Headline News: Anatomy of a VIP Records Breach
|
|
- Bertina Howard
- 6 years ago
- Views:
Transcription
1 Watch the Replay Headline News: Anatomy of a VIP Records Breach Executive Series Webinar September 24, 2014
2 Today s Panel Kim Roberts, MS, RHIA, CHP Privacy Specialist Sparrow Health System kim.roberts@sparrow.org Kurt Long Founder FairWarning, Inc. Kurt@FairWarning.com Mike Nessen Customer Community Manager FairWarning, Inc. Mike@FairWarning.com
3 Agenda Sparrow Health System Introduction VIP Records Breach Scenario Corrective Action Plan Lessons Learned Escalating Threats to Data Patient Employee Physician Industry News: OCR Audit Update Next Steps Q&A
4 Anatomy of a VIP Records Breach Kim Roberts, MS, RHIA, CHP
5 Background Information» Location and Background» Visit from a VIP Government Official» State of Michigan Inquiry» OCR Letter of Inquiry
6 VIP Admitted using alias Sequence of Events VIP Discharged (Four Day Stay) VIP stay released to media by VIP staff CPO & CISO meeting re: Access Audit Plan Department Directors review of access of identified staff Human Resources investigation Hospital issued news release re: disciplinary actions taken for privacy policy violations Full audit of VIPs records in all systems Human Resources notified of inappropriate access Sanctions imposed
7 OCR and State Inquires & Responses OCR Inquiry Received (3 weeks) OCR Response Formally closed ( 7 months) Response sent State Inquiry Received (1 week) Second Formal Response and meeting Response to the State of Closed with follow up actions (6 months)
8 OCR Questions» Did caregivers impermissibly access medical records as alleged?» If the impermissible access occurred, when did it occur?» How did Sparrow discover the alleged occurrences?» What did Sparrow do as a result of its findings?
9 Response to the Event» Position Statement» Actions Taken to Monitor and Investigate» Corrective Action Plans Outcome Objectives» Corrective Action Plan Monitoring
10 Position Statement» Chronological Statement of Events» List Events surrounding the Breach»Dates of Admission»Alias Name Identification» Actions Taken to Monitor the Investigation»Routine Manual Review of Access Logs
11 Manual Review of Access Logs» Prior to Implementing FairWarning Concurrent Access Audit Plan» Manual Review of Audit Files twice daily» Concurrent monitoring of communications based on name and title Retrospective Access Audit Post Discharge» Review of 281 caregivers» 50 to 60 hours reviewing the MR to Access Logs
12 VIP Review Workflow» notification were sent to the Directors»Access to account or record necessary to do their job»more than the minimum necessary»inappropriate review for the role
13 Dear Colleague: There was a recent visit of a high profile individual in the and the individual had a subsequent. A high level review was conducted by correlating care giver access results to the medical record. A more detailed assessment is needed to determine appropriate access for individuals under your purview. If you determine that access is inappropriate, please contact LCR to assist in the disciplinary investigation. Audit results concerning care giver(s) working in your area are attached for your review and are highlighted. Please complete a User Access Form for each care giver and return the form electronically to me at: Please complete your review within 1 week of the date of this . Please consider the following questions as you review: 1) Did the individual access only those accounts or records necessary to do his/her job? 2) Did the individual access only the information contained in the account or record needed to do his/her job (Minimum Necessary)? 3) Was the access appropriate if so, indicate reason for access? Please contact me if I can answer questions or offer assistance.
