We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKarly Abney
Modified over 2 years ago
1 The Ethics of a Practicing Therapist PAMFT Membership Conference April 11, 2014 Renee H. Martin, JD, RN, MSN Rhoades & Sinon, LLP 29 Dowlin Forge Road Exton, PA 19341 Tel.: (610) 423-4200 Fax: (610) 423-4201 E-mail: firstname.lastname@example.org@rhoads-sinon.com 941943.2
2 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Outline Minors’ Rights Courts/Subpoenas Electronic/Social Media HIPAA.
3 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Adolescent Rights Consent to release of mental health records of all purposes and in all circumstances other than those provided in this section shall be subject to the provisions of the “Mental Health Procedures Act,” and other applicable federal and state statutes and regulations.. Privacy, Confidentiality, Ethical Duties and Disclosure
4 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Adolescent Rights Generally the minor shall control the release of the minor’s mental health treatment records and information to the extent allowed by law.. Privacy, Confidentiality, Ethical Duties and Disclosure
5 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Adolescent Rights When a minor has provided consent to outpatient mental health treatment (records related to prior treatment consented to by minor), the minor shall control the records of treatment to the same extent as the minor would control the records of inpatient care or involuntary outpatient care under the “Mental Health Procedures Act” and its regulations.. Privacy, Confidentiality, Ethical Duties and Disclosure
6 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Limited Rights of P/LG When a parent or legal guardian (“P/LG”) has consented to treatment of a minor fourteen years of age or older Outpatient Treatment, the following shall apply to the release of the minor’s records and information:. Privacy, Confidentiality, Ethical Duties and Disclosure
7 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Limited Rights of P/LG “The P/LG may consent to release of the minor’s medical records and information, including records of prior mental health treatment for which the PL/G had provided consent, to the minor’s current mental health care treatment provider.”. Privacy, Confidentiality, Ethical Duties and Disclosure
8 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Limited Rights of P/LG If deemed pertinent by the minor’s current mental health treatment provider, the release of information under this subsection may include a minor’s mental health records and information from prior mental health treatment for which the minor had provided consent to treatment.. Privacy, Confidentiality, Ethical Duties and Disclosure
9 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Limited Rights of P/LG “The P/LG may consent to the release of the minor’s mental health records and information to the primary care provider if, in the judgment of the minor’s current mental health treatment provider, such release would not be detrimental to the minor.”. Privacy, Confidentiality, Ethical Duties and Disclosure
10 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Limited Rights of P/LG Release of mental health records and information shall be limited to release directly from one provider of mental health treatment to another or from the provider of mental health treatment to the primary care provider.. Privacy, Confidentiality, Ethical Duties and Disclosure
11 © 2014 Rhoads & Sinon LLP. All Rights Reserved. ACT 147: Limited Rights of P/LG The P/LG who is providing consent to outpatient mental health treatment of a minor (14+) shall have the right to: information necessary for providing consent; symptoms; conditions to be treated; medications; other treatments; risks and benefits; expected results.. Privacy, Confidentiality, Ethical Duties and Disclosure
12 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Confidentiality of Mental Health Treatment Records §5100.25 Release to Courts No release of records in response to a Subpoena or other Court discovery proceedings without patient consent or an additional court order Duty to Inform Court Inform client/patient’s attorney Defense counsel for Provider may review records; minimum necessary applies Employees are to be informed; violations include civil and criminal liability. Privacy, Confidentiality, Ethical Duties and Disclosure
13 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Court Orders Issues by a Judge Increased duty to respond Search warrant (magistrate). Privacy, Confidentiality, Ethical Duties and Disclosure
14 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Ethical Duties and Social Media and e-mail Provider-Patient Relationship Explaining the Limits of Confidentiality Social Media and Private Practice Use of e-mail. Privacy, Confidentiality, Ethical Duties and Disclosure
15 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Social Media refers broadly to Web-based tools that allow individuals to communicate quickly, easily and broadly.. Privacy, Confidentiality, Ethical Duties and Disclosure Email Facebook Twitter LinkedIn Blogs You Tube Health sites
16 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Confidentiality and Social Media When is the Provider-Patient Relationship created? Contractual: implied by the actions of the parties in seeking and providing advice and care Use of email. Privacy, Confidentiality, Ethical Duties and Disclosure
17 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Privacy, Confidentiality, Ethical Duties and Disclosure Principle II: Confidentiality 1.13 Electronic Therapy (AAMFT Code of Ethics) 2.4 Protection of Records. Marriage and family therapists store, safeguard, and dispose of client records in ways that maintain confidentiality and in accord with applicable laws and professional stands. 2.7 Protection of Electronic Information. When using electronic methods for communication, billing, recordkeeping, or other elements of client care, marriage and family therapists ensure that their electronic data storage and communications are privacy protected consistent with all applicable law..
