Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARRA/HITECH Update HIPAA COW Webinar February 23, 2010 Welcome! Everyone please mute your phone at this time by pressing *6 This session is being recorded.

Published byGervase Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "ARRA/HITECH Update HIPAA COW Webinar February 23, 2010 Welcome! Everyone please mute your phone at this time by pressing *6 This session is being recorded."— Presentation transcript:

1 ARRA/HITECH Update HIPAA COW Webinar February 23, 2010 Welcome! Everyone please mute your phone at this time by pressing *6 This session is being recorded and will begin in a few minutes. 1

2 ARRA/HITECH Update: Compliance with BAA Requirements HIPAA COW Webinar February 23, 2010 Presented By: Cathy Boerner, JD, CHC 2

3 Session to Cover: Overview of HITECH Business Associate Agreement (BAA) Provisions Strategies for BAA Compliance Review of HIPAA COW BAA Documents 3

4 Disclaimer The information provided in this presentation does not constitute legal advice and is intended to be used for guidance. If you require legal advice, please consult with an attorney. 4

5 Overview of HITECH Business Associate Agreement Provisions Feb. 17, 2009, President Obama signed the American Recovery and Reinvestment Act of 2009 (ARRA) Feb. 17, 2009, President Obama signed the American Recovery and Reinvestment Act of 2009 (ARRA) Title XIII of ARRA is Health Information Technology for Economic and Clinical Health Act (HITECH) Title XIII of ARRA is Health Information Technology for Economic and Clinical Health Act (HITECH) HITECH Subtitle D, Part 1 – Improved Privacy Provisions and Security Provisions 5

6 Overview of HITECH Business Associate Agreement Provisions The Office of Civil Rights (OCR) is developing regulations which HHS is issuing to implement provisions of the HITECH Act. It is important to keep up-to-date as the regulations come out in the Federal Register. Check the OCR What’s New website section at http://www.hhs.gov/ocr/office/news/index.h tml The Office of Civil Rights (OCR) is developing regulations which HHS is issuing to implement provisions of the HITECH Act. It is important to keep up-to-date as the regulations come out in the Federal Register. Check the OCR What’s New website section at http://www.hhs.gov/ocr/office/news/index.h tml http://www.hhs.gov/ocr/office/news/index.h tml http://www.hhs.gov/ocr/office/news/index.h tml 6

7 Overview of HITECH Business Associate Agreement Provisions HIPAA Security Provisions 13401(a) HIPAA Privacy Provisions 13404(a)(b) Enforcement 13401(b) & 13404 (c) Accounting of Disclosures 13405 (c)(3) Notification of Breaches 45 CFR 164.402- 164.412 7

8 Overview of HITECH Business Associate Agreement Provisions HITECH requires covered entities to incorporate new business associate provisions into business associate agreements. HITECH Section 13401(a) & 13404(a) of the Act (42 U.S.C. § 17931) Effective February 17, 2010 8

9 HITECH Provisions – HIPAA Security Sections 164.308, 164.310, 164.312, and 164.316 of title 45, Code of Federal Regulations, shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. Sections 164.308, 164.310, 164.312, and 164.316 of title 45, Code of Federal Regulations, shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. HITECH Section 13401(a) of the Act (42 U.S.C. § 17931) 9

10 HITECH Provisions – HIPAA Security The additional requirements of this title that relate to security and that are made applicable with respect to covered entities shall also be applicable to such a business associate and shall be incorporated into the business associate agreement between the business associate and the covered entity. The additional requirements of this title that relate to security and that are made applicable with respect to covered entities shall also be applicable to such a business associate and shall be incorporated into the business associate agreement between the business associate and the covered entity. HITECH Section 13401(a) of the Act (42 U.S.C. § 17931) 10