14
15 Corrective Actions Outcome Objectives Sanctions Applied» 31 Caregivers were referred to the Department Directors» 21 Caregivers were Sanctioned»17 Caregivers were Terminated»5 were Suspended and given a Level 3 Discipline
16 Corrective Actions Outcome Objectives» Action Plan Alias Name» Policy Review for VIPs» Overview of all Privacy Training» Remedial Training via »10 privacy reminders
17 Corrective Actions Outcome Objectives» Response to the Media Communications» Response to Caregivers regarding Sanctions» Sent Privacy Reminders as Training to Caregivers» News Release pertaining to Disciplinary Action» Used focus of public attention on policies as an opportunity
18 Corrective Actions Outcome Objectives Communications» to the Board of Directors» Informing them of the Detroit Free Press inquiry and the anticipated news article» Conducted a Privacy Summit»Learning and Planning Objectives
19 Corrective Actions Outcome Objectives Compliance Actions and Follow Up Centralized Electronic Access Monitoring and Reporting» Description: System Selection, Purchase Decision and Implementation Timeline» Description: Proactive alert of our designated VIPs» examples: VIP record access or user access to the record of a patient, who has requested Total Privacy Average of 800 per month» Audit Plan to review 8 patients per month
20 Corrective Action Plan Monitoring» The results of the corrective action plan will be monitored in the following ways:» Using the FairWarning System to conduct routine, random reviews of employee access to patient records under the following circumstances:» Patient is a high profile individual (VIP) known to many» Caregiver access of the record of a patient with a surname similar to that of the caregiver» Access of his/her own record» Patient has requested Total Privacy upon registration for services» Random review of patient discharges by application
21 Corrective Action Plan Monitoring continued» Evidence of Privacy related training:» Orientation training rosters» Completion of annual Privacy Test» HIPAA Privacy Complaint Investigation Process» Reporting Structure
22 Lessons Learned» Sent Privacy Reminders as Training» Proficiency training to include acknowledgement of the requirement to report any alleged violations» Audit Plan equaled 1% of Total Privacy Patients (including VIPs)» Final Audit Plan 22% of Total Users 8,000
23 July Audit Totals by System 2009 Audit Totals by System Self-exams Random Audits Number of Audits Tsystem Impax OB tracevue Dolbey Horizon IRHIS Syngo Star System Audited 23
24 Escalating Threats to Patient, Employee & Physician Data 45% of all identity theft relates back to the Healthcare Industry Source: ID Theft Center July 15, Minutes Report: Biggest IRS Scam Around: Identity Source: Sale of Patient Data to Crime Rings Sale of Employee Data to Crime Rings IRS Tax Fraud Sale of Physician Data to Crime Rings Medical & Financial ID Theft Lost laptops, media, paper records Snooping 1 Patient Complaints Pre
25 Scaling a Criminal Enterprise Organized Crime: Taking advantage of healthcare vulnerabilities IRS Tax Fraud Financial Identity Theft
26 Healthcare Fraud and Organized Crime HHS OIG Fraud Fugitive List, Estimated $ 100 B of Fraud / Year 25% use Identity Theft of Patient, Physicians in Fraud Operations OIG Fugitive Profiles at hhs.oig.gov, Stolen Identity with insurance info $20; credit card info $1-2 (Dell SecureWorks), IRS Tax Fraud Identity Theft #1 of Dirty Dozen Dirty Dozen Tax Scams, irs.gov, Healthcare Specific Alerts, irs.gov,
27 In The News - Today HIPAA Audits: A Revised Game Plan More On-site Audits Planned, But All Audits on Hold for Now What it means to you: Anticipate more comprehensive on-site audits Take advantage of delay by closing gaps Customers tell us that FairWarning streamlines your preparation
28 In The News - Today Meaningful Use Auditors Retract $900K Hospital fails to perform mandatory HIPAA Risk Assessment What it means to you: Meaningful Use funds are at risk Zero-tolerance policy for failing to document your security risk assessment This is a clear opportunity to improve your own information security risk posture, but the window is closing
29 OCR HIPAA Audit Findings: Security Area Total Audit Findings and Observations by Area of Focus and Entity Type Contingency Planning & Backups Audit Controls & Monitoring Access Management Lessons Learned from OCR Privacy and Security Audits Program Overview & Initial Analysis, Presentation to IAPP Global Privacy Summit March 7, 2013,
30 Escalating Expertise Required Pre-2009 (HITECH) Global Investigations Partial FTE Expertise Gap -Removal of Harm Standard -New Reporting & Notification Requirements 2013/2014 (Post-HIPAA Omnibus) Security Incident Management Advanced Analytics, Filtering Proactive Alerts Global Investigations Security, Forensics & Compliance Expertise OCR Audit Experience Clinical Data & Workflow Expertise Investigations & Security Skills
31 Collaboration for Patients Sake FairWarning and our customers envision a healthcare industry in which patients confidently share their sensitive medical details to receive the best care possible without regard to privacy concerns.
32 Next Steps ONC Security Risk Assessment Tool For more information, please Managed Privacy Services Advanced Demonstration October 28, 2014 Register Now Are You Ready for Round Two (of HIPAA Compliance Audits)? A pdf copy of this presentation and the embedded links will be distributed after the event
33 Questions? Please submit via the Webex Q&A or Chat windows to the right side of your screen
34 Questions and Answers Kim Roberts, MS, RHIA, CHP Privacy Specialist Sparrow Health System Kurt Long Founder FairWarning, Inc. Mike Nessen Customer Community Manager FairWarning, Inc.
Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation
Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation June 20, 2012 ID Experts Webinar www.idexpertscorp.com Mahmood
More informationPreparing for the upcoming 2016 HIPAA audits: Lessons and examples from past breaches and fines
Preparing for the upcoming 2016 HIPAA audits: Lessons and examples from past breaches and fines 1 Your Presenters Robert Grant Co-Founder and Chief Strategy Officer of Compliancy Group Over 15 years of
More informationHIPAA Training
2011-2012 HIPAA Training New Hire Orientation and General Training 1 This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand
More informationAdvanced HIPAA Communications and University Relations
Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability
More informationCompliance Program Updated August 2017
Compliance Program Updated August 2017 Table of Contents Section I. Purpose of the Compliance Program... 3 Section II. Elements of an Effective Compliance Program... 4 A. Written Policies and Procedures...
More informationHIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology
HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology Publish Date: 1/2/2018 This guide has been created to serve Vail Aspen Breckenridge
More informationMITIGATING BREACH RISK IN AN ERA OF EXPANDING PHI DISCLOSURE POINTS AND REQUESTS FOR HEALTH INFORMATION
MITIGATING BREACH RISK IN AN ERA OF EXPANDING PHI DISCLOSURE POINTS AND REQUESTS FOR HEALTH INFORMATION Authors: Mariela Twiggs, MS, RHIA, CHP, FAHIMA National Director, Training and Compliance for MRO
More informationChapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)
Health Insurance Portability and Accountability Act (HIPAA) of 1996 Chapter 19 Section 3 1.0 BACKGROUND AND APPLICABILITY 1.1 The contractor shall comply with the provisions of the Health Insurance Portability
More informationMeaningful Use Achieving Core Objective #14 Montana HIMMS 2012 Spring Convention
Meaningful Use Achieving Core Objective #14 Montana HIMMS 2012 Spring Convention Presented by John Whalen CISSP, CISA, CRISC Contents Objectives Risk exercise Breaches Meaningful Use What is an assessment?
More informationMCCP Online Orientation
1 Objectives At the conclusion of this presentation, students will be able to: Discuss application of HIPAA to student s role. Describe the federal requirements of the HIPAA/HITECH regulations that protect
More informationHCCA Institute Privacy Officer Round Table Discussion
HCCA Institute Privacy Officer Round Table Discussion Marti Arvin Deann Baker Why We re Here X A facilitated discussion of current issues that Privacy Professionals are dealing with in their day-to-day
More informationWhat is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationPRIVACY BREACH GUIDELINES
PRIVACY BREACH GUIDELINES Purpose The may provide some guidance to government institutions, local authorities, and health information trustees (hereinafter Organizations) in Saskatchewan when a privacy
More informationChapter 9 Legal Aspects of Health Information Management
Chapter 9 Legal Aspects of Health Information Management EXERCISE 9-1 Legal and Regulatory Terms 1. T 2. F 3. F 4. F 5. F EXERCISE 9-2 Maintaining the Patient Record in the Normal Course of Business 1.
More informationWRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS
WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS Jeffrey Staton Attorney at Law Legal Aid Society of Louisville 416 W. Muhammad Ali Blvd., Ste. 300 Louisville, KY 40202 Phone: 502.614.3146 Jstaton@laslou.org
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector. ANN CAVOUKIAN, Ph.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, Ph.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER OF ONTARIO Table of Contents What is a privacy breach?...1
More informationHIPAA THE PRIVACY RULE
HIPAA THE PRIVACY RULE Reviewed December 2012 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2 HISTORY Many
More informationA general review of HIPAA standards and privacy practices 2016
A general review of HIPAA standards and privacy practices 2016 45 CFR, 164 Health Insurance Portability and Accountability Act Treatment, Payment and Healthcare Operations 42 CFR, Part 2, Confidentiality
More informationUpdated FY15 Dignity Health General Compliance Education for Staff Module 2
Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our
More informationINLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS. Our shared commitment to honesty, integrity, transparency and accountability
INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS Our shared commitment to honesty, integrity, transparency and accountability UPDATED: February 2014 TABLE OF CONTENTS Topic Page A. The IEHP
More informationThank you, and enjoy the webinar.
Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that
More informationCompliance Program, Code of Conduct, and HIPAA
Compliance Program, Code of Conduct, and HIPAA Agenda Introduction to Compliance The Compliance Program Code of Conduct Reporting Concerns HIPAA Why have a Compliance Program Procedures to follow applicable
More information2012 Medicare Compliance Plan
2012 Medicare Compliance Plan Document maintained by: Gay Ann Williams Medicare Compliance Officer 1 Compliance Plan Governance The Medicare Compliance Plan is updated annually and is approved by the Boards
More informationGetting Started with OIG Compliance
Getting Started with OIG Compliance Kathy Mills Chang, MCS-P CCPC Do You Feel Like This? Or This? Does Your Business Deserve the Same Focus Your Patients Do? How This Training Will Protect You! Stay within
More informationLast Chance to Review Your Security Risk Analysis
Learning Forum Fridays Countdown to MIPS Data Submission Webinar Series Last Chance to Review Your Security Risk Analysis Emilie Sundie, MSCIS, PMP, CPHIMS Director, Health IT Services Kari Vanderslice,
More informationReporting a Privacy Breach to the Commissioner
SEPTEMBER 2017 Reporting a Privacy Breach to the Commissioner GUIDELINES FOR THE HEALTH SECTOR To strengthen the privacy protection of personal health information, the Ontario government has amended the
More informationDO ASK BUT DON T TELL HIPAA PRIVACY RULE
DO ASK BUT DON T TELL HIPAA PRIVACY RULE HITECH/OMNIBUS FINAL RULE HIPAA enacted in 1996; compliance required April 14, 2003 for the Privacy Rule and April 21, 2005 for the Security Rule surrounding electronic
More informationPRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch
Ministry of Justice Access and Privacy Branch December 2015 Table of Contents December 2015 What is a privacy breach? 3 Preventing privacy breaches 3 Responding to privacy breaches 4 Step 1 Contain the
More informationPREA AUDIT REPORT INTERIM FINAL COMMUNITY CONFINEMENT FACILITIES. Community treatment center Halfway house Alcohol or drug rehabilitation center
PREA AUDIT REPORT INTERIM FINAL COMMUNITY CONFINEMENT FACILITIES Auditor Information Auditor name: Address: Email: Telephone number: Date of facility visit: Facility Information Facility name: Facility
More informationHIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance
HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both
More informationInterim Final COMMUNITY CONFINEMENT FACILITIES-City of Faith- Little Rock, Ark. Date of report: July 11, 2015
PREA AUDIT REPORT Interim Final COMMUNITY CONFINEMENT FACILITIES-City of Faith- Little Rock, Ark Date of report: July 11, 2015 Auditor Information Auditor name: Michele Dauzat Address: 17321 Highway 80
More informationBOARD OF COOPERATIVE EDUCATIONAL SERVICES SOLE SUPERVISORY DISTRICT FRANKLIN-ESSEX-HAMILTON COUNTIES MEDICAID COMPLIANCE PROGRAM CODE OF CONDUCT
BOARD OF COOPERATIVE EDUCATIONAL SERVICES SOLE SUPERVISORY DISTRICT FRANKLIN-ESSEX-HAMILTON COUNTIES MEDICAID COMPLIANCE PROGRAM CODE OF CONDUCT Adopted April 22, 2010 BOARD OF COOPERATIVE EDUCATIONAL
More informationPREA AUDIT REPORT INTERIM FINAL ADULT PRISONS & JAILS
PREA AUDIT REPORT INTERIM FINAL ADULT PRISONS & JAILS Auditor Information Auditor name: Address: Email: Telephone number: Date of facility visit: Facility Information Facility name: Facility physical address:
More informationBig Brother Meets Joe Friday. Sutter Health Facts
Big Brother Meets Joe Friday Presented by: Christine Jensen, Privacy Investigation Manager Brian Callihan, Director of Special Projects Tuesday April 19, 2016 2:30 p.m. Sutter Health Facts Physicians (Members
More informationTitle: HIPAA PRIVACY ADMINISTRATIVE
Administrative-HIPAA Privacy Title: HIPAA PRIVACY ADMINISTRATIVE Scope: All MultiCare Health System (MHS) workforce members, which includes but not limited to, employees, residents, students, volunteers
More informationPOTENTIAL LIABILITY: PATIENT HEALTH INFORMATION PORTALS
POTENTIAL LIABILITY: PATIENT HEALTH INFORMATION PORTALS Jeanne M. Born, RN, JD 22 JANUARY 2015 Jborn@nexsenpruet.com Medical Record Information: Ownership and Patient Rights The physician owns the physician
More informationMandatory Reporting and Breach Notification Changes to PHIPA and what you need to know
Mandatory Reporting and Breach Notification Changes to PHIPA and what you need to know 1 Sarah Yun Associate Overview of amendment to O. Reg. 329/04 and What you need to know Brian Beamish Information
More informationBreach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook
Breach Reporting and Safeguarding PHI Outpatient Services August, 2012 UAMS HIPAA Office Anita Westbrook Breaches and Breach Reporting Real Life Example An employee of a large hospital accidentally left
More informationMEANINGFUL USE & RISK ASSESSMENT
