FCSRMC 2017 HIPAA PRESENTATION
|
|
- Amice Wilcox
- 6 years ago
- Views:
Transcription
1 FCSRMC 2017 HIPAA PRESENTATION BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. Page 1
2 What is HIPAA? HIPAA stands for: Health Insurance Portability and Accountability Act (HIPAA) August 1996: Federal law enacted April 2001: Privacy Rule February 2010: HITECH Act March 2013: HIPAA Omnibus (Final) Rule Page 2
3 HIPAA s Privacy Rule: HIPAA Privacy Rule Addresses the use and disclosure of an individual s health information regardless of how it is communicated (electronically, verbally, or written). Establishes standards for an individual to understand and control how their health information is used. Assures that health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public s health and well being. Page 3
4 Covered Entity (CE) A Covered Entity includes a health plan or payor, a healthcare clearinghouse, and all healthcare providers who transmit any healthcare information in electronic form (including telephones, fax machines and computers). Examples: Physician Practices Dentists Hospitals Diagnostic Services (lab, radiology) Nursing Homes Pharmacies Home Health Agencies Health Plans Page 4
5 Covered Entity (CE) FCSRMC is considered a Covered Entity and it s member colleges act as the plan sponsor. A covered health plan includes a group health plan, which is defined as an employee welfare benefit plan under ERISA. This may include: hospital and medical benefit plans dental plans vision plans health flexible spending accounts employee assistance plans Page 5
6 Business Associate A Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) on behalf of, or provides services to, a Covered Entity. Examples include vendors, contractors and subcontractors such as: Billing Company Transcription Service Practice Management System Document Storage Company Collection Agency Attorney Accountant Consultant EMR/EHR System I.T. Vendor Business Associates are accountable for protecting the privacy/security of PHI and are directly liable for criminal and civil penalties for violations. Page 6
7 Protected Health Information (PHI) Protected Health Information (PHI) is: * individually identifiable health information that has been transmitted or maintained in any medium (paper, verbal, electronic). * created or received by the organization, relates to the health of an individual or payment for health services, and identifies the individual. Employee Name Medical Record Number Complete Address Certificate/License Number All Elements of Dates Vehicle Identifiers (License Plate Number) Telephone Numbers IP Address Fax Numbers Biometric Identifiers (voice and fingerprint) Address Full Face Photographic Images Social Security Number Any Other Unique Identifying Number/ Code Health Plan Beneficiary Number Account Numbers Page 7
8 De-Identified Health Information De-identified health information refers to patient information that cannot be used to identify an individual. City, state, zip code of patient s address Patient s date of birth Patient s date of death Uses: Research (market analysis) Public Health purposes Quality Improvement activities Health care operations within a pharmacy or clinic practice Page 8
9 Privacy Notice A summary of the Privacy Notice that is brief and written in plain language will be provided to the employee. It will: State how PHI will be used and disclosed Include the individual s privacy rights, date, and their signature or signature of their representative Refer individual to review the organization's Notice of Privacy Practices The Privacy Notice should be provided by the Group s Health Plan TPA (Florida Blue) to the Group Health Plan participants (FCSRMC). Page 9
10 Consent and Authorization Covered Entities cannot share PHI without the individual's awareness of their privacy rights. To use and disclose PHI for purposes other than treatment, payment and health operation purposes, Covered Entities must obtain a standard consent or authorization with a few exceptions. Consent can be revoked by an employee/individual (patient) in writing. It is the policy of FCSRMC and it s member colleges that individuals have a right to request that no disclosure be made of PHI. FCSRMC or it s member colleges is not obligated to grant the request. Page 10