11 HITECH Provisions – HIPAA Security 164.308 – Administrative safeguards 164.308 – Administrative safeguards 164.310 – Physical safeguards 164.310 – Physical safeguards 164.312 – Technical safeguards 164.312 – Technical safeguards 164.316 – Policies and procedures and documentation requirements 164.316 – Policies and procedures and documentation requirements 11

12 HITECH Provisions – HIPAA Security Current Business Associate Agreement language says: Current Business Associate Agreement language says: “Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits on behalf of the covered entity as required by this subpart.” 45 CFR 164.314 “Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits on behalf of the covered entity as required by this subpart.” 45 CFR 164.314 12

13 HITECH Provisions – HIPAA Security For HITECH add: For HITECH add: …Business Associate shall document and keep these security measures current. Business Associate shall cooperate in good faith in response to any reasonable requests from Covered Entity to discuss, review, inspect, and/or audit Business Associates’ safeguards. …Business Associate shall document and keep these security measures current. Business Associate shall cooperate in good faith in response to any reasonable requests from Covered Entity to discuss, review, inspect, and/or audit Business Associates’ safeguards. 13

14 HITECH Provisions – HIPAA Privacy Sections 164.504(e) of title 45, Code of Federal Regulations, shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. Sections 164.504(e) of title 45, Code of Federal Regulations, shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. See HITECH Section 13404(a)(b) of the Act (42 U.S.C. § 17931) 14

15 HITECH Provisions – HIPAA Privacy The additional requirements of this subtitle that relate to privacy and that are made applicable with respect to covered entities shall also be applicable to such a business associate and shall be incorporated into the business associate agreement between the business associate and the covered entity. The additional requirements of this subtitle that relate to privacy and that are made applicable with respect to covered entities shall also be applicable to such a business associate and shall be incorporated into the business associate agreement between the business associate and the covered entity. HITECH Section 13404(a)(b) of the Act (42 U.S.C. § 17931) 15

16 HITECH Provisions – HIPAA Privacy 164.504(e) – Business Associate Contracts 164.504(e) – Business Associate Contracts 16

17 HITECH Provisions – HIPAA Privacy Current Business Associate Agreement language says: Current Business Associate Agreement language says: “Ensure that any agents, including a subcontractor, to whom it provides protected health information…received by the business associate, on behalf of the covered entity, agrees to the same restrictions and conditions that apply to the business associate with respect to such information;” “Ensure that any agents, including a subcontractor, to whom it provides protected health information…received by the business associate, on behalf of the covered entity, agrees to the same restrictions and conditions that apply to the business associate with respect to such information;” 17

18 HITECH Provisions – HIPAA Privacy For HITECH add: For HITECH add: “Ensure that any agents, including a subcontractor, to whom it provides protected health information…received by the business associate, on behalf of the covered entity, agrees in writing to the same restrictions and conditions that apply to the business associate with respect to such information;” “Ensure that any agents, including a subcontractor, to whom it provides protected health information…received by the business associate, on behalf of the covered entity, agrees in writing to the same restrictions and conditions that apply to the business associate with respect to such information;” 18

19 HITECH Provisions – Civil and Criminal Penalties In the case of a business associate that violates applicable provisions civil and criminal penalties shall apply to the business associate with respect to such violation in the same manner as a covered entity that violates such provision. See In the case of a business associate that violates applicable provisions civil and criminal penalties shall apply to the business associate with respect to such violation in the same manner as a covered entity that violates such provision. See HITECH Section 13401(b) of the Act (42 U.S.C. § 17931); See Section 13404 (c). 19

20 HITECH Provisions Accounting of Disclosures (HIPAA Privacy) 20

21 (HIPAA Privacy) HITECH Provisions – Accounting of Disclosures (HIPAA Privacy) BAA already state “Make available the information required to provide an accounting of disclosures in accordance with §164.528” 45 CFR §164.504(e)(2)(ii)(G) ; (See HITECH BAA already state “Make available the information required to provide an accounting of disclosures in accordance with §164.528” 45 CFR §164.504(e)(2)(ii)(G) ; (See HITECH Section 13405(c) of the Act (42 U.S.C. § 17931) 21

