We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byVictor Hancher
Modified over 2 years ago
HIPAA © HIPAA Solutions, LC 2007 HIPAA Enforcement Risks Rising For Healthcare In 2007 Presented by Peter MacKoul, J.D.
© HIPAA Solutions, LC 2007 Agenda Introduction HIPAA Evolution HIPAA Environment Regulations Misconceptions Court Rulings Current Enforcement Environment OIG Audits At Piedmont Hospital - Federal Audits Cleveland Clinic – Criminal Conviction Herman v. Kratch – Civil Action Sorensen v. Barbudo – Civil Action Acosta v. Byrum – Civil Action Northwest Memorial Hospital v. John Ashcroft AG of US – Public Records State AGs Create Enforcement Departments Legislative & Agency Environment
© HIPAA Solutions, LC 2007 Introduction Peter MacKoul, Esq. is an attorney and technical analyst with over 15 years of legal and technical consulting experience in both public and private sectors for major organizations including Blue Cross, IBM, Nextel, General Dynamics, educational institutions and local government. His legal background includes criminal and civil law. His expertise includes the areas of HIPAA, IT development, Internet law, healthcare issues and handicapped access to technology involving law, technology, privacy, and security. He served as a subject matter expert on HIPAA Privacy and Security in Texas for the Governors Health Information Technology Advisory Committee (HITAC) which created recommendations on healthcare IT issues related to privacy and security, including Regional Health Information Organizations (RHIOs). Mr. MacKoul has published articles on HIPAA; created compliance training resources and has been a featured speaker on issues of privacy and security for regional IT security conferences (TRISC), the Texas Healthcare Association (THA) and major technology events. He has also been referenced in technology publications such as ComputerWorld on HIPAA and privacy.
© HIPAA Solutions, LC 2007 HIPAA Statutes Focused On Protection Of Patient Privacy Chaos In Early Compliance Environment Technology Advances Are Outstripping Business Processes Healthcare Efficiency Pushing Technology / EMRs Identity Theft, Fraud, Homeland Security Raising Awareness of Security and Privacy Issues In a report last year, the World Privacy Forum found that the number of Americans identifying themselves in government documents as victims of medical identity theft had nearly tripled in just four years, to more than a quarter-million in NBC News April 2007 HIPAA Evolution
© HIPAA Solutions, LC 2007 Privacy Is At The Heart Of HIPAA Security Compliance Cannot Be Achieved Without Addressing Privacy Issues First HIPAA Environment - Regulations
© HIPAA Solutions, LC 2007 HIPAA Compliance Is Voluntary Only Class Action Litigation Is Allowed Only Healthcare Providers Are Effected State Laws Can Supercede HIPAA HIPAA Will Ultimately Go Away The Feds Are Not Enforcing HIPAA Its Not Necessary to Conduct Thorough Remediation HIPAA Environment - Misconceptions
© HIPAA Solutions, LC 2007 US Attorneys District Courts Appellate Courts Federal Courts Regulatory Agencies HIPAA Environment – Court Rulings
© HIPAA Solutions, LC 2007 March 8, 2007, issue of MEDICARE ADVANTAGE NEWSMEDICARE ADVANTAGE NEWS In a surprise move, OIG on March 5 began the first audit of a provider's compliance with the HIPAA security regulation. The target: Piedmont Hospital in Atlanta. Auditors are expected to stay at the hospital three to four weeks and then forward their findings to CMS, which enforces the security rule. This is the government's first systematic hands- on examination of compliance with any HIPAA regulation. Enforcement – OIG Audits
© HIPAA Solutions, LC 2007 March 8, 2007, issue of MEDICARE ADVANTAGE NEWSMEDICARE ADVANTAGE NEWS An OIG spokeswoman says, "We can't answer questions about ongoing work. The number of audits to do has yet to be determined." OIG auditors plan to audit Piedmont's administrative, physical and technical safeguards the core requirements under the security regulation. This will include the hospital's policies and procedures relating to access to electronic protected health information (e-PHI); the risk assessment relative to e-PHI; electronically transmitting e-PHI; preventing, detecting, containing and correcting security violations; monitoring systems; remote access; wireless security; anti-virus mechanisms; firewalls; and other e-PHI security requirements. Enforcement – OIG Audits
