Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Published byKennedy Dowers Modified over 9 years ago

Similar presentations

Presentation on theme: "Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT."— Presentation transcript:

1 Forming Your HIPAA Compliance Plan PRESENTED BY

2 Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT Total HIPAA Compliance Today’s Presenters

3 This program is educational and does not constitute, and may not be construed as, legal advice to, or creating an attorney-client relationship with, any person or entity. Housekeeping The materials referenced here are subject to change, so frequent review of the source material is suggested. 3

4 A compendium of your organization’s Policies and Procedures describing your Privacy and Security obligations over your Protected Health Information. What is a HIPAA Compliance Plan? 4

5 The purpose of your plan is to… Provide evidence of your organization’s compliance with HIPAA’s Privacy and Security Regulations Serve as a blueprint for getting your organization into compliance 5

6 What is a HIPAA Compliance Plan? Am I required to have a plan? The answer is YES. HIPAA requires Covered Entities to maintain all of the Privacy Policies and Procedures required by Federal Regulations. (45 CFR 164.530) Privacy Security HIPAA requires Covered Entities to implement Polices and Procedures to prevent, detect, contain and correct security violations as to PHI in electronic form. (45 CFR 164.308) 6

7 What is a HIPAA Compliance Plan? What’s the risk of not having or using a plan? The Office of Civil Rights of the US Dept. of Health and Human Services and State Attorney Generals have the power to sanction, fine or impose criminal sanctions on Covered Entities failing to comply with HIPAA regulations. 7

8 Violators BIG and Small Mass Eye and Ear Infirmary Settled a HIPAA Violation Case by paying $1.5 million. OCR cited the hospital for failure to adopt HIPAA-required policies and procedures In 2012, a five-physician cardiac practice in Arizona paid $100,000 for violating HIPAA. The practice posted appointment schedules on a publicly-accessible calendar OCR noted that the Practice had implemented few of the policies and procedures required by HIPAA. 8

9 On the Horizon In addition, physician practices and others now face Common Law Tort (Negligence) Liability for failure to comply with HIPAA Bryn v. Avery Center for Obstetrics, 2014 Conn., Lexis 386 Walgreen Co. v. Abigail Hichy, Ind. Ct. App. (2014) 9

10 @nuemd @totalhipaa + What’s in a HIPAA Compliance Plan? 10 Privacy and Security Policies and Procedures Privacy and Security Personnel Workforce Training and Management Data Safeguards Complaint Mechanism Retaliation and Waiver Document and Record Retention (among others)

11 Who Are The Players? Covered Entities Business Associates Business Associate Subcontractors 11

12 @nuemd @totalhipaa + 1.Choosing Privacy and Security Officers 2. Performing a Risk Assessment 3. Creating Privacy & Security Policies/Procedures 4. Business Associate Agreements 5. Training Employees Steps for Forming Your Compliance Plan 12

13 @nuemd @totalhipaa + An officer within company Can sanction employees for non-compliance One person could fill both positions Requires strong organizational skills Without Privacy and Security Officers, your practice/company is not HIPAA Compliant! 1. Choosing Privacy and Security Officers 13

14 Privacy Officer Responsibilities Adopts and enforces appropriate policies to comply with HIPAA Oversees enforcement of employee and patient Privacy Rights Posts the organization’s current Notice of Privacy Practices Sends and updates Business Associate Agreements as needed Ensures all staff is trained on HIPAA Privacy Policies/Procedures 14

15 Security Officer Responsibilities Oversees the Security of ePHI during Transit, Rest, and Storage Identifies potential threats to confidentiality/availability of ePHI Responds to actual or suspected Breaches of ePHI Consults with the Privacy Officer before hiring outside vendors Coordinates periodic Security audits of all computers/networks Works closely with HHS if there is an audit Ensures all staff is trained on HIPAA Security Policies/Procedures 15

16 Do It Yourself Hire an Outside Firm 2. Performing a Risk Assessment 16

17 Performing Your Own Risk Assessment Utilize a Risk Assessment tool Be thorough Conduct annually In addition to annual assessments, you need to revisit your assessment whenever there is: - Security Breach - Theft - Change in hardware/software 17

18 3. Creating Privacy & Security Policies/Procedures Create two documents using your Risk Assessment as a guide Spell out how you will protect your patients’ and/or employees’ PHI Use a template, or your legal counsel can help you create these documents 18

19 @nuemd @totalhipaa + 4. Business Associate Agreements Identify Your Business Associates/BA Subcontractors These are vendors who have access to your PHI Review their compliance plans The 2013 HIPAA Omnibus penalizes BA’s for Breaches Their Breaches could become your Breaches Review the Subcontractors they use Collect signed Business Associate Agreement Be sure this Agreement conforms to HIPAA’s requirements Be wary of extra provisions that could compromise your practice or business 19

20 @nuemd @totalhipaa + 5. Training Employees Remember to train on your organization’s HIPAA Obligations, Policies, and Procedures: How often do you require password changes? What mobile devices are approved for use? What are your sanction policies? 20

21 Special Thanks Taylor English Duma LLP is a full-service law firm built from the ground up to provide highest-quality legal services for optimal value. The firm was founded in 2005 and its attorneys work each day to provide timely, creative and cost-effective counsel to help clients solve problems and achieve goals. Taylor English represents all types of clients— from Fortune 500 companies to start-ups to individuals. 21

22 Questions?

Download ppt "Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
(c) 2013 James J. Eischen, Jr., Esq.

(c) 2013 James J. Eischen, Jr., Esq.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Hipaa privacy and Security

Hipaa privacy and Security
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.

Similar presentations

Ads by Google