11 When Consent and Authorization is NOT Required Permitted PHI disclosures without an authorization: Treatment - Disclosures between Covered Entities (such as other healthcare providers) involved in the patient care, information to/from pharmacy or diagnostic center Payment Disclosure regarding balance to patient, all information needed by the health plan, information to collection agencies Health Operations Fraud/abuse detection, compliance programs, government inspections, training new employees, competency assessments, business management activities, quality improvement activities Public health activities Victims of abuse, neglect or domestic violence Law enforcement purposes To comply with Workers Compensation To avoid serious threat to health or safety Page 11
12 When Consent and Authorization IS Required An authorization is required for: o o o o Use and disclose PHI for purposes other than treatment, payment and health operation purposes Releasing psychotherapy notes Marketing, research, sale of PHI, and fundraising Releasing PHI to the patient s employer An authorization must include: Description of the information to be disclosed Names of persons to whom the information is to be given Purpose of the disclosure An expiration date for the use of the information Page 12
13 Court Orders and Subpoenas A covered health care provider or health plan may disclose PHI required by a court order, including the order of an administrative tribunal. However, the provider or plan may only disclose the information specifically described in the order. A subpoena issued by someone other than a judge, such as a court clerk or an attorney in a case, is different from a court order. A covered provider or plan may disclose information to a party issuing a subpoena if the employee has signed a HIPAA authorization form specifically releasing the information or if they receive evidence that reasonable efforts were made to either: Notify the person who is the subject of the information about the request so the person has a chance to object to the disclosure; Or to seek a qualified protective order for the information from the court. Page 13
14 Individual s Rights Right to Restrict Disclosures Right of Access Right to Amendment Right to Accounting Disclosures Requests for the above should be directed to, and processed by, the Group s Health Plan TPA. Page 14
15 Individual s Rights Staff can file a written complaint if they believe their privacy has been violated. Complaints should be directed to the college s privacy contact, and any intimidating or retaliatory acts are prohibited. It is important for staff to know that their PHI is safeguarded to protect PHI from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule. Page 15
16 Minimum Necessary Minimum Necessary is limiting the amount of PHI that is used (within the facility) or disclosed (outside of the facility) to the least amount of information possible to accomplish the intended purpose. Your facility should evaluate who should be accessing PHI (documented in job descriptions). Only staff who need access to PHI to perform their job duties should be granted access to these areas (a unique sign-on and password, access to paper files, etc.). Minimum Necessary does not apply to requests/disclosures to the staff or another healthcare provider for treatment purposes. Page 16
17 Medical Information Personnel Records In accordance with Section , Florida Statutes, Drug-Free Workplace Act), drug screen results are confidential and exempt from disclosure under the public records law. The Americans with Disabilities Act (ADA) and HIPAA require that all medical documents be filed separately from personnel records. Medical information should be kept confidential and away from personnel records even if the company does not fall under ADA or HIPAA regulations. Medical paperwork that should be filed separately includes the following: Reports from pre-employment physicals Drug and alcohol testing results Workers' compensation paperwork Medical leave of absence forms Disability paperwork Insurance applications that reveal pre-existing conditions Anything that identifies a medical issue Page 17
18 HIPAA Privacy Vs. Security Rules Privacy Rule Security Rule Sets standards for who needs access to PHI Ensures access is only given to those who need it to perform their job Applies to all forms of PHI (electronic, written, oral) Only applies to electronic forms of PHI Page 18
19 HIPAA Security Rule Security encompasses the measures organizations must take to protect information within their possession from internal and external threats. Page 19
20 Administrative Safeguards Establish HIPAA policies/procedures Provide security awareness and reminders to staff Perform a risk analysis to determine where you might be vulnerable to a breach Have a Disaster Recovery Plan in case of emergency Implement sanctions and terminations for staff who breach PHI Management passwords, including disabling access upon termination Appoint a Privacy/Compliance Officer and Security Official Implement Business Associate Agreements for all vendors who access PHI Page 20