22 HITECH Provisions – Accounting of Disclosures HITECH added: HITECH added: 13405 (c)(1) If the covered entity uses an electronic health record then: – –The accounting of disclosures shall include those to carry out treatment, payment and health care operations – –During only the three years prior to the date on which the accounting is requested. 22

23 HITECH Provisions – Accounting of Disclosures HITECH added: HITECH added: 13405 (c)(3) In response to a request from an individual for an accounting, a covered entity shall elect to provide either an— In response to a request from an individual for an accounting, a covered entity shall elect to provide either an— ‘‘(A) accounting, as specified under paragraph (1), for disclosures of protected health information that are made by such covered entity and by a business associate acting on behalf of the covered entity; or ‘‘(A) accounting, as specified under paragraph (1), for disclosures of protected health information that are made by such covered entity and by a business associate acting on behalf of the covered entity; or 23

24 HITECH Provisions – Accounting of Disclosures 13405(c)(3) ‘‘(B) accounting, as specified under paragraph (1), for disclosures that are made by such covered entity and provide a list of all business associates acting on behalf of the covered entity, including contact information for such associates (such as mailing address, phone, and email address). disclosures that are made by such covered entity and provide a list of all business associates acting on behalf of the covered entity, including contact information for such associates (such as mailing address, phone, and email address). A business associate included on a list under subparagraph (B) shall provide an accounting of disclosures (as required under paragraph (1) for a covered entity) made by the business associate upon a request made by an individual directly to the business associate for such an accounting.” A business associate included on a list under subparagraph (B) shall provide an accounting of disclosures (as required under paragraph (1) for a covered entity) made by the business associate upon a request made by an individual directly to the business associate for such an accounting.” 24

25 HITECH Provisions Business Associates Breach Notification 25

26 Notification of Covered Entity by Business Associate HITECH Provisions – Notification of Covered Entity by Business Associate A business associate of a covered entity that accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses, or discloses unsecured protected health information shall, following the discovery of a breach of such information, notify the covered entity of such breach. A business associate of a covered entity that accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses, or discloses unsecured protected health information shall, following the discovery of a breach of such information, notify the covered entity of such breach. HITECH Section 13402(b) of the Act (42 U.S.C. § 17931); 45 CFR §164.410(a)(1) – Notification by a business associate. 26

27 Notification of Covered Entity by Business Associate HITECH Provisions - Notification of Covered Entity by Business Associate Such notice shall include the identification of each individual whose unsecured protected health information has been, or is reasonably believed by the business associate to have been, accessed, acquired, or disclosed during such breach. See HITECH Such notice shall include the identification of each individual whose unsecured protected health information has been, or is reasonably believed by the business associate to have been, accessed, acquired, or disclosed during such breach. See HITECH Section 13402(b) of the Act (42 U.S.C. § 17931) 27

28 Notification of Covered Entity by Business Associate HITECH Provisions - Notification of Covered Entity by Business Associate Breaches treated as discovered. Breaches treated as discovered. “A breach shall be treated as discovered by a business associate as of the first day on which such breach is known to the business associate or, by exercising reasonable diligence, would have been known to the business associate.” “A breach shall be treated as discovered by a business associate as of the first day on which such breach is known to the business associate or, by exercising reasonable diligence, would have been known to the business associate.” 45 CFR 164.410(a) (2) 28

29 Notification of Covered Entity by Business Associate HITECH Provisions - Notification of Covered Entity by Business Associate Breaches treated as discovered. Breaches treated as discovered. “A business associate shall be deemed to have knowledge of a breach if the breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is an employee, officer, or other agent of the business associate (determined in accordance with the federal common law of agency).” “A business associate shall be deemed to have knowledge of a breach if the breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is an employee, officer, or other agent of the business associate (determined in accordance with the federal common law of agency).” 45 CFR 164.410(a) (2) 29

