Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA and the TAS: Is it As Bad As We Thought It Would Be? Thoughts on Current Experiences and Problems Marty Ween, Esq Wilson Elser Moskowitz Edelman.

Similar presentations


Presentation on theme: "HIPAA and the TAS: Is it As Bad As We Thought It Would Be? Thoughts on Current Experiences and Problems Marty Ween, Esq Wilson Elser Moskowitz Edelman."— Presentation transcript:

1 HIPAA and the TAS: Is it As Bad As We Thought It Would Be? Thoughts on Current Experiences and Problems Marty Ween, Esq Wilson Elser Moskowitz Edelman & Dicker LLP Henry Cifuentes Vice President – Hays Affinity April 30, 2014

2 Webinar Agenda ATSI / Hays Program Intro Speaker Intro ATSI / Hays PL Policy Highlights Questions

3 About the ATSI/Hays Insurance Program The same program underwriters and defense law firm for over 20 years Program exclusively offered to ATSI members, however, all may obtain a quote Policy is tailored to your industry, it is not a miscellaneous policy – common in the marketplace ATSI and Hays are both constantly working with the underwriters to provide a competitive and industry leading product

4 Program Enhancements  Cyber Liability Coverage $100,000 Now included at no additional cost. Higher options available for nominal premium, up to $1,000,000 Coverage provides protection for: –Allegations of failing to prevent unauthorized access to computer systems –Releases or transmitting of a computer virus –Destruction, corruption or removal of electronic data stored or transmitted  HIPPA/HITECH Fines Coverage Important if you have any medical related clients/business Reimbursement for Fines and Penalities - $50,000/$100,000 at no additional cost. Higher limits available for a nominal additional premium. HIPPA/HITECH – if a third party claim, coverage up to your policy limit.

5 Program Enhancements With the Professional Liability Insurance in place, we can also assist with:  Business Owners Package  General Liability  Business Property  Workers Compensation  Commercial Business Auto  Employment Practices Liability Just launched in the past month:  Life  Disability  Long-Term  Personal Umbrella Please visit the program website for more information.

6 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Martin M. Ween Senior Partner Association of TeleServices International Webinar – April 30, 2014 HIPAA and the TAS: Is it as Bad as We Thought it Would Be? Thoughts on Current Experiences and Problems Albany Baltimore Boston Chicago Connecticut Dallas Denver ∙ Detroit ∙Houston Las Vegas London ∙ Long Island Los Angeles Miami New Jersey New York Orlando Philadelphia San Diego San Francisco Virginia Washington, DC White Plains Affiliate Offices: Berlin Cologne Frankfurt am Main Munich Paris

7 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP HIPAA and the TAS: Is it as Bad as We Thought It Would Be? Purpose of this Webinar –1. Provide a short description of HIPAA, HITECH, the Privacy and Security Rules and what is required for Business Associate Agreements –2. What issues have arisen since the final Privacy and Security Rules became effective –3. Provide some suggestions to approach these issues

8 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act of It is a federal law that protects the privacy of individually identifiable health information, or “Protected Health Information” (“PHI”).

9 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What is Protected Health Information?  PHI can include, name, age, gender and other personal demographic information such as phone number, address and more, health status information, prescription drug information, healthcare payment information and prior existing conditions.

10 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Privacy Rule The Secretary of Health and Human Resources established the Privacy Rule effective April 14, 2001 to set national standards to protect individuals’ medical records and other personal health information and applied to health plans, health care clearinghouses and to any health care provider who transmits health information (also known as “Covered Entities”).

11 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Privacy Rule The Privacy Rule also dealt with “Business Associates” of the Covered Entities and the need for these parties to enter into “Business Associate Agreements” (later referred to as “Business Associate Contracts”) confirming compliance with the Privacy Rule.

12 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Security Rule The Security Rule, effective February 2003, requires the “Covered Entities” to use measures that would reasonably and appropriately ensure the confidentiality, integrity and availability of electronic PHI (or “ePHI”); protect against reasonably anticipated threats, hazards, uses or disclosures of ePHI; and ensure that the work force of a covered entity complies with this rule.