21 Physical Safeguards Design a contingency operations plan when data is temporarily unavailable Implement a security plan for facility (door locks, electronic access controls, video monitoring) Install password protection on monitors Ensure monitors are not facing public areas Password protect thumb drives and documents containing PHI (Word, Excel, etc.) Properly dispose of devices (hard drives, copiers, fax machines, scanners) Page 21
22 Only use certified software systems Technical Safeguards Use data encryption/decryption on all devices (laptops, cell phones) Install firewalls and antivirus software Assign unique sign-on and passwords to software containing PHI Utilize integrity controls to ensure PHI has not been tampered with or destroyed Implement automatic log-off after system has been idle Back up data daily Continually monitor and audit system to ensure the system has not been hacked or compromised Page 22
23 Tips for Cybersecurity Protect mobile devices with passwords Maintain good computer habits unique sign-ons and passwords, automatic log off while idle, encryption, screen protectors Use a Firewall and install anti-virus software Control access to PHI only give access to those who need it to perform their job duties Use strong passwords and change them regularly s containing PHI should be sent as an encrypted file Control physical access (buildings, offices, servers, computers, fax machines) Page 23
24 Malware Malware Malware is malicious software that is specifically designed to gain access or damage a computer without the knowledge of the owner. Malware includes: Adware profit through forced advertising Spyware stealing sensitive information Spam unsolicited bulk messages sent through with commercial, fraudulent or malicious intent Ransomware extorting money by locking down computer until ransom is paid The best protection from malware is to be careful when opening attachments, to be cautious when going to sites on the internet, and to install/maintain an updated, quality antivirus program. Page 24
25 Staff Training Employers are required to provide privacy and security training to staff and to provide periodic security reminders. Security reminders include: How to maintain security, including the need for strong passwords Specific threats to PHI that have been identified such as viruses PHI access restrictions Changes in policies/procedures concerning HIPAA regulations Procedures to follow for modifying access to PHI How to report security breaches and to whom Page 25
26 Enforcement of HIPAA Compliance The Office of Civil Rights (OCR) has been assigned the authority to enforce the Privacy Rule. The OCR has several responsibilities: Investigating complaints it receives from individuals who believe that a Covered Entity is not complying with HIPAA privacy requirements Providing Covered Entities with assistance in order to achieve compliance Making determinations regarding exceptions to state law preemption. Any person or organization can file a complaint with OCR, but complaints typically must be filed within 180 days of the occurrence of an action in violation of the Privacy Rule. Page 26
27 Threats to Your PHI and Your Organization Employees Loss/Theft of Unsecured Devices Visitors Improper Use or Disposal Business Associates Hackers, Criminals Page 27
28 Breach of PHI A breach is: The acquisition, access, use, or disclosure of PHI which compromises the security or privacy of the PHI. Any unauthorized use or disclosure of unsecured PHI unless there is a low probability that the PHI has been compromised. More than 171 million people have been affected by HIPAA security breaches 144,622 patient complaints have been filed with the Office of Civil Rights (OCR) 35,741 cases have been investigated by the OCR. 69% required action by the Covered Entity. Page 28
29 Breach of PHI Healthcare Provider, 19% ENTITY Business Associate, 17% Health Plan, 64% Page 29
30 Breach of PHI TYPE 75% 14% 1% 5% 2% 4% Hacking/IT Improper Disposal Loss Other Theft Unauthorized Access/Disclosure Page 30
31 Breach of PHI Source NETWORK SERVER 76% OTHER 7% DESKTOP COMPUTER 6% LAPTOP 4% ELECTRONIC MEDICAL RECORD 4% PAPER/FILMS 2% PORTABLE ELECTRONIC DEVICE 1% 1% 0% 10% 20% 30% 40% 50% 60% 70% 80% Page 31
