Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing and Enforcing the HIPAA Privacy Rule.

Published byDuane Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementing and Enforcing the HIPAA Privacy Rule."— Presentation transcript:

1 Implementing and Enforcing the HIPAA Privacy Rule

2 HHS/OCR June 20032 Office for Civil Rights  Enforces Civil Rights laws and the Privacy Rule  With respect to the Privacy Rule: –Promote voluntary compliance –Investigation and Resolution of Complaints –Exception Determinations

3 HHS/OCR June 20033 Why Voluntary Compliance?  Promoted by HIPAA statute and Privacy Rule –Education, Cooperation, Technical Assistance –Permitted even after investigation commences –Can help mitigate CMPs  Most efficient way to promote privacy

4 HHS/OCR June 20034 Technical Assistance: http://www.hhs.gov/ocr/ hipaa http://www.hhs.gov/ocr/ hipaa  Integrated Rule and Preambles to Dec. 2000, Aug. 2002 Final Rules  Covered Entity decision tool  December 4, 2002 Guidance  Fact Sheets –August 2002 modifications –How to File a Complaint  Sample Business Associate Contract provisions  FAQs on our website –730,000 hits since 4/1/03

5 HHS/OCR June 20035 More Technical Assistance: http://www.hhs.gov/ocr/ hipaa http://www.hhs.gov/ocr/ hipaa  Summary of the HIPAA Privacy Rule (linked to other OCR & HHS topics/resources)  NIH Protecting PHI in Research.  CDC HIPAA Privacy Rule and Public Health  More Frequently Asked Questions  Toll-free line –5700 calls, 95% returned  Guidance in the works for consumers, and targeted industry groups such as small providers

6 HHS/OCR June 20036 Investigations & Compliance Reviews  OCR may investigate complaints  OCR may conduct compliance reviews to determine whether Covered Entities are in compliance

7 HHS/OCR June 20037 Filing Complaints  Any person or organization may file complaint with OCR by mail or electronically –Only for possible violations occurring after compliance date –Complaints should be filed within 180 days of when the complainant knew or should have known that the act or omission occurred  Individuals may also file complaints with Covered Entity

8 HHS/OCR June 20038 Complaint Process  Informal review may resolve issue fully without formal investigation –Many complaints will be resolved at this stage  If not, begin investigation –Voluntary resolution yet possible  Technical Assistance

9 HHS/OCR June 20039 Civil Monetary Penalties (CMPs)  CMPs can be imposed by OCR: –$100 per violation –Capped at $25,000 for each calendar year for each identical requirement or prohibition that is violated Covered Entity has a right to notice and a hearing before a CMP becomes final

10 HHS/OCR June 200310 No CMPs if:  Person did not know – and by exercising reasonable diligence would not have known - of the violation  If failure to comply is due to reasonable cause and not willful neglect and entity corrects within 30 day cure period –30 days may be extended  Offense is punishable by criminal sanction

11 HHS/OCR June 200311 CMPs may be reduced if –Amount excessive relative to violation –Due to reasonable cause/not willful neglect

12 HHS/OCR June 200312 Complaints to Date (Through May 30, 2003)  384 logged in nationally, more than 75 already closed  Most common closure reasons: –Violation alleged predated 4/14/2003 –Allegation not prohibited by the Privacy Rule –Matter was resolved informally

13 HHS/OCR June 200313 Common Allegations (through May 30, 2003)  Access to records denied  No notice provided/posted  Inadequate safeguards/minimum necessary procedures in –office reception areas –treatment areas

14 HHS/OCR June 200314 Criminal Penalties for Wrongful Disclosures  For knowingly obtaining or disclosing identifiable health information relating to an individual in violation of the Rule: –Up to $50,000 & 1 year imprisonment –Up to $100,000 & 5 years if done under false pretenses –Up to $250,000 & 10 years if intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm  Enforced by DOJ

15 HHS/OCR June 200315 HIPAA Enforcement Rule  “Civil Money Penalties: Procedures for Investigations, Imposition of Penalties” –Published April 17, 2003 –Interim final rule, expires September 2004. –First installment of Enforcement Rule that will outline procedural and substantive requirements for the imposition of CMPs for HIPAA Administrative Simplification Rules.

16 HHS/OCR June 200316 HIPAA Enforcement Rule: Some Interim Rule Investigation Procedures  Secretary may issue subpoenas for documents and testimony.  Secretary must notify respondent of intent to impose penalty by issuing notice of proposed determination.  Request for hearing: respondent wishing to challenge a proposed penalty must file a hearing request.

17 HHS/OCR June 200317 HIPAA Enforcement Rule: Hearing & Decision  Hearing will be conducted on the record before an administrative law judge.  Decision: –ALJ will issue a decision based upon the record. –May affirm, reject, increase or reduce CMPs.

18 HHS/OCR June 200318 More Information www.hhs.gov/ocr/hipaa/ OCR Privacy Toll Free Number: (866) 627-7748

Download ppt "Implementing and Enforcing the HIPAA Privacy Rule."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.

Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA POST-“HITECH”: Health Information Privacy Enforcement American Osteopathic Association of Medical Informatics November 4, 2009 12:30 to 2:00 pm Ian.

HIPAA POST-“HITECH”: Health Information Privacy Enforcement American Osteopathic Association of Medical Informatics November 4, :30 to 2:00 pm Ian.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA Enforcement NPRM HIPAA SUMMIT XI September, 2005 Susan A. Miller, JD COO, CPO HealthTransactions.com Susan A. Miller, JD COO, CPO HealthTransactions.com.

HIPAA Enforcement NPRM HIPAA SUMMIT XI September, 2005 Susan A. Miller, JD COO, CPO HealthTransactions.com Susan A. Miller, JD COO, CPO HealthTransactions.com.
1 Electronic Transactions and Code Sets Enforcement CMS Office of HIPAA Standards.

1 Electronic Transactions and Code Sets Enforcement CMS Office of HIPAA Standards.
OCR HITECH Enforcement Tips: Prevent, Detect and Quickly Correct HIPAA COW 2010 Spring Conference Privacy/Security Session 1 HIPAA Privacy Best Practices:

OCR HITECH Enforcement Tips: Prevent, Detect and Quickly Correct HIPAA COW 2010 Spring Conference Privacy/Security Session 1 HIPAA Privacy Best Practices:

Similar presentations

Ads by Google