30 Notification of Covered Entity by Business Associate HITECH Provisions - Notification of Covered Entity by Business Associate Timeliness of notification. Timeliness of notification. Except as provided in §164.412 [Law Enforcement Exception], a business associate shall provide the notification required by paragraph (a) of this section without unreasonable delay and in no case later than 60 calendar days after discovery of a breach. Except as provided in §164.412 [Law Enforcement Exception], a business associate shall provide the notification required by paragraph (a) of this section without unreasonable delay and in no case later than 60 calendar days after discovery of a breach. 45 CFR 164.410(b) 30

31 Notification of Covered Entity by Business Associate HITECH Provisions - Notification of Covered Entity by Business Associate Content of notification. Content of notification. The notification required shall include, to the extent possible, the identification of each individual whose unsecured protected health information has been, or is reasonably believed by the business associate to have been, accessed, acquired, used, or disclosed during the breach. The notification required shall include, to the extent possible, the identification of each individual whose unsecured protected health information has been, or is reasonably believed by the business associate to have been, accessed, acquired, used, or disclosed during the breach. 45 CFR 164.410(c)(1) 31

32 Notification of Covered Entity by Business Associate HITECH Provisions - Notification of Covered Entity by Business Associate Content of notification. Content of notification. A business associate shall provide the covered entity with any other available information that the covered entity is required to include in notification to the individual under §164.404(c) at the time of the notification required by paragraph (a) of this section or promptly thereafter as information becomes. A business associate shall provide the covered entity with any other available information that the covered entity is required to include in notification to the individual under §164.404(c) at the time of the notification required by paragraph (a) of this section or promptly thereafter as information becomes. 45 CFR 164.410(c)(2) 32

33 Review of HIPAA COW BAA Documents - Addendum Current Business Associate Agreement language says: Current Business Associate Agreement language says: –“Report to the covered entity any security incident of which it becomes aware;” 45 CFR 314(a)(2)(i)(C) –“Report to the covered entity any use or disclosure of the information not provided for by its contract of which it becomes aware;” 45 CFR 504(e)(2)(ii)(C) HIPAA COW Sample BAA includes all three - Reporting of an Incident/Breach, Unauthorized Disclosures or Misuse of PHI (occurrence) Section 33

34 Strategies for BAA Compliance Update your Business Associate Agreements Send existing Business Associates new agreements or letter informing them of updates Emphasize your Breach Notification process with your Business Associates and consider providing a notification form Read the regulations when they are published 34

35 HIPAA COW Resources BUSINESS ASSOCIATE AGREEMENT TEMPLATE INCLUDING HITECH ACT REQUIREMENTS & BUSINESS ASSOCIATE NOTIFICATION LETTER (Updated 1/12/2010) www.hipaacow.org 35

36 Review of HIPAA COW BAA Documents Sample Business Associate Notification Letter 36

37 Review of HIPAA COW BAA Documents - Addendum Definition Section (1) – –Breach – –Electronic Health Record – –Unsecured Protected Health Information Safeguarding of PHI Section (6 & Exhibit) Subcontractors and Agents (7) Reporting of an Incident/Breach, Unauthorized Disclosures or Misuse of PHI (occurrence) Section (11) Tracking of Accounting of Disclosures Section (14 D, E & F) 37

38 Contact Information Catherine Boerner, JD, CHC President (414) 427-8263 cboerner@boernerconsultingllc.com 38

39 Implementing Breach Notification – Lessons Learned HIPAA COW Webinar February 23, 2010 Presented By: Nancy Davis 39

40 Session to Cover: Overview of HITECH Breach Notification Provisions Strategies for Breach Notification Compliance Review of HIPAA COW Breach Notification Tools Case Examples 40

41 Disclaimer The information provided in this presentation does not constitute legal advice and is intended to be used for guidance. If you require legal advice, please consult with an attorney. 41

