Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Published byAliyah Sarge Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk."— Presentation transcript:

1 Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk Manager

2 How has HIPAA changed? ARRA = American Recovery and Reinvestment Act of 2009 or Stimulus Bill Example of Three Major Changes which impact You: 1.New Breach Notification Rules to Patients 2.New Stricter Fines and Penalties 3.HIPAA rules now apply to Business Associates Effective September 23, 2009

3 First Example of Key Change New Breach Notification Rules to Patients

4 New Breach Notification Requirements to Patients Old HIPAA: No breach notification requirements on federal level, except for a business associate to notify a covered entity. Requirement to “mitigate harm.” New HIPAA: Covered Entities (CHS) must notify individuals when their unsecured Protected Health Information has been breached.

5 New Breach Notification Rules: Method and Notice Make notification without “unreasonable delay,” no later than 60 calendar days after discovery The individual is notified by mail. If a business associate discovers a breach, the business associate must notify the covered entity. If the contact information for the individual is unavailable or outdated, and the breach involved more than 10 people, the covered entity must put a notice on its website or in the media with a toll-free number for information.

6 New Breach Rules: Media Notice and Posting to Public Website For breaches affecting greater than 500 individuals, covered entities will be required to give notice to prominent media outlets and alert the Secretary of HHS. The Secretary of HHS will then post the names of the covered entities on a public website. Breaches involving less than 500 individuals will still need to be reported to the Secretary of HHS in the form of a log of breaches that is maintained continuously and reported annually.

7 How can I prevent a breach? If Protected Health Information is ENCRYPTED (electronic) or SHREDDED (paper), then it is not a breach. Place Protected Health Information as appropriate in the Document Destruction Bins. If you must place Protected Health Information on a thumb drive or laptop: Enforce with your staff they must have permission of their Supervisor (i.e., Your permission) Information Technology must provide authorization and the device must be encrypted through Information Technology Do not place Protected Health Information on a Personal Digital Assistant/Cell Phone. If your phone has access to CHS e-mail, you must password protect it.

8 Note: The Department where the breach occurred will be responsible for the cost of patient notification, credit monitoring, and all other associated costs of breach notification.

9 If a breach occurs… What could be a breach? Example: A missing or stolen laptop or any missing protected health information It is your responsibility to report it: 1. Discuss with Your Supervisor; or 2. Contact the HIPAA Privacy Officer and/or HIPAA Security Officer; and/or 3. Report through the Corporate Compliance Hotline

10 Second Example of Key Change New Stricter Fines and Penalties

11 Civil Fines Old HIPAA: General penalty is $100 per HIPAA violation (cap of $25,000) for multiple series of identical violations in same year.

12 New Stricter Fines and Penalties Civil Fines New HIPAA: Same $100 if did not know if violation and would not have known even with reasonable diligence. Now $1,000 penalty if due to reasonable cause and not willful neglect ($100k cap). Now $10,000-$50,000 penalty if “willful neglect” ($250k -$1.5M cap)

13 New Stricter Fines and Penalties New HIPAA: Civil and Criminal Fines enforced against individuals as well as covered entities State Attorney generals can bring civil actions against individuals

14 New Stricter Fines and Penalties New HIPAA: Secretary of HHS is now required to conduct periodic audits Within three years, there will be a mechanism for individuals harmed by the disclosure to share in civil monetary penalties collected by HHS

15 Third Example of Key Change HIPAA Rule Now Apply to Business Associates

16 Old HIPAA: Business Associates liability was to Covered Entity for breach of the Business Associate contract, “indirect” coverage

17 HIPAA Rule Now Apply to Business Associates New HIPAA: HIPAA Rules Now directly apply to Business Associates, including penalties.

18 Finally, key reminders remain the same… Only know if you have a legitimate need to know for your job Audits of Access to PHI are performed Don’t inappropriately access, use, disclose, take or post patient information.

Download ppt "Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk."

Similar presentations

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Breach SHOULD Be a Four Letter Word HIPAA Omnibus.

Breach SHOULD Be a Four Letter Word HIPAA Omnibus.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
1 HIPAA Privacy and Security Cindy Cummings, RHIT.

1 HIPAA Privacy and Security Cindy Cummings, RHIT.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
1 TECO ENERGY, INC. HIPAA PRIVACY AND SECURITY REQUIREMENTS April 29, 2014 Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

1 TECO ENERGY, INC. HIPAA PRIVACY AND SECURITY REQUIREMENTS April 29, 2014 Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
 July 10, 2013 Richard D. Sanders T HE S ANDERS L AW F IRM, P.C. 7 Piedmont Center, Suite 300 3525 Piedmont Road Atlanta, Georgia 30305 (404) 364-1819.

 July 10, 2013 Richard D. Sanders T HE S ANDERS L AW F IRM, P.C. 7 Piedmont Center, Suite Piedmont Road Atlanta, Georgia (404)
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google