Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Collaborative of Wisconsin Business Associates Extending the Reach of the Privacy Rule.

Published byGodwin Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA Collaborative of Wisconsin Business Associates Extending the Reach of the Privacy Rule."— Presentation transcript:

1 HIPAA Collaborative of Wisconsin Business Associates Extending the Reach of the Privacy Rule

2 © Copyright 2002 HIPAA Cow This Training Module is Copyright © 2002 by the HIPAA Collaborative of Wisconsin (“HIPAA COW”). It may be freely redistributed in its entirety provided that this copyright notice is not removed. It may not be sold for profit or used in commercial documents without the written permission of the copyright holder. This Training Module is provided “as is” without any express or implied warranty. This Training Module is for educational purposes only and does not constitute legal advice. If you require legal advice, you should consult with an attorney. HIPAA COW has not yet addressed all state pre-emption issues related to this Training Module. Therefore, this form may need to be modified in order to comply with Wisconsin law. Press for Glossary

3 © Copyright 2002 HIPAA Cow Contents 1.Review of Key Definitions Covered Entity Protected Health Information (PHI) Business Associate 2.Required Contract Provisions 3.Examples / Discussion Press for Glossary

4 © Copyright 2002 HIPAA Cow HIPAA History HIPAA stands for Health Insurance Portability & Accountability Act of 1996. HIPAA was passed in 1996 as part of a broad congressional attempt at healthcare reform. Press for Glossary

5 © Copyright 2002 HIPAA Cow HIPAA Applies to Covered Entities: Health Plans Providers Clearinghouses Press for Glossary

6 © Copyright 2002 HIPAA Cow Privacy Rule: What Does It Do? HIPAA regulates the use or disclosure of Protected Health Information (PHI). Press for Glossary

7 © Copyright 2002 HIPAA Cow What is Protected Health Information (PHI)? Individually Identifiable Heath Information that is transmitted or maintained in any form relating to the past, present, or future: Physical or mental health condition of an individual; or Provision of health care to an individual; or Payment for the provision of health care to an individual Press for Glossary

8 © Copyright 2002 HIPAA Cow Business Associates: Extending The Reach of the Rule Privacy Rule applies only to Covered Entities. Covered Entities are required to obtain satisfactory assurances that Business Associates will adhere to their privacy practices. Press for Glossary

9 © Copyright 2002 HIPAA Cow Who Are Your Business Associates? A person or entity who either provides services on behalf of a Covered Entity, or to a Covered Entity which involves the use or disclosure of PHI. NOT a member of your workforce. Press for Glossary

10 © Copyright 2002 HIPAA Cow Business Associates Perform a function on behalf of the Covered Entity that involves the use or disclosure of PHI. Workforce is exempted: Includes students, residents, volunteers Excludes independent contractors (no direct control) Exempts entities that are part of a OHCA or are affiliated entities. Press for Glossary

11 © Copyright 2002 HIPAA Cow Identifying Your Business Associates There are many differences in opinion among Covered Entities about WHO is a Business Associate. A Business Associate for one may or may not be a Business Associate for another. The Rule’s Definition leaves room for interpretation by the Covered Entity. Press for Glossary

12 © Copyright 2002 HIPAA Cow Examples of Business Associate services Claims processing or administration Data analysis processing or administration Utilization review Quality assurance Benefits administration Disease management Case management Press for Glossary

13 © Copyright 2002 HIPAA Cow Examples of Possible Business Associate Services –Medical record copying services –Collection agencies –Transcription services –Third party billing services –Computer consultants with access to PHI –Clearinghouses –Other entities which perform standard transactions Press for Glossary

14 © Copyright 2002 HIPAA Cow Examples of Possible Business Associate Services (continued) Legal services Accounting and auditing services Actuarial services Consulting services Data Aggregation Management and administration Accreditation Financial services Press for Glossary

15 © Copyright 2002 HIPAA Cow Covered Entities should view vendors that have access to, use or disclose PHI, as Business Associates and act accordingly. Press for Glossary

16 © Copyright 2002 HIPAA Cow Who are NOT Business Associates? Banks Post Office CMS - oversight agencies Providers with staff privileges Press for Glossary