42 HITECH Provisions Require Covered Entities to Notify Individuals of a Breach as Well as HHS “without reasonable delay” or within 60 days – –All Breaches (<500) to be Reported to Secretary of DHS on Annual Basis – Year End Further Notification Requirements if > 500 Individuals Involved (Media Outlets) Requirements for Business Associates to Notify Covered Entity of Breach 42

43 What is a Breach? “Unauthorized acquisition, access, use, or disclosure of unsecured patient protected health information (PHI) which compro- mises the privacy, security, or integrity of the PHI. 43

44 Analysis of Breach Was the PHI Unsecured? Was the HIPAA Privacy Rule Violated? Does the breach pose a significant risk of financial, reputational, or other harm to the individual? If “Yes” to the Above, has the Risk been Mitigated? 44

45 Risk Assessment To determine if an impermissible use or disclosure of PHI constitutes a breach, the organization will need to perform a risk assessment to determine if there is significant risk of harm to the individual. The risk assessment shall be fact specific and shall address: – –Consideration of who impermissibly used or to whom the information was impermissibly disclosed. – –The type and amount of PHI involved. – –The potential for significant risk of financial, reputational, or other harm. 45

46 Strategies for Breach Notification Compliance Have a Policy in Place Have a Policy in Place Educate Staff on Policy Educate Staff on Policy Develop Relevant Forms/Data Bases Develop Relevant Forms/Data Bases –Incident Report –Breach Log –Letter Template 46

47 Breach Investigation Report Incident Report Build in Risk Assessment Questions Use to Supplement Log Information 47

48 Breach Log Maintain a process to record or log all breaches of unsecured PHI regardless of the number of patients affected. The following information should be collected/logged: – –A description of what happened, including the date of the breach, the date of the discovery of the breach, and the number of patients affected, if known. – –A description of the types of unsecured protected health information that were involved in the breach (such as full name, Social Security number, date of birth, home address, account number, etc.). – –A description of the action taken with regard to notification of patients regarding the breach. 48

49 Business Associate Responsibilities The business associate (BA) of the organization shall, without unreasonable delay and in no case later than 60 calendar days after discovery of a breach, notify the organization of such breach. Notice shall include the identification of each individual whose unsecured PHI has been, or is reasonably believed by the business associate to have been, accessed, acquired, or disclosed during such breach. Business associate responsibility under ARRA/HITECH for breach notification should be included in the organization’s business associate agreement (BAA) with the associate. 49

50 HIPAA COW Resource BREACH NOTIFICATION POLICY PROTECTED HEALTH INFORMATION POLICY www.hipaacow.org 50

51 Breach Notification Policy Background Definitions Attachments Policy Statements Applicable Federal and State Regulations 51

52 Attachments Examples of Breaches of Unsecured Protected Health Information Breach Penalties Sample Notification Letter to Patients Sample Notification Letter to Secretary of Health & Human Services Sample Media Notification Statement/Release Sample Talking Points Sample Breach Notification Log 52

53 Lessons Learned Workforce Awareness and Education – –Change in “Stakes” – –Snooping = Breach – –Social Media Develop and Maintain Breach Log that is Compatible with CMS Reporting Site 53

54 Lessons Learned - Continued Risk Assessment – Harm? Role of Business Associate Letter Template – –Requires Customization by Case 54

55 Lessons Learned - Continued Over 500 – –Know Resources Legal Support Public Relations Support Insurance Coverage/Issues Forensic Analysts Credit Card Monitoring Services 55

56 Lessons Learned - Continued Increase in Reporting of Breaches Increase in Investigations Increase in Documentation Requirements Increase in Overall Workload! 56

57 Case Study #1 A hospital accidentally faxes lab results to another hospital. Is this a breach? 57

58 Answer – Case Study #1 Probably not. While a violation of the HIPAA Privacy Rule, the disclosure would probably not compromise the patient’s privacy or security and thus not cause harm as the fax was received by another covered entity subject to HIPAA. 58

