HIPAA Tips and Advice for Your. Medical Practice

Similar documents
The HIPAA Omnibus Rule

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

Putting It All Together:

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

A Panel Discussion. Nancy Davis

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

University of Wisconsin-Madison Policy and Procedure

Privacy & Information Security Protocol: Breach Notification & Mitigation

Breach Notification Remember State Law

HIPAA Omnibus Notice of Privacy Practices

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance

Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits

Security and Privacy Breach Notification

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

The Relationship Between HIPAA Compliance and Business Associates

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA & Privacy Compliance Update

Security Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer

Steffanie Hall, RHIA HIM Director/Privacy Officer 1201 West 12 th Emporia, Kansas ext

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

HIPAA and HIPAA Compliance with PHI/PII in Research

HIPAA Privacy, Security and Breach Notification

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Into the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule

American Academy of Audiology Responses to Questions from HIPAA Webinar

HIPAA ( ) HIPAA 2017 Compliancy Group, LLC

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges


HIPAA Cloud Computing Guidance

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

Federal Breach Notification Decision Tree and Tools

David C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017

HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011

What s New with HIPAA? Policy and Enforcement Update

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

HIPAA Security and Privacy Policies & Procedures

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Texting and ing Patients, Providers and Others: HIPAA, CMS, and Suggestions

for the Dental Industry

QUALITY HIPAA December 23, 2013

The simplified guide to. HIPAA compliance

HIPAA Comes of Age: 21 Years of Privacy and Security

HIPAA Privacy and Security Training Program

Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates

HIPAA For Assisted Living WALA iii

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

DeliverySlip for Dental Practices

Incident Response: Are You Ready?

(c) Apgar & Associates, LLC

HIPAA Security & Privacy

Abbie Miller, MCS-P. Ongoing Internal Auditing. Documentation Reviews 5/16/2015.

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance

PRIVACY-SECURITY INCIDENT REPORT

HIPAA Security Manual

HIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL

Performing HIPAA Security Reviews

Patient Access & Charging for Medical Records. General Right to Access. Requests for Access. Charging for Copies

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Your Information. Your Rights. Our Responsibilities.

University of Mississippi Medical Center Data Use Agreement Protected Health Information

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

RETINAL CONSULTANTS OF ARIZONA, LTD. HIPAA NOTICE OF PRIVACY PRACTICES. Our Responsibilities. Our Uses and Disclosures

Data Breach Response Guide

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules

HIPAA FOR BROKERS. revised 10/17

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Hospital Council of Western Pennsylvania. June 21, 2012

HIPAA Privacy, Security and Breach Notification 2017

HIPAA Privacy, Security and Breach Notification 2018

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

NOTICE OF PRIVACY PRACTICES

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

LifeWays Operating Procedures

DON T GET STUNG BY A BREACH! WHAT'S NEW IN HIPAA PRIVACY AND SECURITY

HIPAA Compliance and Auditing in the Public Cloud

Advanced HIPAA /19/2016. Today s Agenda. What is the HIPAA Privacy Rule? Abbie Miller, MCS-P

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

AGREEMENT FOR RECEIPT AND USE OF MARKET DATA: ADDITIONAL PROVISIONS

HIPAA 101: What All Doctors NEED To Know

Audits Accounting of disclosures

Mobile Application Privacy Policy

Understanding the Impact of Data Privacy January 2012

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Integrating HIPAA into Your Managed Care Compliance Program

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018

When the Other Brother Steps Up: State Privacy Enforcement Actions

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement

Seven gray areas of HIPAA you can t ignore

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

University Policies and Procedures ELECTRONIC MAIL POLICY

Summary Comparison of Current Data Security and Breach Notification Bills

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Data Backup and Contingency Planning Procedure

Notice of Privacy Practices Page 1

Employee Security Awareness Training Program

Transcription:

HIPAA Tips and Advice for Your Ericka L. Adler Medical Practice Rachel V. Rose

WHY Header HIPAA PATIENT and Medical PORTALS? Practices HIPAA Basics Who is a covered entity? What is PHI? When can you disclose PHI (TPO)? When do you need an authorization? How do you handle complaints?