MEANINGFUL USE & RISK ASSESSMENT Montana HIMSS 2013 Spring Convention Presented by John Whalen CISSP, CISA, CRISC Contents 1. What are we protecting? 2. In what ways are protecting it? 3. What is Meaningful
More informationUSES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY
Page Number 1 of 8 TITLE: PURPOSE: USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY To assure that individually identifiable health information contained in any University Health
More informationDelegation Oversight 2016 Audit Tool Credentialing and Recredentialing
Att CRE - 216 Delegation Oversight 216 Audit Tool Review Date: A B C D E F 1 2 C3 R3 4 5 N/A N/A 6 7 8 9 N/A N/A AUDIT RESULTS CREDENTIALING ASSESSMENT ELEMENT COMPLIANCE SCORE CARD Medi-Cal Elements Medi-Cal
More informationHIPAA Privacy Training for Non-Clinical Workforce
Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA)
More information2018 Employee HIPAA Orientation (EHO) Handbook
2018 Employee HIPAA Orientation (EHO) Handbook Using EHO The material in this booklet is designed to provide newly hired employees with an understanding of HIPAA s regulations and their impact on the employee
More informationMedical Privacy and Business Process Design
Stanford Computer Forum March 17, 2008 Medical Privacy and Business Process Design John C Mitchell Stanford Motivating examples Vanderbilt Hospital Patient Portal Messaging system that route requests,
More informationNotice of Privacy Practices for Protected Health Information (PHI)
Notice of Privacy Practices for Protected Health Information (PHI) Dermatology Associates of Colorado, PC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationInvestigation Report H2017-IR-02 Investigation into multiple alleged unauthorized accesses of health information at South Health Campus
Investigation Report H2017-IR-02 Investigation into multiple alleged unauthorized accesses of health information at South Health Campus November 29, 2017 Alberta Health Services Investigation 001548 Table
More informationPrivacy and Security Compliance: The. Date Presenter Name of Member Organization
Privacy and Security Compliance: The Basics Date Presenter Name of Member Organization Privacy and Security Compliance: The Context for What We Do Privacy and Security compliance within (your office) is
More informationPREA AUDIT: AUDITOR S SUMMARY REPORT 1 COMMUNITY CONFINEMENT FACILITIES
PREA AUDIT: AUDITOR S SUMMARY REPORT COMMUNITY CONFINEMENT FACILITIES Name of facility: OhioLink-Lima Physical address: 517 S. Main Street, Lima, Ohio 45801 Date report submitted: Auditor Information Address:
More informationFCSRMC 2017 HIPAA PRESENTATION
FCSRMC 2017 HIPAA PRESENTATION BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international
More informationDate of Review: N/A Original Date: September 30, Subject: Policy Protecting Competitively Sensitive Information
Regional Home Health and Hospice Policy No: Date of Review: N/A Original Date: September 30, 2013 Approved: Subject: Policy Protecting Competitively Sensitive Information I. Scope Regional Home Health
More informationSUMMARY OF NOTICE OF PRIVACY PRACTICES
LAKE REGIONAL MEDICAL GROUP 54 HOSPITAL DRIVE OSAGE BEACH, MO 65065 SUMMARY OF NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
More informationA Deep Dive into the Privacy Landscape
A Deep Dive into the Privacy Landscape David Goodis Assistant Commissioner Information and Privacy Commissioner of Ontario Canadian Institute Advertising & Marketing Law January 22, 2018 Who is the Information
More informationALABAMA DEPARTMENT OF MENTAL HEALTH BEHAVIOR ANALYST LICENSING BOARD DIVISION OF DEVELOPMENTAL DISABILITIES ADMINISTRATIVE CODE
ALABAMA DEPARTMENT OF MENTAL HEALTH BEHAVIOR ANALYST LICENSING BOARD DIVISION OF DEVELOPMENTAL DISABILITIES ADMINISTRATIVE CODE CHAPTER 580-5-30B BEHAVIOR ANALYST LICENSING TABLE OF CONTENTS 580-5-30B-.01
More informationA self-assessment for GxP and HIPAA concerns
WHITE PAPER IS YOUR ORGANIZATION AT RISK? A self-assessment for GxP and HIPAA concerns MDDX RESEARCH & INFORMATICS 58 California St, Floor 6 San Francisco, California 9 T (8) -MDDX F (866) 8-696 info@mddx.com
More informationProtecting Health Information: Health Data Security Training
Protecting Health Information: Health Data Security Training How to secure patient information and manage your obligations under HIPAA, the HITECH Act and other federal and state data privacy and security
More informationWilliamson County EMS (WCEMS) HIPAA Training for Third Out Riders
Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders Training Statement: This training program is designed to educate you on WCEMS legal requirements to protect our patients rights and confidentiality,
More informationIt defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.
