, 323-8002 or using ComplyLine 1-877-898-6072.

6 Civil Monetary Penalties Maximum Penalty Amount: $100 to $50,000 per violation Calendar Year Cap: $1.5 million FYI – The Kentucky Attorney General may sue on behalf of the patient. 6

7 Business Associate Agreements 7 Much of the Privacy Rule and Security Rule now applies to business associates and their subcontractors. Covered entities and business associates may now be held liable for acts of their agents, including business associates and subcontractors of business associates. This includes the civil monetary penalties for violations of HIPAA

8 Business Associate Agreements Review all vendors and verify whether they work with UKHC protected health information (PHI). Contact the Privacy Officer at 323-1184 with your questions about vendors and business associate agreements. 8

9 Notice of Privacy Practices - Revised 9 Patient has right to request restriction when paying out- of-pocket, in-full, at time of visit. Patient has right to be informed about breach of unsecured health information. Operations – Add “safety” as in “We may use your PHI to assess your care in an effort to improve the quality and safety of our service to you.”

10 10 Notice of Privacy Practices - Revised Fundraising communications require giving option and contact information to opt out of fundraising effort and further fundraising communications. Marketing requires patient authorization. PHI (protected health information) may not be sold without patient authorization. Most disclosures regarding psychiatric notes require an authorization. Patient has right to receive copies of medical records in electronic form, if available.

11 Research Compound authorizations are permitted for multiple research purposes. Compound authorizations must be clear : –When provision of research–related treatment is conditioned upon authorization –When treatment is not conditioned upon authorization

12 12 Research Authorizations for future research must continue to describe future research purposes although they do not need to be study specific. Authorizations related to use of psychotherapy notes can only be compounded to authorizations also related to use of psychotherapy notes.

13 13 Self Pay Patients Patients may restrict visits from disclosure to health plans and Medicare if they self pay, in full, (or someone with the patient pays) at the time of the visit. Patient must complete and sign the Self-Pay Restriction form at the time of visit. Visits the patients restrict from disclosure to health plans may not be audited by the health plans. However, Medicare patient restricted visits may be audited by Medicare.

14 14. Release of Information Verbal authorization is allowed for sharing only immunization records with schools. Document in the medical record. HIPAA protection of records has changed for deceased patients from ‘forever’ to 50 years after the patient’s death. Patients may restrict release of genetic information.

15 Look for New and Revised Policies 15 New Policies Fundraising Self Pay Restriction Revised Policies A05-065 Release of Medical Records/Information A06-100 Privacy Investigations and Breach Notification

16 Look for New and Revised Forms 16 New form – Self Pay Visit Restriction Revised - Notice of Privacy Practices Revised - Authorization to Release Medical Records/Information Revised - Business Associate Agreement

17 17 Please read the following Confidentiality Expectations. Indicate your understanding by checking the ‘Yes’ box. Yes

18 Confidentiality Expectations I agree to keep patient information confidential by observing the following: 1.I will signoff/log off the system when I leave the workstation and not allow others to use my access. 2.I will only look up information on patients for whom I have direct responsibility. I will not look up my own medical information on the computer. 3.I will protect my password from use by others or theft. 18

19 Confidentiality Expectations 4. I will follow all UK HealthCare and department rules of conduct whenever I use e-mail 5.I will password protect any personal digital assistant device that contains patient or confidential information. 6.I will share patient information only with people who have a right to access the information in order to perform their job function. 19

20 Confidentiality Expectations 7. I will not disseminate confidential patient information from my home computer without appropriate authorization for release of information. 8.I will dispose of confidential information properly in accordance with all applicable policies. 9. I understand that audits will be performed on computer usage to ensure compliance with all computer-related policies and this confidentiality agreement. 20

21 Confidentiality Expectations 10. I will follow other specific confidentiality rules for special situations. When departments have standards more stringent than this statement, I will abide by their standards. 11.I understand that audits will be performed on computer usage to ensure compliance with all computer-related policies and this confidentiality agreement. 12. I will follow other specific confidentiality rules for special situations. When departments have standards more stringent than this statement, I will abide by their standards. 21

22 Confidentiality Expectations 13.will comply with UK Enterprise electronic signature policies and protect my electronic signature, when issued to me, from use or theft by others. 14. I understand that my employer has the right to take disciplinary action up to and including termination of my employment for breaches of confidentiality. 22

23 Lynn Crothers Privacy Officer 859-323-1184 Office of Corporate Compliance 859-323-8002 9/23/2013 23

Download ppt "2014 HIPAA Refresher Omnibus Rule & HIPAA Security."

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
2013 HIPAA/ HITECH UPDATE Dirk D. Wilke, J.D., M.B.A. North Dakota Department of Health HIPAA Coordinator and Privacy Officer.

2013 HIPAA/ HITECH UPDATE Dirk D. Wilke, J.D., M.B.A. North Dakota Department of Health HIPAA Coordinator and Privacy Officer.
Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.

Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Update: The Omnibus Rule Kathleen Stillwell, MPA/HSA,RN,CPHRM Patient Safety Risk Management Account Executive Matthew L. Kinley, Esq., Partner -

HIPAA Update: The Omnibus Rule Kathleen Stillwell, MPA/HSA,RN,CPHRM Patient Safety Risk Management Account Executive Matthew L. Kinley, Esq., Partner -
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA Health Insurance Portability and Accountability Act

HIPAA Health Insurance Portability and Accountability Act
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google