59 Case Study #2 A clinic accidentally faxes lab results to a public utility company instead of the provider it was intended for. Is this a breach? 59

60 Answer – Case Study #2 Yes. The HIPAA Privacy Rule was violated and the patient could suffer harm to his or her reputation based on the content of the fax. 60

61 Case #3 A provider’s laptop was stolen and it was determined that he had downloaded files on fifty patients to his hard-drive. The laptop was recovered by law enforcement and a forensic analysis determined that the laptop was not opened, altered or accessed. Is this a breach? 61

62 Answer – Case Study #3 No. The HIPAA Privacy Rule was violated, but the PHI was not compromised. There was no significant risk of reputational or financial harm to the patient. 62

63 Case #4 The privacy officer is notified by the patient that his son received the EOB for his (the father’s) recent ED encounter. Both individuals have exactly the same name with no Jr. or Sr. as a suffix. Is this a breach? 63

64 Answer – Case Study #4 The HIPAA Privacy Rule was violated but… – –Was there financial, reputational, or other harm to the individual? Depends – This will be based on how the patient expresses his concern? 64

65 Case #5 During the course of a random access audit, it is determined that one of organization’s workforce members has accessed family member records, including: – –10 y/o minor son – –17 y/o minor daughter – –42 y/o husband (required SSN to fill out open enrollment dental forms) Is this a breach? 65

66 Answer – Case Study #5 Access to minors’ records not a HIPAA violation, but may be a violation of organizational policy (may further be complicated by care the 17 y/o was receiving). Access to husband’s record a violation of HIPAA, but was there harm? 66

67 Questions 67

68 Is it a reportable breach when the patient is the one who notifies the organization of the unauthorized disclosure and there is no further need for notification on the part of the organization (other than a letter of acknowledgement and apology)? 68

69 How do you best determine harm? – –Does the patient’s reaction to the unauthorized disclosure impact determine status of “harm?” 69

70 Rogue Employees – Violate policies despite…. Criminal background checks Orientation, training, education Signed confidentiality agreements Established sanctions/corrective action process How does the organization protect itself? 70

71 Snooping – Identified through auditing processes… Snooping – Identified through auditing processes… –How do you disclose the results to the patients? –Do you include the name of the individual(s) found snooping? 71

72 With an inadvertent disclosure to the wrong recipient, how much assurance /proof do you need that something was discarded before it was opened, that copies have not been made, etc? Submitted by S. Coyne 72

73 Should access audits automatically be run on the EMR when a celebrity is admitted as an inpatient? When a fellow employee is admitted as an inpatient? Submitted by S. Coyne 73

74 In a shared record environment, how much say should one entity have about how the employees of another entity are sanctioned for breach? Submitted by S. Coyne 74

75 It seems clear that one way to avoid the willful level of penalty is to evidence full compliance with all new HITECH parameters - what are people doing with regard to training - who should attend, what topics should be covered? Submitted by S. Coyne 75

76 If a laptop is stolen and the laptop has a log- in process where you'd have to know a password to even get at the icons/start menu, how far does that get you down the road to "secured" - (probably not very far). How far does that get you in terms of reduced risk of harm? Submitted by S. Coyne 76

77 How are people operationally implementing safeguards where a patient requests a restriction of PHI flowing to payers for services paid out of pocket and ensuring that breaches (in the form of sending the information anyway) do not occur? If we sent the information anyway, presumably, that would require notification? Submitted by S. Coyne 77

78 Contact Information Nancy Davis, Director of Privacy/Security Officer Ministry Health Care Nancy.Davis@ministryhealth.org 78

Download ppt "ARRA/HITECH Update HIPAA COW Webinar February 23, 2010 Welcome! Everyone please mute your phone at this time by pressing *6 This session is being recorded."

Similar presentations

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.

Similar presentations

Ads by Google