Office of Compliance Programs Revised: July 18, 2017 HIPAA Privacy HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all
More informationSpecialized Training: Investigating Sexual Abuse in Correctional Settings Notification of Curriculum Utilization December 2013
Specialized Training: Investigating Sexual Abuse in Correctional Settings Notification of Curriculum Utilization December 2013 The enclosed Specialized Training: Investigating Sexual Abuse in Correctional
More informationCompliance Plan. Table of Contents. Introduction... 3
Compliance Plan Compliance Plan Table of Contents Introduction... 3 Administrative Structure... 4 A. CorporateCompliance Officer... 4 B. Compliance Committee... 5 C. Hospital Compliance Officer Communications...
More informationMandatory Reporting A process
Mandatory Reporting A process guide for employers, facility operators and nurses Table of Contents Introduction.... 3 What is the purpose of mandatory reporting?... 3 What does the College do when it receives
More informationNOTICE OF PRIVACY PRACTICES FOR MAYO CLINIC ARIZONA
NOTICE OF PRIVACY PRACTICES FOR MAYO CLINIC ARIZONA THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationSouthwest Acupuncture College /PWFNCFS
Southwest Acupuncture College /PWFNCFS This replaces policies in the catalogue and any other documents to date. Boulder Santa Fe TABLE OF CONTENTS STATEMENT OF PURPOSE... 1 I. RIGHT TO A NOTICE OF PRIVACY
More informationHealth Information Privacy Policies and Procedures
University of the Pacific Arthur A. Dugoni School of Dentistry Health Information Privacy Policies and s These Health Information Privacy Policies & s implement our obligations to protect the privacy of
More informationThe Board s position applies to all nurse license holders and applicants for licensure.
Disciplinary Sanctions for Lying and Falsification The Texas Board of Nursing (Board), in keeping with its mission to protect the public health, safety, and welfare, believes it is important to take a
More informationJOHNS HOPKINS HEALTHCARE
Page 1 of 5 ACTION Revised Policy Superseding Policy Number: Repealing Policy Number: POLICY: 1. Johns Hopkins HealthCare LLC (JHHC) ensures that individual/ organizational practitioners continue to meet
More informationEMPOWERING THE NEW HEATHCARE ERA
EMPOWERING THE NEW HEATHCARE ERA THE NJ/DV HIMSS REGIONAL MEETING NOVEMBER 12 14, 2014 BALLY S HOTEL & CASINO ATLANTIC CITY, NJ. Ensuring Privacy and Security of Health information Exchange in Pennsylvania
More informationCompliance Round-Up. March 11, 2014
Compliance Round-Up March 11, 2014 Medicare Billing Settlement, HIPAA Guidance Mental Health Information, HIPAA Settlement, Two Midnight Rule Legislation, HCFAC Report, Halifax Settlement 1 Faculty Brian
More informationAGENDA. 10:45 a.m. CT Attendees Sign On 11:00 a.m. CT Webinar 11:50 a.m. CT Questions and Answers
AGENDA 10:45 a.m. CT Attendees Sign On 11:00 a.m. CT Webinar 11:50 a.m. CT Questions and Answers Asking Questions Throughout the webinar, type your questions using the "send note" button at the top of
More informationYour Role in Protecting Patient Privacy 2018
Your Role in Protecting Patient Privacy 2018 1 Training Focus This training will focus on what responsibilities you have in order to ensure that both you and our organization are in compliance with state
More informationHIT Usability and Data Breaches. Ritu Agarwal University of Maryland
HIT Usability and Data Breaches Ritu Agarwal University of Maryland Digital Vulnerabilities Private medical data for 20,000 emergency room patients at Stanford Hospital exposed to the public for nearly
More informationRESPONDING TO PATIENT COMPLAINTS AND OTHER PRIVACY-RELATED COMPLAINTS
PRIVACY 22.0 RESPONDING TO PATIENT COMPLAINTS AND OTHER PRIVACY-RELATED COMPLAINTS Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and
More informationSecurity and Privacy Practices for Electronic Health Records. Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT
Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT Intermountain Healthcare Formed 1975 Not-for-profit Integrated system
More informationCode of Conduct Effective October 19, 2017
Code of Conduct Effective October 19, 2017 A message from the CEO: Our patients and the communities we serve rely on us for quality care and trust us to demonstrate integrity in everything we do. We strive
More informationEXAMINATION OF BRITISH COLUMBIA HEALTH AUTHORITY PRIVACY BREACH MANAGEMENT
EXAMINATION OF BRITISH COLUMBIA HEALTH AUTHORITY PRIVACY BREACH MANAGEMENT Elizabeth Denham Information and Privacy Commissioner September 30, 2015 CanLII Cite: 2015 BCIPC No. 66 Quicklaw Cite: [2015]
More informationHealth Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living
Health Information Exchange 101 Your Introduction to HIE and It s Relevance to Senior Living Objectives for Today Provide an introduction to Health Information Exchange Define a Health Information Exchange
More informationSession Number G24 Responding to a Data Breach and Its Impact. Karen Johnson Chief Deputy Director California Department of Health Care Services
Session Number G24 Responding to a Data Breach and Its Impact Karen Johnson Chief Deputy Director California Department of Health Care Services 1 Outline PCI and PCH Breach Incident Incident Response Lessons
More informationAdvanced Oral & Maxillofacial Surgery, Ltd. NOTICE OF PRIVACY PRACTICES
Advanced Oral & Maxillofacial Surgery, Ltd. NOTICE OF PRIVACY PRACTICES This notice describes how health information about you may be used and disclosed and how you can get access to this information.
More informationThe Joint Legislative Audit Committee requested that we
DEPARTMENT OF SOCIAL SERVICES Continuing Weaknesses in the Department s Community Care Licensing Programs May Put the Health and Safety of Vulnerable Clients at Risk REPORT NUMBER 2002-114, AUGUST 2003
More informationEstablishing and Implementing a Process to Investigate and Resolve Privacy Breaches and Complaints
Establishing and Implementing a Process to Investigate and Resolve Privacy Breaches and Complaints Barbara Seitz, RHIA Privacy Officer/Director of HIM South Peninsula Hospital Homer, AK Becky Buegel, RHIA
More informationDavid Behinfar, JD, LLM, CHC, CIPP University of Florida College of Medicine Jacksonville UF Privacy Manager (904)
David Behinfar, JD, LLM, CHC, CIPP University of Florida College of Medicine Jacksonville UF Privacy Manager (904) 244 6229 david.behinfar@jax.ufl.edu 1 Presentation Summary High level Summary of the federal
More informationBreach Risk in Release of Information. Don t Leave Risk to Chance Key trends impacting healthcare providers
Breach Risk in Release of Information Don t Leave Risk to Chance Key trends impacting healthcare providers INTRODUCTION Privacy and security within a healthcare enterprise are topics often on the minds
More informationCOMPLIANCE ROUND-UP. December 13, Aegis Compliance & Ethics Center, LLP 1
COMPLIANCE ROUND-UP December 13, 2011 2011 Aegis Compliance & Ethics Center, LLP 1 Today s Faculty Brian Annulis, JD, CHC Partner, Meade & Roach, LLP 773.907.8343 bannulis@meaderoach.com Ryan Meade, JD,
More informationThe Intersection of Health Care Fraud and Patient Safety
The Intersection of Health Care Fraud and Patient Safety Anthony Baize, Inspector General January 16, 2018 Wisconsin Department of Health Services Office of the Inspector General Overview The Wisconsin
More informationFINANCIAL PLANNING STANDARDS COUNCIL 2017 ENFORCEMENT AND DISCIPLINARY REVIEW REPORT
FINANCIAL PLANNING STANDARDS COUNCIL 2017 ENFORCEMENT AND DISCIPLINARY REVIEW REPORT Table of Contents Financial Planning Standards Council 3 Obtaining Certification with FPSC 4 Profile of the Profession
More informationWhat is Social Networking?
Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics
More informationWhat is Social Networking?
Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics
More informationProposed Fraud & Abuse Rule Implementing ACA Provisions. Ivy Baer October 26, 2010
Proposed Fraud & Abuse Rule Implementing ACA Provisions Ivy Baer ibaer@aamc.org 202-828-0499 October 26, 2010 Comments Due November 16, 2010 To submit: Refer to: CMS-6028-P http://www.regulations.gov 2
More informationAppendix E Checklist for Campus Safety and Security Compliance
Checklist for Campus Safety and Security Compliance The Handbook for Campus Safety and Security Reporting 267 This page intentionally left blank. Checklist for the Various Components of Campus Safety and
More informationPrivacy & Security: What You Need to Know
Privacy & Security: What You Need to Know DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationHIPAA Health Insurance Portability and Accountability Act of 1996
HIPAA Health Insurance Portability and Accountability Act of 1996 Protected Health Information (PHI) Covers patient information in any form written, verbal, or electronic PHI Includes Any information that
More informationCurrent Status: Active PolicyStat ID: COPY CONTRACTOR, MEDICAL STAFF, REFERRAL SOURCE AND EMPLOYEE SCREENING POLICY
Current Status: Active PolicyStat ID: 4305040 Origination: 01/2015 Last Approved: 11/2017 Last Revised: 11/2017 Next Review: 11/2018 Owner: Julie Groves: Compliance Office Policy Area: Compliance References:
More informationStatus Check On Health IT
Status Check On Health IT CTHIMA Annual Conference September 17, 2017 Slides Prepared by Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 The Future Of Healthcare And Health IT Are Not
More informationALLINA HOSPITALS & CLINICS IDENTITY THEFT INVESTIGATION PROTOCOL CHECKLIST
ALLINA HOSPITALS & CLINICS IDENTITY THEFT INVESTIGATION PROTOCOL CHECKLIST I. Intake! Each site must identify a Designated Lead - security lead at the facility OR, if there is no security lead, the facility
More informationVisiting Celebrities, VIPs and other Official Visitors
Visiting Celebrities, VIPs and other Official Visitors Who Should Read This Policy Target Audience Healthcare Professionals Executive Team Version 1.0 May 2016 Ref. Contents Page 1.0 Introduction 4 2.0
More informationA 12-Step Program to Better Compliance: A Practical Approach
A 12-Step Program to Better Compliance: A Practical Approach Kim Harvey Looney Anna M. Grizzle 615.850.8722 615.742.7732 kim.looney@wallerlaw.com agrizzle@bassberry.com 11389849 Strict Government Compliance
More informationLearning Objectives. The EMTALA Framework. EMTALA Update: Challenges in Community and Specialty Hospitals. Originally known as Anti-Dumping Law
EMTALA Update: Challenges in Community and Specialty Hospitals Presented by Jan Corcoran, RN, BS, CEN Divisional Director of Clinical Services Learning Objectives 1) Describe the definition and history
More informationAnti-Fraud Plan Scripps Health Plan Services, Inc.
2015 Scripps Health Plan Services, Inc. 2015 Scripps Health Plan Services, Inc. Linda Pantovic, LVN Director Compliance & Performance Improvement Scripps Health Plan Services, Inc. 1/1/2015 Table of Contents
More informationNational Policy Library Document
Page 1 of 11 National Policy Library Document Policy Name: Medicare Programs: Compliance Element VII Prompt Response to Detected Offenses Policy No.: EJ44-83932 Policy Author: Author Title: Author Department:
More informationSEXUAL ABUSE PREVENTION PROGRAM
SEXUAL ABUSE PREVENTION PROGRAM 5060-3080 Yonge Street, Box 71 Toronto, Ontario M4N 3N1 416-975-5347 1-800-993-9459 www.caslpo.com Revised: March 2013 Reformatted: November 2014 SUMMARY This This Sexual
More informationKentucky National Background Check Program Webinar for BHDID
Kentucky National Background Check Program Webinar for BHDID Office of the Inspector General KARES Helpdesk Team Regulation Status On March 15, 2016, the withdrew Kentucky s National Background Check Program
More information