18 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Social Media Guidelines & Recommendations Professional Liability Policies should remind employees and staff that online communications are not private and may be discoverable in litigation. Policies should clearly define the parameters of the relationships between healthcare professionals and other social media users. Professionals should be aware of the pros and cons of making patients their Facebook “friends”. Distinguish between personal/social relationships versus doctor/patient relationships. Be aware of risks of “practicing medicine online” It is generally unwise to establish therapist/patient relationships online. 18
19 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Social Media Guidelines & Recommendations 19 Professionals should monitor their social media/networking sites regularly. Consider adding broad disclaimers such as a statement that your organization does not give medical advice via your website or social media sites and that users seeking specific medical advice should contact a physician or contact 911 in the event of an emergency.
20 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Policies – Can They Help? Be Proactive Not Reactive Even if your employees don’t use or access computers at work, they most likely do at home – and may be talking about work. Nearly every employer in every work environment should consider how social media could impact their workforce or company. What steps should be taken now to avoid problems down the road. 20
21 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Issues To Consider in Developing a Social Media Policy Whose job will it be to monitor violations? Who will monitor your social media activity? Use automated resources such as Google Alerts or have IT sources assist you to determine other resources available to monitor social media activity that may be impacting your company. How will you discipline violators – consistently? 21
22 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Issues To Consider After Developing a Social Media Policy Be careful about disciplining employees who engage in concerted activity, report illegal activities and exercise freedom of speech. Consider training employees regarding the social media policy and areas such as privacy, trade secret infringement, etc. Re-evaluate on a regular basis. Social media is developing and changing quickly. Your attitudes and expectations regarding social media will likely change overtime – be sure your policies keep up. 22
23 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Confidentiality and Social Media American Health Information Management Association (“AHIMA”) American Medical Association Ethical Guidelines (AMA) American Psychological Association Ethical Principles (APA) Marriage and Family Therapists (Regulations and AAMFC Code of Ethics). Privacy, Confidentiality, Ethical Duties and Disclosure
24 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Questions to Consider with Social Media/E-mail Is it necessary to use e-mail? Is there another equally safe way to send information? Is the disclosure necessary? Does the disclosure affect my other obligations? Should it be encrypted? How do I dispose of it? Is it part of the clinical record?. Privacy, Confidentiality, Ethical Duties and Disclosure
25 © 2014 Rhoads & Sinon LLP. All Rights Reserved. HIPAA.
26 © 2014 Rhoads & Sinon LLP. All Rights Reserved. History of HIPAA 1996- HIPAA enacted 1999-2000- Initial Privacy & Security Regulations Issued 2002- Final Privacy Rules Issued 2005- Final Security Rules Issue 2009- HITECH ACT – Interim Final Rule-Breach Notification 2010- Enforcement Rules Published 2013- HIPAA Final Omnibus Rule.
27 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Who is covered under HIPAA?.
28 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Who Is Subject to HIPAA? Covered Entities (direct) Health plans: insurance companies; HMO Health care clearing houses (process nonstandard data elements into standard data elements) Health care providers who transmit any health information in electronic form in connection with a covered transaction Business Associates Receive PHI from covered entity Perform a function on its behalf.
