Presentation is loading. Please wait.

Presentation is loading. Please wait.

U NDERSTANDING HIPAA C OMPLIANCE I N 2014: E THICS, T ECHNOLOGY, H EALTHCARE & LIFE J ULIE M EADOWS -K EEFE G ROSSMAN, F URLOW, AND B AYÓ, LLC 2022-2 R.

Published byBrandon Goodnow Modified over 9 years ago

Similar presentations

Presentation on theme: "U NDERSTANDING HIPAA C OMPLIANCE I N 2014: E THICS, T ECHNOLOGY, H EALTHCARE & LIFE J ULIE M EADOWS -K EEFE G ROSSMAN, F URLOW, AND B AYÓ, LLC 2022-2 R."— Presentation transcript:

1 U NDERSTANDING HIPAA C OMPLIANCE I N 2014: E THICS, T ECHNOLOGY, H EALTHCARE & LIFE J ULIE M EADOWS -K EEFE G ROSSMAN, F URLOW, AND B AYÓ, LLC 2022-2 R AYMOND D IEHL R D. T ALLAHASSEE, FL. 32308 (850) 385-1314 J. MEADOWS - KEEFE @ GFBLAWFIRM. COM

2 D OES IT P UT Y OU I N A B AD M OOD ?

3 H OW M UCH P RIVACY D O Y OU H AVE ? How Much Privacy Are You Willing To Give Up?

4 P ERCEIVED B ARRIERS ?

5

6 W IRED M AGAZINE 11-15-12  The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.

7 S O W E R ECOGNIZE W E A RE A LL V ULNERABLE

8  “A stolen medical identity has a $50 street value – whereas a stolen social security number, on the other hand, only sells for $1.00” said Kirk Herath, Nationwide Chief Privacy Officer.

9 F ACTS A BOUT M EDICAL I DENTITY T HEFT  1.5 Million American Affected  Average cost to restore identity is over $20,000.  Medical identity theft comprises 3% of all identity thefts  Nearly half of victims lose their coverage  Can take a year to discover  Healthcare was most breached industry in 2011

10 S O W HAT D OES HIPAA D O ?  HIPAA sets a national standard for accessing and handling medical information  Access to your own medical records, prior to HIPAA, was not guaranteed by federal law.  Notice of privacy practices about how your medical information is used and disclosed must now be given to you.  An accounting of disclosures

11 HIPAA 1996

12 1996 M AC

13 P OPULAR S ONG & D ANCE IN 1996

14 I N 1996  Google.com didn’t exist yet.  In January 1996 there were only 100,000 websites, compared to more than 160 million in 2008.  The web browser of choice was Netscape Navigator, followed by Microsoft Internet Explorer as a distant second (Microsoft launched IE 3 in 1996).  Most people used dial-up Internet connections

15 ARRA  February 17, 2009. ARRA Signed into Law. Also known as the “Stimulus” $ 25.8 Billion for Health IT  Increased Regulation of Organizations Contracting with Covered Entities  Covered Entities Must Carefully Monitor Disclosures of PHI  Increased Limitations on use of PHI  Increased Penalties and Enforcement Mechanisms  Breach notification and reporting requirements.

16 E VIDENCE B ASED M EDICINE  Conscientious, explicit and judicious use of current best evidence in making decisions about the care of individual patients  Use of mathematical estimates of the risk of benefit and harm, derived from high-quality research on population samples, to inform clinical decision- making in the diagnosis, investigation or management of individual patients."

17 B IG D ATA How much regulation is needed for electronic health records and systems? How much is too much? Does technology harm patients? How much risk do patients face in the era of "big data?“ Can data reach level of necessary granularity to only show minimum amount of data necessary to provide a particular treatment?

18 E XPRESS S CRIPTS H AS B IG D ATA  Provides Pharmacy Benefits to over 100 million people.  They see 1.4 billion prescriptions a year, each one of which generates adds a little more data to their pile.  They now have 100 people sorting through that information trying to detect fraud. They've got nurses and pharmacists and forensic accountants, along with a group of data nerds investigating thousands of cases of shady dealings a year.

19

20 S OME F EAR

21 W HAT IS A “B REACH ?”  A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.  There are three exceptions to the definition of “breach.” The first exception applies to the unintentional acquisition, access, or use of protected health information by a workforce member acting under the authority of a covered entity or business associate. The second exception applies to the inadvertent disclosure of protected health information from a person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule. The final exception to breach applies if the covered entity or business associate has a good faith belief that the unauthorized individual, to whom the impermissible disclosure was made, would not have been able to retain the information.

22 T AKE -A WAY  PLEASE MAKE SURE ALL STAFF ARE UTILIZING ENCRYPTION FOR TRANSMISSION OF PHI.

23 B REACHES B IG IN O MNIBUS  the nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification  the unauthorized person who used the protected health information or to whom the disclosure was made  whether the protected health information was actually acquired or viewed  the extent to which the risk to the protected health information has been mitigated

24 B REACHES S O F AR  January, 2013-First HIPAA breach settlement involving less than 500 patients (Idaho Hospice)  April 2012 HHS settles case with Phoenix Cardiac Surgery for lack of HIPAA safeguards

25 A LASKA D EPARTMENT OF H EALTH AND H UMAN S ERVICES  Settled for 1.7 million dollars.  One lost unencrypted flash drive from an employee’s car led to extensive HHS investigation.  Insufficient training and risk assessment.

26 2013 V ERIZON B REACH R EPORT  THREAT ACTORS  External 92%  Internal 14%  Partners 1%

27 T HREAT A CTIONS  Malware10%  Hacking52%  Social29%  Misuse13%  Physical35%  Error2%

28 A TTACKED ENTITIES  Financial Organizations37%  Utilities24%  Manufacturing, transportation20%  Healthcare organizations0.90%

29 B USINESS A SSOCIATE R EQUIREMENTS Extends HIPAA’s requirements, not just to business associates, but to subcontractors that handle protected health information on behalf of business associates

30 N OTICE OF P RIVACY P RACTICES  Need to revise to reflect patient’s right to receive breach notifications.

31 R EQUEST FOR R ESTRICTIONS  Specifically, covered entities must agree to restrict disclosures of protected health information about the individual if the disclosure is for payment or healthcare operations purposes, is not required by law, and the protected health information pertains solely to a healthcare item or service for which the individual, or someone on the individual's behalf other than the health plan, has paid the covered entity in full.

32 J ULIE ’ S S TORY  Real-life experience with too much data being included in an EHR.  https://www.youtube.com/watch?v=tK1KeC y5j9Q

33 L ICENSURE  Licensure involves providing a full explanation and record documenting any affirmative responses to health questions, including emotional/mental illness, chemical dependency.

34

35 J ULIE M EADOWS -K EEFE G ROSSMAN, F URLOW, AND B AYÓ 2022-2 R AYMOND D IEHL RD. T ALLAHASSEE, FL. 32308 (850) 385-1314 J. MEADOWS - KEEFE @ GFBLAWFIRM. COM THANK YOU

Download ppt "U NDERSTANDING HIPAA C OMPLIANCE I N 2014: E THICS, T ECHNOLOGY, H EALTHCARE & LIFE J ULIE M EADOWS -K EEFE G ROSSMAN, F URLOW, AND B AYÓ, LLC 2022-2 R."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health information security & compliance

Health information security & compliance

Similar presentations

Ads by Google