17 © Copyright 2002 HIPAA Cow Business Associate or NOT? That is the question! –Do they need access to PHI to perform their job? –Are they exposed to PHI just by being there? Your organization’s security policies and procedures should protect from incidental exposure to PHI. Press for Glossary

18 © Copyright 2002 HIPAA Cow Model Contract Language Final rules include model Business Associate Contract Provisions. Use of model is not required. Not alone sufficient to result in a binding contract under State law. Also available on HIPAA COW web site: www.hipaacow.org www.hipaacow.org Press for Glossary

19 © Copyright 2002 HIPAA Cow Contract Requirements Business Associate Contracts Must: 1.Establish the permitted and required uses and disclosures of PHI by the Business Associate. 2.Authorize contract termination for cause if the Covered Entity determines that the BA has violated a material term of the contract. Press for Glossary

20 © Copyright 2002 HIPAA Cow Contract Requirements 3.Provide that the Business Associate will: Not use or further disclose PHI other than as permitted or required by the contract or by law. Use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by contract. Press for Glossary

21 © Copyright 2002 HIPAA Cow Contract Requirements Report to the Covered Entity any use or disclosure of PHI not provided for by contract of which it becomes aware. Ensure that any agents, including a subcontractor, to whom it provides PHI, agrees to the same restrictions and conditions that apply to the Business Associate with respect to such information. Press for Glossary

22 © Copyright 2002 HIPAA Cow Contract Requirements Make PHI available in accordance with HIPAA. Make available PHI for amendment and incorporate any amendments to PHI. Make available the information required to provide an accounting of disclosures. Press for Glossary

23 © Copyright 2002 HIPAA Cow Contract Requirements Make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of DHHS for compliance purposes. At termination of the contract, if feasible, return or destroy (and retain no copies) all PHI that the Business Associate still maintains in any form. Press for Glossary

24 Complying with the Business Associate Requirement What else should be done?

25 © Copyright 2002 HIPAA Cow Review Existing Agreements Contracts may exist as: A formal Contract, A Letter of Agreement, or A Memorandum of Understanding Press for Glossary

26 © Copyright 2002 HIPAA Cow Begin Negotiation Process Will any Business Associates resist? Allow enough time Begin as soon as possible Press for Glossary

27 © Copyright 2002 HIPAA Cow How easy will it be? The less important your business is to a supplier/vendor/contractor, the less inclined that supplier is going to take on additional contractual obligations with you. Non-cost and administrative requirement reasons for Business Associate resistance. Press for Glossary

28 © Copyright 2002 HIPAA Cow HHS Proposes Transition Period Certain existing vendor contracts would be deemed in compliance for up to one additional year beyond April 14, 2003, if: –In existence prior to effective date. –Do not expire or are not modified or amended prior to compliance date. –Includes “evergreen” contracts. Press for Glossary

29 © Copyright 2002 HIPAA Cow Steps in HIPAA Compliance Education and Awareness Establish Project Team Develop Business Strategy Allocate Appropriate Resources Risk Assessment and Gap Analysis Preparation Implementation Auditing and Monitoring Press for Glossary

30 © Copyright 2002 HIPAA Cow If you have a Business Associate Contract No obligation to monitor Business Associates for compliance. Must address any known privacy violations. Press for Glossary

31 © Copyright 2002 HIPAA Cow Summary for Business Associates Locate all of your contracts. Identify which contracts are with Business Associates. Draft amendment language and begin negotiations. Press for Glossary

32 © Copyright 2002 HIPAA Cow Training of Business Associates Covered Entities have no obligation to train their Business Associates. However, if they feel issues may arise, the Covered Entity may provide training to their Business Associates to minimize the risk of privacy breaches. Press for Glossary

33 © Copyright 2002 HIPAA Cow References This presentation was created by: Renee Hinkel, RN, MSN Karen Bauer Joan Benson, MBA Anthony Cooper William Jensen, MBA Jennifer Laughlin, RHIA Richard Reynolds, FHIMSS Beth Zellar, MS, RHIA

Download ppt "HIPAA Collaborative of Wisconsin Business Associates Extending the Reach of the Privacy Rule."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
PATIENT RIGHTS UNDER HIPAA HIPAA Collaborative of Wisconsin April 2003.

PATIENT RIGHTS UNDER HIPAA HIPAA Collaborative of Wisconsin April 2003.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training

Similar presentations

Ads by Google