Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

Published bySabrina Plasterer Modified over 9 years ago

Similar presentations

Presentation on theme: "The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with."— Presentation transcript:

1

2

3 The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with HIPAA.. DSS CD MHD FSD DLS DFAS DODO

4 In-Home Service Providers are Business Associates of the Department. DSS In-Home Service Provider PHI

5 Business Associates are entities that work on behalf of the covered entity, but are not members of the covered entity’s workforce. In their work, BAs have access to or work with PHI.

6 Accounting for disclosures of information; Authorization forms; Notice of Privacy Practices; Acknowledgement forms; Compliance with HIPAA (BA provisions); Call before faxing; and Referrals to the Privacy Officer.

7 Individuals have the right to an accounting, which details the disclosures a covered entity has made in the prior 6 years. A CE must account for the information its BAs have disclosed as well. 45 CFR sec. 164.528

8 Penalties can be levied against the Department as the CE. The Department can also terminate a contract with the BA. Under ARRA, HHS can sanction the BA directly. 45 CFR sec. 164.504

9 HIPAA is designed to allow an individual the greatest access to their personal information. HIPAA is also designed to limit the amount of personal information others receive regarding a client or patient to the “minimum necessary” to perform their task.

10 I am a mandated reporter. Do I have to provide the hotline only the minimum necessary information regarding a client?

11 NO!

12 “Minimum Necessary does not apply to required by law” disclosures under 45 CFR sec. 164.512(a). Entities can rely on the Adult Protective Services request under 45 CFR sec. 164.512(c). Entities may continue to disclose information as needed throughout the investigation.

13 Effective 2/17/09 Imposes direct responsibilities and liability on BAs for compliance with the Security Rule. BAs must have Administrative, Physical, and Technical Safeguards in place Policies, training, sanctions Control access to buildings & systems; staff ID’s Control access to computers & files; 1 user/1 password; security safeguards even if offsite

14 CEs must notify individuals whose information was breached if: The information is PHI; The PHI was disclosed in an Unauthorized Use/Disclosure The PHI was unsecured (e-PHI that is not encrypted) The PHI was compromised Watch out for portable electronic devices (Blackberries, laptops, notebook computers, etc.)

15 NOTIFY DSS IMMEDIATELY! See the Immediate reporting required as per the Business Associate provisions of your contract. See the five (5) day “report” required as per the Business Associate provisions of your contract.

16 BA must report immediately (as soon as aware) to DSS any Security Incident/Improper Use or Disclosure/Breach. BA must take action to discontinue the incident. BA must submit a “report” with five (5) days to DSS.

17 Must contain a description of the remedial action taken or to be taken; Proposed plan to prevent future incidents; Names & contact information of individuals involved; Description of the incident; Dates of incident & discovery; Description of type(s) of PHI involved, including whether or not it was secured; Recommendations for the protection of those individuals involved.

18 HITECH Act prohibits remuneration for PHI BA shall not directly or indirectly receive remuneration in exchange for any PHI without a valid authorization!

19 Centers for Medicare and Medicaid HIPPA link: www.cms.hhs.gov/SecurityStandard/ Department of Health and Human Services, Office of Civil Rights HIPPA link: www.hhs.gov/ocr/privacy/ MO DSS HIPAA Privacy Notice: http://www.dss.mo.gov/hipaa/hprivacy.pdf

Download ppt "The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
Privacy Trends TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Trends TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official.

I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.

Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 TECO ENERGY, INC. HIPAA PRIVACY AND SECURITY REQUIREMENTS April 29, 2014 Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

1 TECO ENERGY, INC. HIPAA PRIVACY AND SECURITY REQUIREMENTS April 29, 2014 Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

Similar presentations

Ads by Google