WHY Header HIPAA PATIENT and Medical PORTALS? Practices HIPAA Basics What is minimum necessary? Who is a business associate? What is a BAA? What is a Notice of Privacy Practices? How do you handle a breach? Who is in charge of HIPAA compliance?

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? 1. Direct liability of Business Associates Failure to comply with BAA related to PHI Failure to provide PHI to HHS upon demand Failure to provide PHI to an individual upon request Failure to make reasonable efforts to limit PHI to minimum necessary Failure to enter into BAA with subcontractors

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? 2. Business Associates directly liable for their HIPAA violations 3. Subcontractors are also Business Associates and must sign BAAs 4. Changes to BAA form must comply by Sept. 23, 2013

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? 5. Enforcement / penalties: Did Not Know penalty $100 to $50,000 per violation (would not have known) Reasonable Cause penalty $100 to less than $50,000 per violation when reasonable cause and not willful neglect Willful Neglect-Corrected penalty $10,000 to less than $50,000 per violation Willful Neglect-Not Corrected penalty $50,000 per violation Annual maximum $1.5 million

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? 6. Prohibition on accepting remuneration for PHI without patient authorization, except under certain circumstances 7. Notices of privacy practices required by Sept. 23, 2013 Use of PHI related to psychotherapy, marketing, sale of PHI Right to opt out of fundraising communications Right to restrict disclosures to a health plan where paying out of pocket Right to be notified about PHI breaches

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? 8. Modification to Breach Notification Rule a) Notify any patient whose PHI has been compromised or breached in a manner that compromises the security and privacy of the patient s PHI. b) An impermissible use or disclosure of PHI is presumed to be a breach unless the practice can demonstrate that there is a low probability that the protected health information has been compromised based on the following four factors: The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification; The unauthorized person who used the PHI or to whom the disclosure was made; Whether the PHI was actually acquired or reviewed; and The extent to which the risk to the PHI has been mitigated

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? 9. Breach notification No later than sixty (60) days from a breach, the practice must provide written notice (via first class U.S. mail or e-mail if the patient has previously expressed a preference for e-mail communication) to the patient whose PHI is subject to such breach. In the event contact information for ten (10) or more persons subject to a breach is out of date or incomplete, the practice must post a notice on its website for ninety (90) consecutive days. The notice will provide a description of the breach and a toll-free number for those who may be affected to contact the practice. In no event will any patient-specific information be posted to the website.

WHY Header Final HIPAA PATIENT Rule PORTALS? What Does the Final HIPAA Rule Mean for Physicians? In the event notice to a patient is urgent or of a nature that the patient must be notified immediately, the practice must telephone the patient directly regarding the breach. If a breach involves more than 500 patients in a given state or geographic area, the practice must immediately, but in no event more than sixty (60) days from discovery of the breach, notify a local, prominent media market. In addition, practice must notify HHS of the breach contemporaneous with the notice to patients. The practice must maintain a log of all breaches affecting less than 500 patients in any calendar year. Within sixty (60) days of the end of the calendar year, the covered entity will notify HHS of all breaches (other than low probability breaches).

WHY Header Common PATIENT HIPAA Mistakes PORTALS? What are the most common HIPAA mistakes by medical practices? Not executing BAA agreements Not implementing the requisite technology safeguards

WHY Header Common PATIENT HIPAA Mistakes PORTALS? What are the most common HIPAA mistakes by medical practices? Not reviewing state, local requirements Example: Texas HB 300 Not performing a risk analysis

WHY Header HIPAA PATIENT Best Practices PORTALS? HIPAA Best Practices for Physicians Establish a compliance program Understand the potential source of breaches

WHY Header HIPAA PATIENT Best Practices PORTALS? HIPAA Best Practices for Physicians Update BAA Agreements Joint ventures and ACOs Curtail to different vendors Establish relationship (delineate state, federal designations as a covered entity, business associate, or subcontractor) Evaluate technology safeguards regularly

WHY Header Conclusion PATIENT PORTALS? For more information: eadler@kr-law.com rvrose@rvrose.com PhysiciansPractice.com/HIPAA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback