Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Slides:

Advertisements

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

Confidentiality and HIPAA

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

NAU HIPAA Awareness Training

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA Regulations What do you need to know?.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Health information security & compliance

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP

Milada R. Goturi Tonya M. Oliver Thompson Coburn LLP 1.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Florida Information Protection Act of 2014 (FIPA).

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Eliza de Guzman HTM 520 Health Information Exchange.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

Davis Wright Tremaine LLP Responding to Your Worst Security Breach Nightmare: When Patient Information Is Stolen Rebecca L. Williams, R.N., J.D. Partner.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.

Health Insurance Portability and Accountability Act of 1996

Privacy & Information Security Basics

Florida Information Protection Act of 2014 (FIPA)

Florida Information Protection Act of 2014 (FIPA)

Privacy & Access to Information

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Colorado “Protections For Consumer Data Privacy” Law

South Jordan City Fire Department

Presentation transcript:

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results – 85% of Companies Surveyed Experienced a Data Breach

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results – 42% of data breaches were caused by missing devices such as laptop computers

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results - 57% did not have an incident response plan in place when the breach happened

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Ponemon Survey Results – Breaches May Impact IT Spending

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Federal Regulation of Privacy Rights º HIPAA º GLBA º COPPA º Electronic Communications Privacy Act º Privacy Act and Computer Matching & Privacy Protection Act º Computer Fraud and Abuse Act

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP HIPAA Privacy Rule º Purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected health information may be used or disclosed by a covered entity. º All individually identifiable health information held or transmitted by a covered entity or its business associates is protected health information. º A covered entity must obtain the individual’s written authorization for any use or disclosure of information that is not for treatment, payment or health care operations, or otherwise permitted or required by the Privacy Rule. º Each covered entity must provide a notice of its privacy practices.

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP HIPAA Privacy Breach Notification º In the event of a data breach, a covered entity has a duty to: Mitigate impermissible uses and disclosures; and Account for impermissible uses and disclosures. º A business associate must report any breach to the covered entity. º A business associate has no obligation to notify others or mitigate the effect of the breach.

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP HIPAA Security Requirements º Designate a privacy official who is responsible for developing and implementing policies and procedures º Train all members of the workforce on policies and procedures related to protected health information º Implement appropriate administrative, technical and physical safeguards to protect against the intentional or unintentional use or disclosure in violation of HIPAA º No waiver of rights º Implement policies and procedures that are reasonably designed to ensure compliance º Retain documents and prepare reports to regulators demonstrating compliance

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Understanding State Breach Notification Laws º Forty-five jurisdictions have data breach notification statutes (forty-four states and DC) º Definition of Personal Information º Exemption for Encrypted Personal Information º Criminal Investigation or Government Entity Exemption º Immaterial Information Exemption

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Definition of Personal Information º First name or first initial and last name, along with one of the following unencrypted pieces of information: social security number; driver’s license number or state identification number; or account number, credit card number, or debit card number, combined with any password, security code, or access code.

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Exemptions for Encryption º Many states, like California, exclude encrypted information from the definition of a security breach. º Other states have an express exemption for encrypted information. º Encryption means an algorithmic process to transform data into a form in which the data is rendered unreadable or unusable without use of a confidential process or key. º Exemption does not apply if the security breach also involves the encryption key.

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Criminal Investigation Exemption º Breach notification may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. º The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation.

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Alaska’s Data Breach Notification Law º Notification required in the most expeditious time possible and without unreasonable delay º Exemption for encrypted data º Suspension of duty to notify during ongoing criminal investigation º Specific exemption for immaterial breaches º Civil penalties for failure or unreasonable delay of notification º Private right of action

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP

Privacy and Security Laws for Health Care Organizations © 2008 Scott&Scott, LLP Contact Information Robert J. Scott Scott & Scott, LLP 2200 Ross Avenue, Suite 5350E Dallas, Texas Phone: Fax: