Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Published byHillary Allison Modified over 8 years ago

Similar presentations

Presentation on theme: "Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any."— Presentation transcript:

1

2 Dealing with Business Associates

3 Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any function or activity covered by HIPAA –Provide a service on behalf of a covered entity involving the transfer of PHI

4 Some DHS Business Associates include: Medi-Cal Managed Care Plans Electronic Data Systems (EDS) Delta Dental Ramsell Maximus

5 HIPAA & Managed Care Plans Medi-Cal Managed Care plans are covered entity health plans under HIPAA

6 Under federal law the state Medicaid agency must ensure that: Each plan has written policies regarding enrollee rights including: Right to request and receive a copy of their medical records and Right to request that records be amended or corrected 42 C.F.R. §438.224

7 State Medicaid Agency must ensure: That plans use and disclose individually identifiable health information in accordance with privacy requirements in the HIPAA Privacy Rule

8 What Does This Mean? 1.Review plan policies and procedures to make sure HIPAA Privacy policies are in place 2.Monitor plan compliance with Exhibit “G” of the managed care contracts.

9 What Does Exhibit “G” Require? Plans may only use and disclose PHI for purposes directly connected to Medi-Cal administration Plans must provide DHCS contract manager with a list of external entities, except for network providers, to which it discloses lists of Medi-Cal member names and addresses (annually)

10 What Does Exhibit “G” Require? Not to divulge Medi-Cal status except for TPO To implement administrative, physical and technical safeguards To maintain comprehensive written information privacy and security program

11 Notification of Breach Under Exhibit “G”, plan is required to: 1.Notify DHCS contract manager within 24 hours during a work week of any suspected or actual breach of security or unauthorized use or disclosure of PHI 1.Take prompt corrective action and investigate the breach

12 Notification of Breach 3.Comply with state breach law found at California Civil Code §1798.82 and notify patients of unauthorized disclosure of personal information which is computerized and unencrypted 4.Provide a written report to DHCS Privacy Officer within 15 days of the discovery of the breach

13 NPP’s Under Exhibit “G” plans are required to: Produce a NPP which must include the DHCS Privacy Officer contact information for use by beneficiaries wanting to complain Submit new or revised NPP’s to DHCS contract managers for review

14 New Revised BA Agreement DHCS negotiations with Maximus Strengthens the following areas: –Compliance with the Security Rule –Notification of breaches Two versions –High Risk – for FI’s (including EDS and Maximus) –Standard Risk Revised 12/2007 Managed Care plans –Use Exhibit G

15 THE END

Download ppt "Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any."

Similar presentations

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Similar presentations

Ads by Google