29 © 2014 Rhoads & Sinon LLP. All Rights Reserved. What is a Business Associate? A person who, on behalf of a covered entity - - Performs or assists with a function or activity involving Individually Identifiable Information Performs certain identified services.
30 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Business Associate. Auditors Lawyers Actuaries Clearing Houses Management Firms Covered Entity Billing Firms Other Covered Entities TPAs Consultants Vendors Accreditation Organizations
31 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Third Parties and Business Associate? Covered entities may disclose PHI to a business associate As necessary to permit the business associate to perform functions and activities on behalf of the covered entity Business associate cannot use PHI for its own purposes.
32 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Individually Identifiable Health Information (IIHI) Health information including demographics that: Is created or received by a health care provider, health plan, or health care clearing house and Related to the past, present or future physical or mental health or condition; the provision of health care; or the past, present or future payment for the provision of health care to an individual that Identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual..
33 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Protected Health Information (PHI) Individually identifiable health information that is: Transmitted by electronic media Maintained in any electronic media Transmitted or maintained in any other form (including oral or written PHI).
34 © 2014 Rhoads & Sinon LLP. All Rights Reserved. PHI and the Medical Record The HIPAA Privacy Rule defines a Designated record set as follows: (1) A group of records maintained by or for a covered entity that is: The medical records and billing records about individuals maintained by or for a covered health care provider; Used, in whole or in part, by or for the covered entity to make decisions about individuals. (2) the term record means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity..
35 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Privacy Rule Summary A covered entity may not use or disclose PHI except: After is gives written Notice about its health information practices to the individual In accordance with an individual’s written authorization* When requested by the Department of Health and Human Services Office of Civil rights Note: MFT Rules of Ethics require authorization from individual in “unit” to permit disclosures..
36 © 2014 Rhoads & Sinon LLP. All Rights Reserved. General Rule: Required Disclosure To individual upon individual’s request; some exceptions apply To HHS in connection with its enforcement and compliance review actions.
37 © 2014 Rhoads & Sinon LLP. All Rights Reserved. General Rule: Permitted Disclosures Notice of Privacy Practices: Treatment, Payment, Health Care Operations Authorization – always noted legal mandated exception Statutory/Regulatory Disclosures (Duty to Warn, etc.).
38 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Scope of the Omnibus Rule Revised breach notification standard Patient access to information contained in an electronic health record (right already granted to paper records) Regulation of business associates (“BAs”) and subcontractors Prohibition on “sale” of PHI without authorization
39 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Privacy, Confidentiality and Disclosure HIPAA Permitted Disclosures to Avert Serious Threat to Health and Safety (§164.512(j)) 1. A covered entity may, consistent with applicable law and standards of ethical conduct, use or disclose protected health information, if the covered entity, in good faith, believes the use or disclosure (emphasis added): Is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and It to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat;.
40 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Privacy, Confidentiality and Disclosure HIPAA Permitted Disclosures to Avert Serious Threat to Health and Safety (§164.512(j)) Is necessary for law enforcement authorities to identify or apprehend an individual: Because of a statement by an individual admitting participation in a violent crime that the covered entity reasonably believes may have caused serious physical harm to the victim; or Where it appears from all the circumstances that the individual has escaped from a correctional institution or from lawful custody.
41 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Privacy, Confidentiality and Disclosure HIPAA Permitted Disclosures to Avert Serious Threat to Health and Safety (§164.512(j)) Use or disclosure not permitted if the information described in this section is learned by the CE In the course of treatment to affect the propensity to commit the criminal conduct that is the basis for the disclosure…[during], or counseling or therapy; or Through a request by the individual to initiate or to be referred for the treatment, counseling, or therapy….
42 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Privacy, Confidentiality and Disclosure HIPAA Permitted Disclosures to Avert Serious Threat to Health and Safety (§164.512(j)) Limit on information that may be disclosed. Presumption of good faith belief..
43 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Scope of the Omnibus Rule Patients’ right to restrict data sharing with payers Requirements to modify and redistribute NPP Clarifies and strengthen OCRs role in enforcement, imposition of civil monetary penalties (CMPs) and CMP liability for acts of Business Associates and subcontractors
44 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Duty to Notify in Case of Breach HITECH Act: Required Notification of Breach of “Unsecured PHI” What is a “breach”? “the unauthorized acquisition, access, use, or disclosure of PHI in a manner not permitted by the Privacy Rule and which compromises the security or privacy of the PHI” If definition is met, notification is required *Applies to both electronic and hard copy information*
45 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Duty to Notify in Case of Breach What is NOT a “breach”? Determined by: 1. Definition of “breach” 2. Exceptions to definition of a breach
46 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Not a Breach by Definition Unintentional acquisition, access or use of PHI by a workforce member or person acting under the authority of a Covered Entity (CE) or Business Associate (BA) if the acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted
47 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Not a Breach by Definition Applies only to “Unsecured PHI”: If CEs and BAs apply the technologies and methodologies specified in the April 17, 2009 Guidance for PHI, the PHI is “secure” and no notice required. Per the Guidance, “Secure PHI” is PHI that is rendered unusable, unreadable or indecipherable to unauthorized individuals (i.e., encrypted or destroyed as detailed in the exhaustive list of technologies and methodologies)
48 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Omnibus Rule Breach Notification Standard An impermissible use or disclosure of PHI is presumed to be a breach unless the covered entity or business associate demonstrates there is low probability that the PHI has been “compromised” Determining whether or not there is a low probability data has been “compromised” requires analysis of what happened (or may have happened) to the data Focus now switched to what happened to PHI?
49 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Breach Notification – Risk Assessment CE/BA should perform risk assessment post-breach discovery and must consider at least the following: Nature and extent of PHI involved, including types of identifiers and likelihood of re-identification Who was the recipient of the PHI Was the PHI actually acquired or viewed The extent to which the risk to misuse of the PHI has been mitigated
50 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Breach Notification – Burden of Proof If no risk assessment performed, the default is notification Burden of demonstrating low probability that PHI is compromised is on the CE/BA Decision not to notify must be documented in case of review
51 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Breach Notification – Obligations to Notify CEs must notify individuals (although can delegate this to BAs) BAs must notify CEs Subcontractors must be obligated to notify their contracting partner so the information can go back up the chain
52 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Breach Notification – Examples of Risk Analysis Criteria Likelihood of identification or re-identification: A list of client names on letterhead – not low probability Client discharge data, client not specified – can clients be re- identified? – could be low probability (depends on the circumstances) Who is the unauthorized recipient: A HIPAA covered entity – low probability, as long as you have evidence the risk has been mitigated PHI actually acquired or viewed: Untampered with laptop – low probability Information mailed to wrong person – not low probability Issue then is of course, risk of harm Has improper use been mitigated Satisfactory assurances of destruction from a known person – low probability
53 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Right to Request Restrictions to Payors The general rule is that a CE is not required to accept restrictions on the use and disclosure of PHI. Final Rule created an exception, and requires a CE to agree to a restriction if: the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and the PHI pertains solely to a health care item or service for which the individual, or person other than the health plan on behalf of the individual, has paid the CE in full.
54 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Individual Right to Access PHI HIPAA currently requires, with limited exceptions, that individuals have a right to review or obtain copies of their PHI to the extent such information is maintained in a designated record set. The Final Rule made significant changes to the individual’s right to access their PHI.
