Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Slides:

Advertisements

Similar presentations

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics November 1, 2014.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Breach SHOULD Be a Four Letter Word HIPAA Omnibus.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

1 HIPAA Privacy and Security Cindy Cummings, RHIT.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 TECO ENERGY, INC. HIPAA PRIVACY AND SECURITY REQUIREMENTS April 29, 2014 Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

 July 10, 2013 Richard D. Sanders T HE S ANDERS L AW F IRM, P.C. 7 Piedmont Center, Suite Piedmont Road Atlanta, Georgia (404)

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Regulations What do you need to know?.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.

Health Insurance Portability & Accountability Act (HIPAA)

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

OCR HITECH Enforcement Tips: Prevent, Detect and Quickly Correct HIPAA COW 2010 Spring Conference Privacy/Security Session 1 HIPAA Privacy Best Practices:

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

Security Breach Notification © 2009 Fox Rothschild A Webinar for the Medical Society of New Jersey October 28, 2009 Presented by Helen Oscislawski, Esq.

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

American Recovery and Reinvestment Act of 2009

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Implementing and Enforcing the HIPAA Privacy Rule.

Office of the Secretary Office for Civil Rights (OCR) HIPAA Privacy and Security Rules Updates HIPAA COW 2010 Spring Conference April 16, 2010.

From HIPAA to HITECH OMH Briefing.

Milada R. Goturi Tonya M. Oliver Thompson Coburn LLP 1.

Health Information Technology for Economic and Clinical Health Act (HITECH)

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

CORPORATE COMPLIANCE PROGRAM The Office of Corporate Integrity

American Recovery and Reinvestment Act of 2009 Changes to HIPAA and the Impact to YOU American Recovery and Reinvestment Act of 2009 Changes to HIPAA and.

Arkansas State Law Which Governs Sensitive Information…… Part 3B

HITECH Act and HIPAA: Important Compliance Update Susan E. Ziel Gerald “Jud” DeLoss.

Breach vs. Security Incident A security incident is an actual or suspected occurrence of: Damage, destruction, unauthorized access or disclosure of.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

Snowe Amendment to the Wired Act William F. Pewen, Ph.D., M.P.H. Office of Senator Olympia J. Snowe, ME (202)

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

We’ve Had A Breach – Now What? Garfunkel Wild, P.C. 411 Hackensack Avenue 6 th Floor Hackensack, New Jersey Broadway Albany,

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.

Protecting PHI & PII 12/30/2017 6:45 AM

HIPAA THE PRIVACY RULE Reviewed December 2012.

Enforcement, Business Associates and Breach Notification. Oh my!

Disability Services Agencies Briefing On HIPAA

HITECH’s Impact on Research

Presentation transcript:

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk Manager

How has HIPAA changed? ARRA = American Recovery and Reinvestment Act of 2009 or Stimulus Bill Example of Three Major Changes which impact You: 1.New Breach Notification Rules to Patients 2.New Stricter Fines and Penalties 3.HIPAA rules now apply to Business Associates Effective September 23, 2009

First Example of Key Change New Breach Notification Rules to Patients

New Breach Notification Requirements to Patients Old HIPAA: No breach notification requirements on federal level, except for a business associate to notify a covered entity. Requirement to “mitigate harm.” New HIPAA: Covered Entities (CHS) must notify individuals when their unsecured Protected Health Information has been breached.

New Breach Notification Rules: Method and Notice Make notification without “unreasonable delay,” no later than 60 calendar days after discovery The individual is notified by mail. If a business associate discovers a breach, the business associate must notify the covered entity. If the contact information for the individual is unavailable or outdated, and the breach involved more than 10 people, the covered entity must put a notice on its website or in the media with a toll-free number for information.

New Breach Rules: Media Notice and Posting to Public Website For breaches affecting greater than 500 individuals, covered entities will be required to give notice to prominent media outlets and alert the Secretary of HHS. The Secretary of HHS will then post the names of the covered entities on a public website. Breaches involving less than 500 individuals will still need to be reported to the Secretary of HHS in the form of a log of breaches that is maintained continuously and reported annually.

How can I prevent a breach? If Protected Health Information is ENCRYPTED (electronic) or SHREDDED (paper), then it is not a breach. Place Protected Health Information as appropriate in the Document Destruction Bins. If you must place Protected Health Information on a thumb drive or laptop: Enforce with your staff they must have permission of their Supervisor (i.e., Your permission) Information Technology must provide authorization and the device must be encrypted through Information Technology Do not place Protected Health Information on a Personal Digital Assistant/Cell Phone. If your phone has access to CHS , you must password protect it.

Note: The Department where the breach occurred will be responsible for the cost of patient notification, credit monitoring, and all other associated costs of breach notification.

If a breach occurs… What could be a breach? Example: A missing or stolen laptop or any missing protected health information It is your responsibility to report it: 1. Discuss with Your Supervisor; or 2. Contact the HIPAA Privacy Officer and/or HIPAA Security Officer; and/or 3. Report through the Corporate Compliance Hotline

Second Example of Key Change New Stricter Fines and Penalties

Civil Fines Old HIPAA: General penalty is $100 per HIPAA violation (cap of $25,000) for multiple series of identical violations in same year.

New Stricter Fines and Penalties Civil Fines New HIPAA: Same $100 if did not know if violation and would not have known even with reasonable diligence. Now $1,000 penalty if due to reasonable cause and not willful neglect ($100k cap). Now $10,000-$50,000 penalty if “willful neglect” ($250k -$1.5M cap)

New Stricter Fines and Penalties New HIPAA: Civil and Criminal Fines enforced against individuals as well as covered entities State Attorney generals can bring civil actions against individuals

New Stricter Fines and Penalties New HIPAA: Secretary of HHS is now required to conduct periodic audits Within three years, there will be a mechanism for individuals harmed by the disclosure to share in civil monetary penalties collected by HHS

Third Example of Key Change HIPAA Rule Now Apply to Business Associates

Old HIPAA: Business Associates liability was to Covered Entity for breach of the Business Associate contract, “indirect” coverage

HIPAA Rule Now Apply to Business Associates New HIPAA: HIPAA Rules Now directly apply to Business Associates, including penalties.

Finally, key reminders remain the same… Only know if you have a legitimate need to know for your job Audits of Access to PHI are performed Don’t inappropriately access, use, disclose, take or post patient information.