Presentation is loading. Please wait.

Presentation is loading. Please wait.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc. 2010.

Published byAbigail Oliver Modified over 8 years ago

Similar presentations

Presentation on theme: "AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc. 2010."— Presentation transcript:

1 AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc. 2010

2 CE-Prof, Inc. – Seminars Speaker: Petra von Heimburg, DDS, JD HIPAA – the Animal is Getting Bigger 2 Copyright CE-Prof, Inc. 2010

3 YOU CAN REACH ME AT: 3 Petra von Heimburg, DDS, JD Ph.: (847) 382-2832 Fax: (847) 382-2924 E-mail: CEProf@aol.comCEProf@aol.com www.PetravonHeimburgDDSJD.com Copyright CE-Prof, Inc. 2010

4 PREFACE 4 This presentation, including comments and handouts, if any, do not constitute legal advice but are for educational purposes only. Copyright CE-Prof, Inc. 2010

5 HIPAA is Growing Copyright CE-Prof, Inc. 2010 5 Background: Addresses: Privacy, Security, Transaction Standards HIPAA Rules: Privacy Rule Security Rule Enforcement Rule

6 Copyright CE-Prof, Inc. 2010 6 HIPAA regulates the use and disclosure of PHI (“Protected Health Information”) by “Covered Entities” and “Business Associates” (through BACs); Exceptions on use and disclosure: Treatment, Payment and Healthcare Operations of the Office (TPO); Plus some public welfare exceptions

7 Copyright CE-Prof, Inc. 2010 7 Some Important Changes to the Rules: a. Increases rights of patients regarding PHI and “marketing” communication; b. Applies Privacy and Security Standards directly to Business Associates; c. Establishes the Health Information Exchange; d. Allows individuals to recover damages; e. Increases federal enforcement and penalties.

8 TOPICS: Copyright CE-Prof, Inc. 2010 8 A. The Health Information Exchange (HIE) B. Patient’s Rights C. BACs D. Breaching E. Enforcement

9 A. THE HEALTH INFORMATION EXCHANGE Copyright CE-Prof, Inc. 2010 9 Part of the nationwide Health Information Network Tying together of all PHI (but no storage or control) through electronic exchanges Secure communication and message routing To be in place by the end of 2014

10 Planned HIE Services Copyright CE-Prof, Inc. 2010 10 Master Patient Index Record Locator Service Provider Directory Payer Directory Public Health Entity Directory Authentication Services Consent Management Auditing Services

11 B. PATIENT’S RIGHTS Copyright CE-Prof, Inc. 2010 11 To restrict PHI disclosure to a health plan, if the patient paid privately for the health care service (unless the disclosure is for treatment or required by law) To requests that an entity make information available in EHR format, provided the entity stores information in that format Effective Date: 2-17-10

12 Copyright CE-Prof, Inc. 2010 12 To request an accounting of disclosures of PHI even if done for TPO purposes (3years for EHR; 6 years other) – anticipated effective date: 1-1-11 To restrict “marketing” pitches from his/her provider

13 C. BAC-CANEERS Copyright CE-Prof, Inc. 2010 13 BACs or Business Associate Contracts have been used in the past by the Covered Entity to tie in business associates (BAs)

14 Modifications Copyright CE-Prof, Inc. 2010 14 As of 2-17-2010, the BA is directly responsible for adherence to the privacy & security rules needs to adopt admistrative safeguards can be assessed penalties and fines BUT So far, the BA does not have to adhere to the breach notification requirements, but the covered entity does!

15 D. BREACHING Copyright CE-Prof, Inc. 2010 15 Requirement: “a covered entity shall, following the discovery of a breach of unsecured PHI, notify each individual whose unsecured PHI has been or is reasonably believed by the covered entity to have been accessed, acquired, used or disclosed as a result of such breach.” 45 CFR 164.404(a)(1)

16 Definition - Breach Copyright CE-Prof, Inc. 2010 16 A breach has occurred if a covered entity discovers that there has been an acquisition, access, use or disclosure of PHI, which was not encrypted, and this event poses a significant financial, reputational or other harm to the individual. NOTE: “Snooping” by a staff member can be considered a breach.

17 A Breach does not Include Copyright CE-Prof, Inc. 2010 17 unintentional acquisition, access or use of PHI by a member of the workforce in his/her scope of authority done in good faith and where the PHI was not further used or disclosed.

18 Examples of Possible Breaches Copyright CE-Prof, Inc. 2010 18 Lost laptop Files left in a coffee shop, but may be not if left at another provider Fax to the wrong number, but may be not if to or within an affiliated covered entity (ex. covering insurance company)

19 What to Do in Case of Breach: Risk Assessment Copyright CE-Prof, Inc. 2010 19 a. Whether the lost PHI was encrypted or not b. If encrypted → no breach c. If not encrypted, determine, if there is a significant risk of financial, reputational or other harm to the individual

20 Risk Assessment Copyright CE-Prof, Inc. 2010 20 The rules do not require a risk assessment, BUT.. It is a way to possibly extricate yourself from the notification provision

21 Breach Notification Requirement Copyright CE-Prof, Inc. 2010 21 If the risk assessment reveals a significant breach, the covered entity has to do compile a report Notification to be made asap but no later than 60 days after event

22 Copyright CE-Prof, Inc. 2010 22 Notification has to be made to every individual In addition: If fewer than 500 persons involved: - Covered Entity must maintain a log and annually submit the log to HHS If more than 500 persons involved - Notification has to be made to the media and to HHS at the same time

23 Information to be Reported to HHS: Copyright CE-Prof, Inc. 2010 23 Date of breach (if breach by BA, obtain date) Type of breach Location of breached information Type of PHI breached Brief description of breach Safeguards prior to breach Actions taken in response to breach

24 Information to be Reported to Individuals: Copyright CE-Prof, Inc. 2010 24 All the information which needs to be reported to HHS, PLUS Steps individuals should take to protect themselves from potential harm Contact information for individuals to ask questions or learn additional information

25 E. ENFORCEMENT Copyright CE-Prof, Inc. 2010 25 Penalties increase depending on infractions from “unaware of breach” through “uncorrected willful neglect” For “willful neglect” fines are mandatory (effective 2-17-11) Fines range from $100 to $50,000 per violation, with a maximum limit of $1,5mil. for identical violations per calendar year

26 Copyright CE-Prof, Inc. 2010 26 Individuals can be held criminally liable for receipt and disclosure of PHI Patients will have the ability to obtain financial compensation if suit is brought by the Attorney General NOTE: Enforcement is through the HHS Office for Civil Rights

27 BE CAREFUL OUT THERE! 27

Download ppt "AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc. 2010."

Similar presentations

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.

Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA In The Workplace What Every Employee Should Know and Remember.

HIPAA In The Workplace What Every Employee Should Know and Remember.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Similar presentations

Ads by Google