55 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Patient Access to Electronic Health Information If PHI held electronically, individual entitled to an electronic copy if in a “designated record set” (not just the information in an “EHR”) Must be in the format requested if “readily producible”; if not, in a readable electronic form and format agreed upon by the entity and the individual Note required to buy new software to do this – but must have capability to provide some electronic copy If individual declines to accept electronic formats entity makes available, can default to hard copy Not required to accept patient’s device – but can’t require individuals to purchase a device from you if they don’t want to
56 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Patient Access – Reasonable Safeguards Must have reasonable safeguards in place to protect transmission of ePHI – but… If an individual wants information by unencrypted e-mail, entity can send if they advise the individual that such transmission is risky Can’t force individuals to accept unsecure Not them responsible for breach – document individual acknowledgement of risk Omnibus allows 30 days to produce with one, 30 day extension for a total of 60 days-OCR urges entities to make information available sooner when possible If over 30 days must notify patient in writing and inform why extension is needed
57 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Patient Access – Third Parties Individuals can have the copy directed to another person/entity – but the choice must be in writing and clearly identify the individual/entity Information must be protected and entity must implement reasonable policies and procedures to sending to the right place (e.g., type e-mail correctly) “In writing” can be electronic Fees charged are restricted to labor costs for copying – cannot include cost of retrieval, or portion of capital costs Charge can include supplies provided to individual upon request
58 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Business Associates/Subcontractors Omnibus rule conforms HIPAA regulations to HITECH Act changes Before HITECH, BAs regulated through business associate contracts or agreements (“BAAs”) After HITECH, BAs and subcontractors are regulated directly under HIPAA Must comply with Security Rule (rule is flexible to accommodate small BAs) Must comply with some of Privacy Rule and provisions of BAA Still need BAA Agreement
59 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Notice of Privacy Practices (NPP) NPPs must include: Statements regarding certain uses and disclosures requiring authorization – e.g., psychotherapy notes (where appropriate), marketing, sales of PHI, right to restrict disclosures to health plans (provider only), and right to be notified of breach; and General statement that all uses and disclosures not described in NPP also require authorization New patients get revised by 9/23/13, other patients as they come in to be seen
60 © 2014 Rhoads & Sinon LLP. All Rights Reserved. What the OCR says about Enforcement “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a client’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.” Director OCR Leon Rodriguez
61 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Enforcement Rule – BAs, Investigations, Reviews Civil monetary penalties (CMPs) can be assessed directly to business associates Complaint investigations and compliance reviews Required whenever there is evidence of a possible HIPAA violation due to willful neglect Discretionary in the absence of possible willful neglect Every complaint will be investigated preliminarily Secretary has discretion to move directly to imposition of CMPs without informal resolution
62 © 2014 Rhoads & Sinon LLP. All Rights Reserved. Enforcement - Coordination Secretary may disclose PHI to another agency on request Coordination of Department of Justice and FTC (http://www.hhs.gov.ocr/enforcement)http://www.hhs.gov.ocr/enforcement Coordination with State Attorneys General to assist with their direct enforcement
HIPAA Omnibus Rule of 2013 POSA August 29, 2013 Renee H. Martin, JD, RN, MSN Tsoules, Sweeney, Martin & Orr, LLC 29 Dowlin Forge Road Exton, PA Tel.:
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by? The Affordable Care Act Health Insurance companies United States Congress United States.
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
Confidentiality and HIPAA
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
What You Don’t Know Can Cost You HIPAA in a HITECH World Alaina N. Crislip, Esq. October 10, 2013.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
W W W. L E C L A I R R Y A N. C O M Revisiting the PHI Breach Under HIPAA and HITECH and Considerations for Ophthalmologists Neil H. Ekblom, Esq. 885 Third.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA Health Insurance Portability & Accountability Act of 1996.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
Introduction PHI Rights Protecting PHI Investigating & Reporting HIPAA Training Shelly Vrsek Director of Quality Privacy Officer.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Rhonda Anderson, RHIA, President …is a PROCESS, not a PROJECT 2.
Established in 1996 to enforce standards for electronic health information & enhance the security and privacy of health information.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Overview of the Omnibus Final HIPAA Rule Kohler HealthCare Consulting, Inc. Deanna Turner
Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HITECH Act and HIPAA: Important Compliance Update Susan E. Ziel Gerald “Jud” DeLoss.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAAand Disaster Situations By LYNDA M. JOHNSON Friday, Eldredge & Clark.
HIPAA Privacy Rule Training
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Health Insurance Portability & Accountability Act (HIPAA)
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
HIPAA Basics November 1, 2014.
© 2017 SlidePlayer.com Inc. All rights reserved.