Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compliance and Enforcement of the Privacy Rule. HHS/OCR February/March 20032 Compliance Date  April 14, 2003 – Compliance for all but small health plans.

Published byMyra Doyle Modified over 9 years ago

Similar presentations

Presentation on theme: "Compliance and Enforcement of the Privacy Rule. HHS/OCR February/March 20032 Compliance Date  April 14, 2003 – Compliance for all but small health plans."— Presentation transcript:

1 Compliance and Enforcement of the Privacy Rule

2 HHS/OCR February/March 20032 Compliance Date  April 14, 2003 – Compliance for all but small health plans  One year extension for small health plans  No statutory extension available in Privacy Rule, unlike extension available for Transaction Rule through 10/16/03

3 HHS/OCR February/March 20033 Office for Civil Rights  Enforces Civil Rights laws and the Privacy Rule  With respect to the Privacy Rule: –Promote voluntary compliance –Investigation and Resolution of Complaints –Exception Determinations

4 HHS/OCR February/March 20034 Why Voluntary Compliance?  Promoted by HIPAA statute and Privacy Rule –Education, Cooperation, Technical Assistance –Permitted even after investigation commences –Can help mitigate CMPs  Most efficient way to promote privacy

5 HHS/OCR February/March 20035 Technical Assistance  Integrated Rule and Preambles to Dec. 2000, Aug. 2002 Final Rules  Covered Entity decision tool  December 4, 2002 Guidance  Targeted Technical Assistance materials under development  Fact sheet on August 2002 modifications  Sample Business Associate Contract  FAQs on our website  http://www.hhs.gov/ocr/hip aa/

6 HHS/OCR February/March 20036 December 4, 2002 Guidance  General Overview  Incidental Uses and Disclosures  Minimum Necessary  Personal Representatives  Business Associates  Uses and Disclosures for Treatment, Payment and Health Care Operations  Marketing  Public Health  Research  Workers’ Compensation Laws  Notice  Government Access  Miscellaneous FAQs

7 HHS/OCR February/March 20037 Investigations & Compliance Reviews  OCR may investigate complaints  OCR may conduct compliance reviews to determine whether Covered Entities are in compliance

8 HHS/OCR February/March 20038 Filing Complaints  Any person or organization may file complaint with OCR by mail or electronically –Only for possible violations occurring after compliance date –Complaints should be filed within 180 days of when the complainant knew or should have known that the act or omission occurred  Individuals may also file complaints with Covered Entity

9 HHS/OCR February/March 20039 Complaint Process  Informal review may resolve issue fully without formal investigation –Many complaints will be resolved at this stage  If not, begin investigation –Voluntary resolution yet possible  Technical Assistance

10 HHS/OCR February/March 200310 Civil Monetary Penalties (CMPs)  CMPs can be imposed by OCR: –$100 per violation –Capped at $25,000 for each calendar year for each identical requirement or prohibition that is violated Covered Entity has a right to notice and a hearing before a CMP becomes final

11 HHS/OCR February/March 200311 No CMPs if:  Person did not know – and by exercising reasonable diligence would not have known - of the violation  If failure to comply is due to reasonable cause and not willful neglect and entity corrects within 30 day cure period  Offense is punishable by criminal sanction

12 HHS/OCR February/March 200312 CMP Flexibility Summary  Exceptions  Potential extension of the 30 day cure period  CMP reduction possible if: –Amount excessive relative to violation –Due to reasonable cause/not willful neglect

13 HHS/OCR February/March 200313 Criminal Penalties for Wrongful Disclosures  For knowingly obtaining or disclosing identifiable health information relating to an individual in violation of the Rule: –Up to $50,000 & 1 year imprisonment –Up to $100,000 & 5 years if done under false pretenses –Up to $250,000 & 10 years if intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm  Enforced by DOJ

14 HHS/OCR February/March 200314 Additional Information www.hhs.gov/ocr/hipaa/ OCR Privacy Toll Free Number: (866) 627-7748

Download ppt "Compliance and Enforcement of the Privacy Rule. HHS/OCR February/March 20032 Compliance Date  April 14, 2003 – Compliance for all but small health plans."

Similar presentations

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.

Dinsmore & Shohl, LLP Stacey Borowicz, Esq. Simi Botic, Esq. August 14, 2013.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.

Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA POST-“HITECH”: Health Information Privacy Enforcement American Osteopathic Association of Medical Informatics November 4, 2009 12:30 to 2:00 pm Ian.

HIPAA POST-“HITECH”: Health Information Privacy Enforcement American Osteopathic Association of Medical Informatics November 4, :30 to 2:00 pm Ian.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.

HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Similar presentations

Ads by Google