Presentation is loading. Please wait.

Presentation is loading. Please wait.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Published bySimon Manning Modified over 8 years ago

Similar presentations

Presentation on theme: "Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator."— Presentation transcript:

1 Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator

2 Why the Changes? American Recovery & Reinvestment Act (ARRA) –Signed into law February 2009 Title XIII: Health Information Technology for Economic & Clinical Health Act (HITECH) –Enacted February 2009 –Effective February 2010

3 Breaches Under HIPAA: No requirement to notify patients of a breach of their PHI Under HITECH: Must notify a patient of a breach –Also must notify Health and Human Services (HHS) of breaches

4 Breaches What is a breach? The acquisition, access, use, or disclosure of PHI in a manner not permitted by the Privacy Rule, which compromises the security or privacy of the PHI and poses a significant risk of financial, reputational, or other harm to the individual

5 Breaches Determine if a breach requires notification –Risk of Harm/Risk Assessment Who accessed or used the PHI Was the information useable What information was breached Can potential harm be limited Are the breaches exempt under the HITECH Act Document/log your findings –Maintain documentation for 6 years

6 Breaches Involving less than 500 people Notification in writing, no more than 60 days after discovery of the breach Notification should include: –Description of the breach –Steps patient can take to limit harm –What you are doing about the breach –Contact information

7 Breaches Involving 500 or more people Notify the individuals affected Notify the media Notify HHS, no more than 60 days after discovery of the breach –Will post the information on their website

8 Breaches Yearly reporting to HHS No more than 60 days after the end of the year Information from your breach log –Date of the breach –Description –Notification required –Action taken

9 Disclosure of PHI Under HIPAA: Patient had the right to request that their PHI not be disclosed to a health plan –Under no obligation to comply with request

10 Disclosure of PHI Under HITECH: You must comply with the request. If: –The request is only related to payment –The patient pays for the service out of pocket and pays for the service in full

11 Access Under HIPAA: Patient had a right to access or receive a copy of their medical record –In any format requested by the patient, if readily available

12 Access Under HITECH: Patient has a right to access or receive a copy of their medical record If you maintain electronic health records: –Patient has right to request electronic copies of their record –Request a copy be provided to a third party in electronic form

13 Accounting Under HIPAA: Only had to account for disclosures that were not routine Under HITECH: If you maintain electronic health records, you must also account for routine disclosures for a three year period, prior to the request

14 Accounting For a covered entity who acquired an EHR before January 1, 2009, the accounting requirement applies to disclosures made on or after January 1, 2014. For a covered entity who acquired an EHR on or after January 1, 2009, the provision will be effective for disclosures made on or after January 1, 2011.

15 Business Associates (BA) Under HIPAA: BAs not directly bound by HIPAA regulations –Bound by contracts with covered entities Under HITECH: BAs required to directly comply with all HIPAA Regulations –Technical, Administrative, and Physical Safeguards –Including the regulations of the HITECH Act

16 Business Associates (BA) BA Agreements (BAA) should be updated to reflect the BAs new responsibilities Review current BAAs –Current BAA allows for changes = An Addendum –Current BAA doesn’t allow for changes = A new BAA

17 Enforcement Under HIPAA: Investigations of compliance were complaint driven Under HITECH: Department of Health and Human Services is required to conduct random compliance audits

18 Enforcement Under HIPAA: A civil monetary penalty of no more than $100 per violation up to a maximum of $25,000 for all violations occurring in a calendar year could be imposed Under HITECH: Tiered Civil Monetary Fines –Four tiers of fines

19 Enforcement Tier I: Didn’t Know –$100 for each violation –Not to exceed $25,000 for the year Tier II: Reasonable Cause, and not Willful Neglect –$1,000 for each violation –Not to exceed $100,000 for the year

20 Enforcement Tier III: Willful Neglect, Violation Corrected –$10,000 per violation –Not to exceed $250,000 for the year Tier IV: Willful Neglect, Violation not Corrected –$50,000 per violation –Not to exceed $1.5 million for the year

21 Enforcement State Attorneys General –Initiate civil actions for violations of HIPAA Enforcement activities and penalties are not limited to just covered entities. Who else is subject to the new enforcement activities and penalties: –Business Associates –Individuals

22 Summary of Changes Breaches of PHI –Notification Requirements –Yearly Reporting Business Associates –Directly comply with HIPAA –New/Updated BA Agreements

23 Summary of Changes Access & Disclosure of PHI –No disclosure of PHI for self pay –Obtain copy of electronic health record –Accounting of routine disclosures Enforcement Activities –Increased civil monetary penalties –Mandatory Compliance Audits –Individuals held accountable

Download ppt "Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator."

Similar presentations

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.

Navigating HIPAA & Recent Healthcare Reform: What You Need to Know.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Importance of the Information Risk Assessment. Compliance Programs are intended to proactively audit and assess an organization’s operations to detect.

Importance of the Information Risk Assessment. Compliance Programs are intended to proactively audit and assess an organization’s operations to detect.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Similar presentations

Ads by Google