© HIPAA Solutions, LC 2007 Former Hospital Employee and Co-Conspirator Sentenced to Prison for Medicare Fraud and Identity Theft In Ft. Lauderdale... Machado was employed at the Cleveland Clinic when she and her cousin Ferrer stole the personal information of Cleveland Clinic and MHA patients. That information included, among other things, the patients' names, dates of birth, Social Security numbers, Medicare numbers and addresses. Enforcement – Cleveland Clinic Criminal
© HIPAA Solutions, LC 2007 Civil action against a clinic for the unauthorized disclosure of medical information invasion of privacy and the and intentional infliction of emotional distress after clinic sent patient's personal medical records to her employer. - Herman v. Kratch, 2006 WL (Ohio App. 8 Dist.) Enforcement – Herman v. Kratch - Civil
© HIPAA Solutions, LC 2007 The Appellate Court found in the unauthorized disclosure action that theclinic was liable for its unauthorized disclosure of patient's medical records; and with regard to the Invasion of Privacy tort, triable fact existed as to whether clinic's unauthorized disclosure of patient's medical records was the type of act that would cause a person of ordinary sensibilities outrage, mental suffering, shame, or humiliation. Herman v. Kratch, 2006 WL (Ohio App. 8 Dist.) Enforcement – Herman v. Kratch - Civil
© HIPAA Solutions, LC 2007 The court stated: while the document authorizes the Clinic to release plaintiff's medical information for purposes of payment, that is not what occurred here. The Clinic does not dispute that plaintiff's bills should have been sent to United Healthcare for payment, not Nestle. There is nothing in the Clinic's [HIPAA], notice document that authorized the release of plaintiff's medical information to the wrong payor, whether accidentally or not. Enforcement – Herman v. Kratch - Civil
© HIPAA Solutions, LC 2007 Many HIPAA cases are used by courts in other jurisdictions to decide cases in front of them. A good example of this is Sorensen v. Barbuto and Acosta v. Byrum. The Sorensen case, (handed down from the Appellate Court in Utah), appears to be the first case enabling a plaintiff to use HIPAA as a standard of care to bring a private cause of action involving the intentional infliction of emotional distress. Enforcement – Sorensen v. Barbudo - Civil
© HIPAA Solutions, LC 2007 This case provides a legal method enabling plaintiffs attorneys to utilize HIPAA as a standard of care to bring an individual action using HIPAA privacy regulations and standards instead of attempting to bring an individual lawsuit directly under HIPAA itself which is not permitted.... This allegation does not state a cause of action under HIPAA. Rather, plaintiff cites to HIPAA as evidence of the appropriate standard of care, a necessary element of negligence... Acosta v. Byrum, 638 S.E.2d 246, 2006 Enforcement – Acosta v. Byrum - Civil
© HIPAA Solutions, LC 2007 Northwest Memorial Hospital v. John Ashcroft Attorney General of United States The Northwestern case involved the potential of having de-identified medical records involving partial birth abortions made a part of the trial record in New York, thus available to skillful Googlers, as characterized by the court. Enforcement – Northwest Case – Public Records
© HIPAA Solutions, LC 2007 Northwest Memorial Hospital v. John Ashcroft Attorney General of United States The court elaborated on this Internet issue, before ruling that the Attorney General of United States could not access and use these records, let alone have them available to web surfers.... This ruling is highly significant in that it interprets the HIPAA Privacy rule covering de- identification as not sufficient to protect an organization that follows the rules in a partial birth abortion case. Northwestern Memorial Hospital v. Ashcroft, 362 F. 3d. 923 at 929. Enforcement – Northwest Case – Public Records
© HIPAA Solutions, LC 2007 HIPAA Enforcement Swings from Voluntary Compliance to Punishment for Violation of Privacy and Security Laws as States Join Federal Enforcement Under Federal Mandate (PRWeb) November 28, Congress passed the 2006 False Claims Act. States are ordered to actively investigate and prosecute both providers as well as business associates effective January 1, States are required to create a False Claims Division and keep the overwhelming majority of fines recovered. Enforcement – State AGs Create Enforcement
© HIPAA Solutions, LC 2007 Since voluntary compliance has been ignored many providers for years, the Federal Government has examined how to make physical and electronic compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) reality. Whistleblowers will be awarded 15% of fines. Enforcement – State AGs Create Enforcement
© HIPAA Solutions, LC 2007 HHS Delegates HIPAA Subpoena Authority To OCR.... Notice is hereby given that I have delegated to the Director of the Office for Civil Rights the following authority vested in the Secretary of Health and Human Services. Subpoenas for the Health Insurance Portability and Accountability Act of 1996: Authority under Section 205(d) of the Social Security Act (42 U.S.C. 405(d)), with authority to redelegate, to issue subpoenas requiring the attendance and testimony of witnesses and the production of any evidence.... Michael O. Leavitt, Secretary. [FR Doc. 07–1872 Filed 4–13– 07; 8:45 am]... Legislative & Agencies
© HIPAA Solutions, LC 2007 GAO blasts HHS on IT, privacy January 2007 GAO recommends that HHS define and implement an overall privacy approach that identifies milestones for integrating the outcomes of its initiatives, ensures that key privacy principles are fully addressed, and addresses challenges associated with the nationwide exchange of health information. Legislative & Agencies
© HIPAA Solutions, LC 2007 Summary Health Care Privacy & HIPAA Are Here To Stay Courts & Prosecutors Are Using HIPAA Privacy Compliance MUST Be A First Step In Security Technology Is Not A Replacement For Sound Business Processes Peter MacKoul, J.D. HIPAA Solutions, LC Toll Free:
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
STATE OF ARIZONA BOARD OF CHIROPRACTIC EXAMINERS Mission Statement The mission of the Board of Chiropractic Examiners is to protect the health, welfare,
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
V. 05/15/ Welcome to HIPAA What is HIPAA? HIPAA is the Healthcare Insurance Portability and Accountability Act. HIPAA is federal law managed and.
HIPAA PRIVACY AND SECURITY AWARENESS. Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in.
1 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18, 2008 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18,
HIPAA/HITECH TRAINING. Why are we here? HIPAA HITECH PHI Minimum Necessary “Need to Know” Breaches and Fines.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
The Deficit Reduction Act, Deficit Reduction Act of 2005 In the Deficit Reduction Act of 2005 (DRA) Congress, for the first time, has mandated healthcare.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Welcome! NAU HIPAA Awareness Training. What is HIPAA? A federal law dealing with the privacy and security of health information HIPAA stands for Health.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by? The Affordable Care Act Health Insurance companies United States Congress United States.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
POP QUIZ!! What does CMS stand for? What does HIPAA stand for? Which is a record of all of your visits with one doctor, EMR or EHR? Documents in a medical.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
Implementing and Enforcing the HIPAA Privacy Rule.
HIPAA Health Insurance Portability and Accountability Act of 1996.
Introduction to Healthcare and Public Health in the US Lecture b Regulating Healthcare This material (Comp1_Unit6b) was developed by Oregon Health and.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
DSDS Quality Assurance Unit State of Alaska, Dept. of Health and Social Services Division of Senior and Disabilities Services (DSDS) Quality Assurance.
1 HIPAA AWARENESS TRAINING ND Department of Health March 2003.
Flowers Hospital General Compliance Training-Students 2013.
Eliza de Guzman HTM 520 Health Information Exchange.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
© 2009 Foley Hoag LLP. All Rights Reserved.Presentation Title Final Massachusetts Pharmaceutical and Medical Device Regulations Penalties and Enforcement.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
An Introduction to Compliance and HIPAA Privacy RVHIMA Spring 2016 Meeting Joshua A. Lenavitt, MHA Regional Director of Compliance and Privacy Baptist.
HIPAA Privacy Rule Training. ©SHRM Introduction The Employee Benefits Security Administration (EBSA) administers several health care laws under.
Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.
Unit 7 Seminar. According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
© 2016 SlidePlayer.com Inc. All rights reserved.