Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Published byTeresa Logan Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176."— Presentation transcript:

1 Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176

2 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP

3 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results – 85% of Companies Surveyed Experienced a Data Breach

4 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results – 42% of data breaches were caused by missing devices such as laptop computers

5 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results - 57% did not have an incident response plan in place when the breach happened

6 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results – Breaches May Impact IT Spending

7 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Federal Regulation of Privacy Rights º HIPAA º GLBA º COPPA º Electronic Communications Privacy Act º Privacy Act and Computer Matching & Privacy Protection Act º Computer Fraud and Abuse Act

8 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP HIPAA Privacy Rule º Purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected health information may be used or disclosed by a covered entity. º All individually identifiable health information held or transmitted by a covered entity or its business associates is protected health information. º A covered entity must obtain the individual’s written authorization for any use or disclosure of information that is not for treatment, payment or health care operations, or otherwise permitted or required by the Privacy Rule. º Each covered entity must provide a notice of its privacy practices.

9 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP HIPAA Privacy Breach Notification º In the event of a data breach, a covered entity has a duty to: Mitigate impermissible uses and disclosures; and Account for impermissible uses and disclosures. º A business associate must report any breach to the covered entity. º A business associate has no obligation to notify others or mitigate the effect of the breach.

10 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP HIPAA Security Requirements º Designate a privacy official who is responsible for developing and implementing policies and procedures º Train all members of the workforce on policies and procedures related to protected health information º Implement appropriate administrative, technical and physical safeguards to protect against the intentional or unintentional use or disclosure in violation of HIPAA º No waiver of rights º Implement policies and procedures that are reasonably designed to ensure compliance º Retain documents and prepare reports to regulators demonstrating compliance

11 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Understanding State Breach Notification Laws º Forty-five jurisdictions have data breach notification statutes (forty-four states and DC) º Definition of Personal Information º Exemption for Encrypted Personal Information º Criminal Investigation or Government Entity Exemption º Immaterial Information Exemption

12 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Definition of Personal Information º First name or first initial and last name, along with one of the following unencrypted pieces of information: social security number; driver’s license number or state identification number; or account number, credit card number, or debit card number, combined with any password, security code, or access code.

13 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Exemptions for Encryption º Many states, like California, exclude encrypted information from the definition of a security breach. º Other states have an express exemption for encrypted information. º Encryption means an algorithmic process to transform data into a form in which the data is rendered unreadable or unusable without use of a confidential process or key. º Exemption does not apply if the security breach also involves the encryption key.

14 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Criminal Investigation Exemption º Breach notification may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. º The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation.

15 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Alaska’s Data Breach Notification Law º Notification required in the most expeditious time possible and without unreasonable delay º Exemption for encrypted data º Suspension of duty to notify during ongoing criminal investigation º Specific exemption for immaterial breaches º Civil penalties for failure or unreasonable delay of notification º Private right of action

16 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP

17 Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Contact Information Robert J. Scott Scott & Scott, LLP 2200 Ross Avenue, Suite 5350E Dallas, Texas 75201 Phone: 214-999-0080 Fax: 214-999-0333 rjscott@scottandscottllp.com

Download ppt "Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176."

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.

HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Similar presentations

Ads by Google