HIPAA 101: What All Doctors NEED To Know

Similar documents
HIPAA ( ) HIPAA 2017 Compliancy Group, LLC

The Relationship Between HIPAA Compliance and Business Associates

HIPAA and HIPAA Compliance with PHI/PII in Research

HIPAA Federal Security Rule H I P A A

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

Putting It All Together:

Universal Patient Key

HIPAA & Privacy Compliance Update

University of Mississippi Medical Center Data Use Agreement Protected Health Information

All Aboard the HIPAA Omnibus An Auditor s Perspective

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

HIPAA Security and Privacy Policies & Procedures

HIPAA Privacy, Security and Breach Notification

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

HIPAA Privacy and Security Training Program

HIPAA and Social Media and other PHI Safeguards. Presented by the UAMS HIPAA Office August 2016 William Dobbins

The ABCs of HIPAA Security

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Hospital Council of Western Pennsylvania. June 21, 2012

HIPAA Audit Don t just bet the odds Good luck is a residue of preparation. Jack Youngblood

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

HIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL

Healthcare Privacy and Security:

Data Backup and Contingency Planning Procedure

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

HIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

The HIPAA Omnibus Rule

HIPAA FOR BROKERS. revised 10/17

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011

A Security Risk Analysis is More Than Meaningful Use

Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014

Policy. Policy Information. Purpose. Scope. Background

EXAMPLE 3-JOINT PRIVACY AND SECURITY CHECKLIST

University of Wisconsin-Madison Policy and Procedure

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017

Banner Health Information Security and Privacy Training Team. Morgan Raimo Paul Lockwood


Vendor Security Questionnaire

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

Compliance & HIPAA Annual Education

Security Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Security Overview. Joseph Balberde North Country Community Mental Health Information Technology Director

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

Integrating HIPAA into Your Managed Care Compliance Program

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

HIPAA UPDATE. Michael L. Brody, DPM

HIPAA Security Manual

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID

The simplified guide to. HIPAA compliance

IT Security in a Meaningful Use Era C&SO HIMSS Meeting

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure

POLICY. Create a governance process to manage requests to extract de- identified data from the Information Exchange (IE).

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

Physician Office Name Ambulatory EHR Security Risk Analysis

HIPAA For Assisted Living WALA iii

Incident Response: Are You Ready?

(c) Apgar & Associates, LLC

SO YOU RE BUILDING A HIPAA-COMPLIANT APP...

Request for Proposal HIPAA Security Risk and Vulnerability Assessment. May 1, First Choice Community Healthcare

ENCRYPTED . Copyright UT Health 1

Attachment B Newtopia Wellness Program and Genetic Testing. The Health Risk Assessment also invites individuals to undergo genetic testing.

3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules

HIPAA/HITECH Privacy & Security Checklist Assessment HIPAA PRIVACY RULE

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

David C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017

HIPAA Cloud Computing Guidance

efolder White Paper: HIPAA Compliance

Horizon Health Care, Inc.

Overview of Datavant's De-Identification and Linking Technology for Structured Data

Boerner Consulting, LLC Reinhart Boerner Van Deuren s.c.

HIPAA Tips and Advice for Your. Medical Practice

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

EXAMPLE 2-JOINT PRIVACY AND SECURITY CHECKLIST

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Into the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule

View the Replay on YouTube

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Breach Notification Remember State Law

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Security and Privacy Breach Notification

Best Practices in HIPAA Security Risk Assessments

Transcription:

HIPAA 101: What All Doctors NEED To Know 1

HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy standards 2

The HIPAA Privacy Rule The HIPAA privacy rule defines the type of information that must be kept private by categorizing it as Protected Health Information, or PHI for short. PHI can exist in written, oral, and electronic formats 3

Examples of PHI Name Birth Date Fax Number Account Number Web Universal Resource Locator (URL) Street Address Admission Date Electronic mail address CerAficate/License Number License Plate Number City Discharge Date Social Security Number Vehicle and Serial Number Device IdenAfier and Serial Number Precinct Date of Death Medical Record Number Internet Protocol Number Full Face Photographic Images Zip Code Telephone Number Health Plan Beneficiary Number Biometrics IdenAfiers (i.e. finger prints) Any Other Unique IdenAfying Number, CharacterisAc, or Code 4

Minimum Necessary Limits the way Workforce Members may use and disclose PHI. The workforce must have a job-related reason to use and/or disclose PHI. Requires that the workforce use only the minimum amount of PHI necessary to get the job done. This is what HIPAA defines as the MINIMUM NECESSARY Standard. Our Workforce: an employee, contracted provider, volunteer, trainee, subcontractor, consultant or other under direct supervision. 5

Patient Privacy Rights Right to access PHI Right to request an amendment to PHI Right to request restrictions on how PHI is used for treatment, payment, and healthcare operations Right to receive confidential communications Right to request an accounting of disclosures Right to complain to the Department of Health and Human Services Office for Civil Rights 6

HIPAA Security HIPAA security applies to PHYSICAL, TECHNICAL, and ADMINISTRATIVE safeguards that are put in place to protect the confidentiality of information. Passwords File Cabinets ID Numbers Protected Information 7

Electronic Protected Health Information HIPAA requires administrative, physical, and technical safeguards to be implemented to address the confidentiality, integrity, and availability of ELECTRONIC PROTECTED HEALTH INFORMATION (ephi). 8

HIPAA Compliance HIPAA compliance Mandatory for 7,000,0000 Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant! HITECH/EHR incentive requires: Stage 1. Risk Assessment for Meaningful Use Core Measure 15 Stage 2. Illustrate corrective actions Omnibus Rule Compliance date was September 2013 Requires CEs/BAs to be HIPAA compliant CE must have (BAAs) Business Associate Agreements 9

Trends in HIPAA Enforcement Dentist (Indiana) Pharmacy (Colorado) Nonprofit (Alaska) Hospital (Texas) Anthem Indiana Dentist License Permanently Revoked for Mishandling medical records Denver Pharmacy failed to provide training as required by the Privacy Rule. Alaskan Nonprofit policies and procedures were not followed and/or updated. Wellpoint Inc. $1.7 Million settlement caused by a BA performing software upgrade 10

The Big Misconception I completed a Risk Assessment, I m HIPAA Compliant. A Risk Assessment is only a part of HIPAA compliance. ALL aspects of HIPAA are needed to pass an audit. 70% of Covered Entities are not compliant 79% of Covered Entities fail their Meaningful Use audit CEs fail to understand the difference between HIPPA and HITECH. Problems were discovered with most or all CE s policies and procedures including those for performing Risk Assessments 1 89% of the entities audited were non-compliant in one or more areas. Security Rule issues accounted for 60% of the findings and observations, while the Privacy and Breach Notification Rules yielded 30% and 10% respectively 2 1 : CMS Compliance Reviews, HIPAA Compliance Review Analysis and Summary of Results 2 : hyp://www.healthcare- informaacs.com/aracle/ocr- audits- forewarned- forearmed 11

A Risk Assessment is NOT enough! Administrative Audit Privacy Audit Security Audit Meaningful Use Risk Assessment Completing a risk assessment does not make you HIPAA compliant. 12

The Seven Fundamental Elements of an Effective Compliance Program Compliance according to HHS: 1. Implementing written policies, procedures and standards of conduct. 2. Designating a compliance officer and compliance committee. 3. Conducting effective training and education. 4. Developing effective lines of communication. 5. Conducting internal monitoring and auditing. 6. Enforcing standards through well-publicized disciplinary guidelines. 7. Responding promptly to detected offenses and undertaking corrective action. *Source HHS & OIG 13

The HIPAA Compliance Puzzle Incident Management Audits SRA (Security Risk Assessment), Administrative, Privacy Remediation Plans Business Associate Management HIPAA Compliance Policies, Procedures & Training u The pieces of HIPAA compliance. u Every piece needs to be completed annually or as the regulations change. u Missing even one piece can result in fines or loss of reputation. Document Version Employee Attestation & Tracking 14

Compliance Plan Step 1. Assess where you are against the regulation (GAP) The key to a risk analysis is auditing yourself against the administrative, technical, and physical aspects of HIPAA A risk analysis will help you attest to Meaningful Use Stage 1 Core Requirement 15 Step 2. Remediation Plan Prove that you remediated the deficiencies identified in the risk analysis Policies & Procedures, Training, and Attestation 15

Compliance Plan (Continued) Step 3. How do you prove it? Successful compliance plans address: Administration and Technical Policies and Procedures IT security Devices installed and maintained within your organization Physical Security within physical locations of your practice(s) (MU Stage 2 Core Requirement 9 requires remediation of found deficiencies during the risk analysis to be documented and completed) Step 4. Maintain your compliance As the regulations, staff, and practice changes 16

For more information, contact: Sales & Demo Scheduling Questions Marc Haskelson 855.854.4722 ext 507 marc@compliancygroup.com HIPAA Questions Bob Grant 855.854.4722 ext 502 bob@compliancygroup.com 17

The Total Compliance Solution The Guard Compliance Simplified Audits Security, Administrative, Privacy Achieve Compliance Coaching Illustrate Seal of Compliance Maintain HIPAA Hotline HIPAA Compliant Incident Management Business Associate Management Document Version Employee Attestation & Tracking Remediation Planning Policies, Procedures & Training u All aspects of compliance satisfied u Compliance simplified! u Compliance Coach walks the client through the whole journey u No client has ever failed an audit! Find out more now: www.compliancy-group.com 855.85 HIPAA (855.854.4722) 18

19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback