Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Eamon Callahan and Wilston Johnston

Published byPeregrine Dean Modified over 5 years ago

Similar presentations

Presentation on theme: "By: Eamon Callahan and Wilston Johnston"— Presentation transcript:

1 By: Eamon Callahan and Wilston Johnston
HIPAA By: Eamon Callahan and Wilston Johnston

2 Overview HIPAA Background Componenets of the Law
Examples of Major Violations Lessons Learned HIPAA Safeguards

3

4 HIPAA Health Insurance Portability and Accountability Act of 1996
Dictates the use, transfer, and storage of patient medical records

5 History Development of electronic medical records systems in early 1990s Signed into law in 1996 by Pres. Bill Clinton Original law provided no details, but mandated Congress to pass future regulation Privacy Rule passed in 1999 Transaction and Code Sets Rule in 2000 Security Standards Rule in 2003 Enforcement Rule in 2006

6 Sections of the Law Privacy Rule: Security Rule:
Defines Protected Health Information (PHI) Identifies entities covered by law Healthcare providers, insurance plans/companies, “healthcare clearinghouses” Security Rule: Sets standards for security practices to protect PHI Sets guidelines than enacts specific practices Mandates requirement for “administrative, technical, and physical safeguards”

7 Legal Consequences Entities give 30 days to correct breaches and notify patients Corrections often include suspension/termination of employees Tiered fine structure Between $100 - $100,000 fine due to nature of defense

8

9 HIPAA Violations Unfortunately HIPAA violations happen frequently
According the Elizabeth Snell, “HIPAA settlements have been taking place, and have been going aggressively, topping close to $15 million so far in 2017” enforcement

10 HIPAA Security in the Field
A Case Study from the Hellhole of Private EMS

11

12 Learning From Lawsuits
According to Elizabeth Snell, 5 things that companies should take away from lawsuit are: Business Associate Agreements (BAAs) Audit Controls Breach Notifications Risk Management Basic HIPAA Safeguards

13 Business Associate Agreements (BAAs)
According to U.S. Department of Health & Human Services a Business Associate agrees to: Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement; Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information

14 Audit Controls and Breach Notifications
Taken HIPAA’s website: “Monitoring and review of audit trails must be as close to real time as possible to be useful.” If/when a breach occurs the breach needs to be disclosed to the public and the authorities The affected people must be notified in a timely fashion.

15 Risk Management According to HealthIT Security:
Children’s agreed to a $3.2 million civil penalty, stemming from an incident when an unencrypted, non-password protected Blackberry was reported lost. Lacking risk management was also cited in the October 2016 settlement with St. Joseph Health (SJH). In that case, SJH agreed to a $2,140,500 million settlement after it was found to have failed to examine or modify a new file server when it was implemented.

16 Basic HIPAA Safeguards
According to HealthIT Security: HIPAA technical safeguards, physical safeguards, and administrative safeguards are the backbone to any organization’s approach to compliance and data security. As technology continues to evolve and organizations have more ePHI, it becomes more important for entities to update their security measures and account for new tools. Advocate Health Care (Advocate) agreed to a $5.5 million OCR HIPAA settlement in August 2016, following multiple alleged HIPAA violations and noncompliance issues

17 Work Cited “Business Associate Contracts.” HHS.gov, US Department of Health and Human Services, 25 Jan. 2013 Callahan, Eamon. “Electronic Medical Records & .” 12 Dec Jones, Ed. “Audit Control: What This HIPAA Security Rule Technical Safeguard Standard Means.” HIPAA.com, HIPAA, 9 June 2009, Perlmutter, Chad. “Storing Your Medical Records Securely.” Record Nations, Record Nation, 13 Jan. 2016, Snell, Elizabeth. “5 Lessons Learned in OCR HIPAA Settlements.” HealthITSecurity, HealthITSecurity, 31 July 2017, healthitsecurity.com/news/5-lessons-learned-in-ocr-hipaa-settlements Snell, Elizabeth. “What Should Entities Expect with OCR HIPAA Enforcement?” HealthITSecurity, HealthITSecurity, 2 Nov , healthitsecurity.com/news/what-should-entities-expect-with-ocr-hipaa-enforcement. “This COP ASSAULT Story Gets WEIRD! - ETC Daily.” YouTube, YouTube, 5 Sept. 2017,

18 By Callahan and Johnston
HIPPA By Callahan and Johnston

Download ppt "By: Eamon Callahan and Wilston Johnston"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Hipaa privacy and Security

Hipaa privacy and Security
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Similar presentations

Ads by Google