13 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What is HITECH? HITECH is the Health Information Technology for Economic and Clinical Health Act, as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”), or the “Stimulus” Act. HITECH was aimed at various areas of concern under HIPAA and the Privacy and Security Rules, including establishing greater protections for ePHI by encryption, as well as to promote the use of electronic information systems. HITECH obligated Business Associates to comply with the HIPAA Privacy and Security Rules on the same basis as Covered Entities and made the Business Associates directly subject to the same civil and criminal penalties for violations.

14 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Why Does Compliance Matter? Audits Civil Penalties $100 to $50,000 per individual violation $25,000 to $1.5 million for multiple violations in a single year. Criminal penalties can range up to $50,000 to as much as $250,000, with imprisonment from one year to as much as ten years. Both the civil and criminal penalties can apply to the organization and its officers, as well as to the individual violators.

15 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP The Final Privacy and Security Rules After a lengthy public comment process, the final Privacy and Security Rules under HIPAA/HITECH were adopted as of January 25, 2013 Business Associate Agreements were required to be in compliance with these final Rules between September 23, 2013 and September 23, 2014, depending on their renewal date

16 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? HHS has required ten items for the Business Associate Contract: 1.The permitted and required uses by and disclosures of potential Protected Health Information to the Business Associate; 2.The acknowledgement by the Business Associate that it will not use or further disclose the protected information other than as permitted or required by the services agreement or by law; (

17 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 3.The agreement of the Business Associate that it will implement appropriate safeguards to protect against unauthorized use or disclosure of the protected information, including safeguards as to Electronic Protected Health Information; 4.The Business Associate must report to the Covered Entity any use or disclosure of the protected information not permitted within the services contract within sixty days of the disclosure;

18 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 5.The Business Associate has to disclose protected health information if the Covered Entity receives a request from an individual for his or her protected health information, as well as making the protected health information available for amendments and accountings; 6.The Business Associate has to acknowledge that it will comply with the Privacy Rule to the extent the Business Associate is performing the work of the Covered Entity;

19 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 7.The Business Associate has to make available to HHS its internal practices, books and records in connection with the use and disclosure of protected health information received from, or created or received by the Business Associate on behalf the Covered Entity; 8.If the telephone answering services contract is terminated and, as a result, the Business Associate Contract is terminated, the Business Associate must return or destroy the protected health information it received or created for the Covered Entity;

20 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? 9.The Business Associate must ensure that any subcontractors it may retain that has access to protected health information agree to the same restrictions and conditions that apply to the Business Associate; and 10.The Business Associate Contract must be terminable by the Covered Entity if the Business Associate violates a material term of the contract.

21 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What do the Final Privacy and Security Rule Require in a Business Associate Contract ? The Business Associate Contracts in place as of the final Rules that were based on the ATSI sample agreement were generally compliant with these Rules, but needed review and revision for a number of differences.

22 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP What are the Issues That Have Come Up after the Final Rules? 1.Clients who refuse to sign a Business Associate Contract 2.Clients who refuse to sign your proposed Business Associate Contract and propose their own form, with unfair or unacceptable terms 3.Getting your subcontractors to sign a Business Associate Contract

23 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Some Suggested Approaches to these Issues Establish a Business Associate Agreement by your unilateral written agreement to comply with the statutes and the Rules For new clients, or clients being given new service contracts, put in a requirement that all parties will execute a Business Associate Contract and/or put into the services contract the agreement to comply Ask HHS for an interpretation or opinion

24 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP Some Suggested Approaches to these Issues Agree to the use of the client’s own form with modifications to avoid losing insurance coverage Alternative pricing to take into consideration increased risk if the client insists on the use of its form

25 Wilson Elser Wilson Elser Moskowitz Edelman & Dicker LLP For more information, please contact: Martin M. Ween Senior Partner Wilson, Elser, Moskowitz, Edelman & Dicker, LLP 150 East 42 nd Street New York, NY T: F:

26 Questions ?

27 ATSI / Hays Insurance Program https://atsi.haysaffinity.com For more information, please contact: Henry Cifuentes or


Download ppt "HIPAA and the TAS: Is it As Bad As We Thought It Would Be? Thoughts on Current Experiences and Problems Marty Ween, Esq Wilson Elser Moskowitz Edelman."

Similar presentations


Ads by Google