Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Published byGeorgia Skinner Modified over 5 years ago

Similar presentations

Presentation on theme: "HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT"— Presentation transcript:

1 HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Maria R. Granaudo Gesty, Esq.

2 The Health Insurance Portability and Accountability Act
What is “HIPAA?” The Health Insurance Portability and Accountability Act HIPAA is the federal law, enacted in 1996 Privacy Rule – right of the individual Security Rule – confidentiality is an obligation Electronic Data Exchange Standardized Rules Penalties

3 Important Terminology and Definitions
HIPAA Basics Important Terminology and Definitions Covered Entity (CE): health plans, healthcare clearinghouses, and healthcare providers (hospitals, doctors, clinics) that conduct certain transactions (e.g. billing) in an electric form

4 Important Terminology and Definitions
HIPAA Basics Important Terminology and Definitions Business Associate (BA): Not a member of a Covered Entity’s workforce Perform Services for Covered Entity Creates, maintains or transmits Protected Health Information (PHI)

5 HIPAA Basics Non-HIPAA Covered Entities: Schools Employer that requests information for sick leave Health clubs/gyms

6 Important Terminology and Definitions
HIPAA Basics Important Terminology and Definitions Protected Health Information (PHI): Information on health, payment for care Covers more than just medical information such as full face photo, date of birth, fingerprint and voiceprint Transmissions in any form

7 Effective HIPAA Privacy Rule Compliance Plan
“I know better not to reveal any private or confidential information. Discretion is my ‘middle name.’ Why do I need training?” Designate a Privacy Official HIPAA Compliance Policies and Procedures Identify Privacy Rule Safeguards: Administrative, Physical and Technical Safeguards, what can be reasonably anticipated for your entity.

8 Specific Questions Impacting Workforce
Where do your store PHI? Who has access to PHI? Do you lock your office doors? Leave PHI on your desk? What security do you have at workstations? Do you share passwords?

9 Specific Questions Impacting Workforce
Do you transmit PHI electronically? Is it encrypted? Are computers timed to shut off when not in use for specific time? Do employees work off site? If so, how is PHI handled? Are there safeguards on all portable devices including mobile phones, tablets and laptops?

10 PHI Safeguards Follow Company policies for safe practices for your computer system ID and Passwords Select strong passwords Keep confidential and secure Do not share or allow anyone else access to the system under your ID

11 PHI Safeguards Be mindful of monitor placement and public access to printers in unsecured areas Do not engage in activities that violate Company’s policy that are designed to protect PHI (e.g., unauthorized surfing of the Internet, opening unknown attachments, installing applications not company approved) Know all guidelines for transmittals via fax, , and mobile devices

12 Effective HIPAA Privacy Rule Compliance Plan
Develop a Process for Filing Complaints Comprehensive Training Program Establish Sanctions for Privacy Violations – time is of the essence Make a Mitigation Plan – Eliminate the fear factor Publish a Non-Retaliation Statement Publish a Non-Waiver of Rights Statement Develop a Document Management Strategy

13 Permitted Use and Disclosure of PHI
General Rule: Workforce members may use or disclose PHI ONLY for permitted purposes – otherwise you must obtain an individual’s specific written authorization Use vs. Disclosure of Information Permitted purposes include: “Treatment,” “Payment,” and “Healthcare Operations” or “TPO” Specific public policy exceptions (public health, law enforcement, health oversight activities)

14 Permissible Disclosure of Information
De-Identified Health Care Information – when there is nothing left to protect Removal of all identifying information includes more than just names and addresses Policy that sets requirements Authorizing PHI Release – permission is granted Good Authorization vs. Bad Authorization

15 Who Enforces HIPAA and How?
Company – Disciplinary action up to and including termination of employment Federal Government – Dept. of Health & Human Services/Office for Civil Rights (“OCR”) – imposes penalties, both civil and criminal Civil Penalties are steep! (Feb. 1, 2018: Fresenius Medical Care North America paying $3.5 million in settlement costs) Criminal penalties have sentencing guidelines up to 10 years HITECH also created new methods for enforcement (e.g. allows state attorney generals to enforce HIPAA regulations)

16 HIPAA Enforcement Department of Health & Human Services Stats

17 A Cautionary Tale… $2.5 million settlement shows that not understanding HIPAA requirements creates risk April 24, 2017 – HHS/OCR announced a HIPAA settlement based on the impermissible disclosure of unsecured (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5 million and implementing a corrective action plan. This settlement is the first involving a wireless health services provider, as CardioNet provides remote mobile monitoring of, and rapid response to, patients at risk for cardiac arrhythmias.

18 Questions?

19 burnswhite.com

Download ppt "HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT"

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.

The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health information security & compliance

Health information security & compliance
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Similar presentations

Ads by Google