32 Penalties under HIPAA $100 - $50,000/violation CE or BA did not know they had violated the law $1,000 - $50,000/violation Violation due to reasonable cause and not willful neglect $10,000 - $50,000/violation and up to 5 years imprisonment Violation due to willful neglect but was corrected $50,000/violation and up to 10 years imprisonment Violation due to willful neglect and was not corrected Page 32
33 H I P A A B R E A C H E S Cignet Health $4,300,000 fine Violated patients rights by denying them access to their medical records when they requested them CVS Pharmacy $2,250,000 fine Disposal of Protected Health Information in dumpsters Stanford Hospitals & Clinics $4,000,000 fine Data from 20,000 patient records were found posted online University of Washington $750,000 fine PHI of 90,000 people was accessed after employee downloaded an attachment containing malware New York and Presbyterian Hospital $3,300,000 fine Disclosure of 6,800 individual records on unsecured server Affinity Health Plan $1,215,780 fine Returned leased copiers without first erasing data contained on the hard drives Concentra Health Services $1,725,000 fine One unencrypted laptop was stolen Wellpoint $1,700,000 fine Technical safeguards were not in place to verify the entities accessing its database containing PHI Page 33
34 Sanctions Policy All workforce members must protect the confidentiality, integrity, and availability of sensitive information at all times. FCSRMC will take appropriate disciplinary action against employees, contractors, or any individuals who violate the information security and privacy policies or state, or federal confidentiality laws or regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA). FCSRMC will impose sanctions on any individual who accesses, uses, or discloses sensitive information without proper authorization. Sanctions may include: Page 34 policy changes personnel changes transfer to another department retraining written reprimands suspension termination
35 Document Retention Maintain the following documentation for six years, unless a longer period applies: All policies and procedures Business Associate Agreements Signed Acknowledgement of Privacy Policies Authorization forms Notices and amended notices Training of employees Patient/employee complaints and their disposition (this must be documented on the complaint form and forwarded to FCSRMC) Page 35
36 Key Points Provide initial training at hire and annually thereafter. Use the group attendance log as documentation. Maintain a separate employee health file. Keep all protected information in a limited access area and under lock and key. Page 36
37 Key Points Ensure staff know who the Privacy Contact and Security Officer is for their location Identify systems/areas that have covered data (paper and electronic) Secure your PHI (paper and electronic) Ensure your HIPAA policies and procedures are updated and that the location is known by all applicable staff Assign internal roles and responsibilities Encrypt data at rest and/or in transit, including attachments to s Install and update (when necessary) appropriate malware and antivirus software Contact the Security Official prior to downloading software Page 37
38 How Can Staff Help? Do not write password where others can see it and do not share with anyone Use workstations properly position computers so others cannot see screen Know FCSRMC s policies and procedures, including Sanctions policy Don t leave information open and unattended Don t discuss confidential employee information with unauthorized individuals Lock computer, desk and file cabinets when you leave Use the shredder when destroying information Prevent malware infection on your computer by not downloading and installing anything you do not understand or trust, no matter how tempting (includes other websites, s, physical media, pop-up windows, other software, file-sharing) Report problems to the Privacy Contact at your facility Page 38
39 Questions? Carol Crews, CMPE, CPMA, OHCC Sr. Manager, Healthcare Advisory BDO USA (904) Page 39
40 References More detailed information can be found at the following resources: U.S. Department of Health and Human Resources. 45 CFR Parts 160 and 164. Federal Register cementrule/enfifr.pdf U.S. Department of Health and Human Services, Office for Civil Rights dentities/provider_ffg.pdf Centers for Medicare & Medicaid Services, Office of E- Health Standards and Services. cmscompliancerev08.pdf U.S. Department of Health and Human Services. tyrule Page 40
Chapter 9 Legal Aspects of Health Information Management
Chapter 9 Legal Aspects of Health Information Management EXERCISE 9-1 Legal and Regulatory Terms 1. T 2. F 3. F 4. F 5. F EXERCISE 9-2 Maintaining the Patient Record in the Normal Course of Business 1.
More informationHealth Information Privacy Policies and Procedures
University of the Pacific Arthur A. Dugoni School of Dentistry Health Information Privacy Policies and s These Health Information Privacy Policies & s implement our obligations to protect the privacy of
More informationHIPAA Education Program
HIPAA Education Program 2017-2018 Assurance and Compliance Services HIPAA Training Requirement This HIPAA Training Program is intended for and will satisfy the training requirement for the: Mount Sinai
More informationA general review of HIPAA standards and privacy practices 2016
A general review of HIPAA standards and privacy practices 2016 45 CFR, 164 Health Insurance Portability and Accountability Act Treatment, Payment and Healthcare Operations 42 CFR, Part 2, Confidentiality
More informationHIPAA PRIVACY TRAINING
HIPAA PRIVACY TRAINING HIPAA Privacy Training Objective Present a general overview of HIPAA and define important terms Understand the purpose of HIPAA and the Privacy Rule Understand the term Protected
More informationCLINICIAN S GUIDE TO HIPAA PRIVACY
CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,
More informationPatient Privacy Requirements Beyond HIPAA
Patient Privacy Requirements Beyond HIPAA Jane Hyatt Thorpe, J.D. School of Public Health and Health Services George Washington University Carrie Bill, J.D. Feldesman Tucker Leifer Fidell LLP The George
More information2018 Employee HIPAA Orientation (EHO) Handbook
2018 Employee HIPAA Orientation (EHO) Handbook Using EHO The material in this booklet is designed to provide newly hired employees with an understanding of HIPAA s regulations and their impact on the employee
More informationAdvanced HIPAA Communications and University Relations
Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability
More informationWhat is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationInformation Privacy and Security
Information Privacy and Security 2015 Purpose of HIPAA HIPAA stands for the Health Insurance Portability and Accountability Act. Its purpose is to establish nationwide protection of patient confidentiality,
More informationPRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
PRIVACY POLICY As of April 14, 2003, the Federal regulation on patient information privacy, known as the Health Insurance Portability and Accountability Act (HIPAA), requires that we provide (in writing)
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: 2013 Wisconsin Dental Association (800) 243-4675 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationHIPAA Policies and Procedures Manual
UNIVERSITY of NORTH CAROLINA at CHAPEL HILL SCHOOL of NURSING HIPAA Policies and Procedures Manual November 2015 1 Table of Contents I. INTRODUCTION... 3 A. GENERAL POLICY... 3 B. SCOPE... 3 II. DEFINITIONS...
More informationMCCP Online Orientation
1 Objectives At the conclusion of this presentation, students will be able to: Discuss application of HIPAA to student s role. Describe the federal requirements of the HIPAA/HITECH regulations that protect
More informationEmergency Medical Services Division Policies Procedures Protocols
Emergency Medical Services Division Policies Procedures Protocols Patient Medical Record Security and Privacy Policies and Procedures (1003.00) I. GENERAL PROVISIONS: A. The intent of these policies and
More informationNotice of Privacy Practices
River Valley Chiropractic LLC Notice of Privacy Practices Effective 9/2014; Revised 9/2014 If you have any questions about this notice, please contact the River Valley Chiropractic Privacy Officer at 308-534-5840.
More informationHIPAA Privacy Training for Non-Clinical Workforce
Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA)
More informationPRIVACY POLICIES AND PROCEDURES
Vinay M. Reddy, M.D., Ethelynda Jaojoco, M.D. Karen D. Cain, PA-C Julie J. Stackhouse, PA-C Jacie Touart, PA-C Brian Vaccarezza, PA-C Physical Medicine & Rehabilitation Electrodiagnostic Medicine Disorders
More informationHIPAA Notice of Privacy Practices
HIPAA Notice of Privacy Practices Georgia Mountains Hospice understands that your health information is highly personal and we are committed to safeguarding your privacy. Please read this Notice of Privacy
More informationStudent Orientation: HIPAA Health Insurance Portability & Accountability Act
_ Student Orientation: HIPAA Health Insurance Portability & Accountability Act HIPAA: National Privacy Law History of HIPAA What was once an ethical responsibility to protect a patient s privacy is now
More informationHIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology
HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology Publish Date: 1/2/2018 This guide has been created to serve Vail Aspen Breckenridge
More informationNavigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections
Navigating HIPAA Regulations Michelle C. Stickler, DEd Director, Research Subjects Protections mcstickler@vcu.edu 828-0131 Key Definitions Covered Entity: Organization that handles identifiable health
More informationPATIENT INFORMATION Please Print
PATIENT INFORMATION Please Print DATE Patient s Last Name First Name Middle Name Suffix Gender: q Male q Female Social Security Number of Birth Race Ethnic Group: q Hispanic q Non-Hispanic q Unknown Preferred
More informationHIPAA THE PRIVACY RULE
HIPAA THE PRIVACY RULE Reviewed December 2012 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2 HISTORY Many
More informationHIPAA Privacy Rule. Best PHI Privacy Practices
HIPAA Privacy Rule Best PHI Privacy Practices Learning Objectives Define the acronym HIPAA. Understand your role and responsibilities under the privacy regulations. Know what patient s rights are in terms
More informationCHI Mercy Health. Definitions
CHI Mercy Health Definitions If you have any questions about this notice, please contact the CHI Mercy Health s Privacy Office at (701) 845-6540 or 570 Chautauqua Blvd, Valley City ND 58072. Notice of
More informationNOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018
NOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationHIPAA Privacy and Security Training for Researchers
HIPAA Privacy and Security Training for Researchers Version April 2017 Mountain States Health Alliance Bringing Loving Care to Health Care 1 Course Objectives This learning course covers HIPAA, HITECH,
More informationUnderstanding the Privacy and Security Regulations
Omnibus Rule Update HIPAA Handbook for Long-Term Care Staff Understanding the Privacy and Security Regulations Kate Borten, CISSP, CISM Handbook for Long-Term Care Staff Understanding the Privacy and Security
More informationNotice of Privacy Practices
Notice of Privacy Practices, pg. 1 of 5 Notice of Privacy Practices CATHOLIC CHARITIES OF THE ROMAN CATHOLIC DIOCESE OF SYRACUSE, NY This notice describes the privacy practices of Catholic Charities of
More informationValley Regional Medical Center HIPAA AND HITECH EDUCATION
Valley Regional Medical Center HIPAA AND HITECH EDUCATION Privacy and Security of Protected Health Information 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act
More informationVHA Privacy Policy Training FY VHA Privacy Office
VHA Privacy Policy Training Applicable Confidentiality Statutes and Regulations The following legal provisions govern the collection, use, maintenance, and disclosure of information from VHA records. The
More informationPrivacy and Security For Teammates
Privacy and Security For Teammates This self-directed learning module contains information all CRHS Teammates are expected to know in order to protect our patients, our guests, and ourselves. Target Audience:
More informationWHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004
Rev. 1/22/2010 HIPAA TRAINING WHAT IS HIPAA? Health Insurance Portability and Accountability Act HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004
More information(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone
(PLEASE PRINT) Emma Warner, MSW, LCSW, ACSW Tulsa, OK 74105 (918) 749-6935 Personal Information Name Address Last Name First Name Initial Home Phone Soc. Sec. # City State Zip Sex M F Age Birthdate Single
More informationSUMMARY OF NOTICE OF PRIVACY PRACTICES
LAKE REGIONAL MEDICAL GROUP 54 HOSPITAL DRIVE OSAGE BEACH, MO 65065 SUMMARY OF NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
More informationUSES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY
Page Number 1 of 8 TITLE: PURPOSE: USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY To assure that individually identifiable health information contained in any University Health
More informationWRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS
WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS Jeffrey Staton Attorney at Law Legal Aid Society of Louisville 416 W. Muhammad Ali Blvd., Ste. 300 Louisville, KY 40202 Phone: 502.614.3146 Jstaton@laslou.org
More informationPARAGOULD DOCTORS CLINIC PRIVACY NOTICE
PARAGOULD DOCTORS CLINIC PRIVACY NOTICE Protected Health Information THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE
More informationUpdated FY15 Dignity Health General Compliance Education for Staff Module 2
Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our
More informationThis notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.
MRN: FIN: FLORIDA HOSPITAL DELAND HIPAA NOTICE OF PRIVACY PRACTICES Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationNOTICE OF HOSPICE EL PASO S PRIVACY PRACTICES
NOTICE OF HOSPICE EL PASO S PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationHIPAA Training
2011-2012 HIPAA Training New Hire Orientation and General Training 1 This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand
More informationPrivacy and Security Orientation for Visiting Observers. DUHS Compliance Office
Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy
More informationHIPAA and HITECH: Privacy and Security of Protected Health Information
HIPAA and HITECH: Privacy and Security of Protected Health Information What is HIPAA? Health Insurance Portability and Accountability Act of 1996 A federal law enacted to: Protect the privacy of a patient
More informationCAPITAL SURGEONS GROUP, PLLC
CAPITAL SURGEONS GROUP, PLLC NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
More informationCompliance Program, Code of Conduct, and HIPAA
Compliance Program, Code of Conduct, and HIPAA Agenda Introduction to Compliance The Compliance Program Code of Conduct Reporting Concerns HIPAA Why have a Compliance Program Procedures to follow applicable
More informationAccommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.
Collom & Carney Clinic Association NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS
More informationWilliamson County EMS (WCEMS) HIPAA Training for Third Out Riders
Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders Training Statement: This training program is designed to educate you on WCEMS legal requirements to protect our patients rights and confidentiality,
More informationCatholic Charities Disabilities Services. In-Home Behavioral Support Services (2017)
Catholic Charities Disabilities Services In-Home Behavioral Support Services (2017) A Program funded through a Family Support Services Grant from OPWDD Submit Application and supporting documentation to:
More informationHIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance
HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both
More informationNotice of HIPAA Privacy Practices Updates
Notice of HIPAA Privacy Practices Updates The following is a summary of the updates to the privacy notice for Meridian Hospitals Corporation, Meridian Home Care Services, Inc., Meridian Nursing & Rehabilitation,
More informationINFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates
INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates The purpose of this brochure is to provide you with a brief orientation to Children s Mercy Hospitals and Clinics. It provides
More informationNOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM
NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM Effective Date: 9/23/ 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationSecurity Risk Analysis
Security Risk Analysis Risk analysis and risk management may be performed by reviewing and answering the following questions and keeping this review (with date and signature) for evidence of this analysis.
More informationNotice of Privacy Practices
Notice of Privacy Practices Effective September 23, 2013 TCHC.org An equal opportunity employer and provider. CLINICS Baxter Bertha Henning Ottertail Sebeka Verndale Wadena HOSPITAL Wadena 415 Jefferson
More informationNOTICE OF PRIVACY PRACTICES
Effective 10-9-2013 This notice of privacy practices describes how Family Chiropractic Health Care manages and protects your personal information. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
More informationWAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES
WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised February 17, 2010 Revised September 23, 2013 Revised July 1, 2016 This Notice of Privacy Practices applies to the
More informationHIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?
DIRECTIONS HIPAA Privacy/Security Personal Privacy 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings on the Intranet home page 3. Click on the
More informationGREATER HUDSON VALLEY HEALTH SYSTEM ORANGE REGIONAL MEDICAL CENTER CATSKILL REGIONAL MEDICAL CENTER Policy/Procedure
Policy/Procedure Manual: Hospital Wide Section: HIPAA Policy #: 110118 The Joint Commission Chapter: SUBJECT: Effective Date: 7/13 HIPAA Notice of Privacy Practices Policy Revision Date:10/14,4/15,2/16
More informationEast Carolina University 2010 Annual HIPAA Privacy Training
East Carolina University 2010 Annual HIPAA Privacy Training What are the HIPAA Privacy and Security Rules? Federal laws that govern the use and disclosure of health information of our patients and research
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revised: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationTitle: HIPAA PRIVACY ADMINISTRATIVE
Administrative-HIPAA Privacy Title: HIPAA PRIVACY ADMINISTRATIVE Scope: All MultiCare Health System (MHS) workforce members, which includes but not limited to, employees, residents, students, volunteers
More informationMURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES
CW CR 618 Exhibit A MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES Effective Date: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016
ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES Effective Date : April 14, 2003 Revised: August 22, 2016 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES This notice describes how Pine Creek Medical Center may use and disclose your medical information, and how you may access this information. Please read through and review it
More informationIt defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.
Office of Compliance Programs Revised: July 18, 2017 HIPAA Privacy HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all
More informationHH Health System-Shoals, LLC dba Helen Keller Hospital Notice of Privacy Practices
HH Health System-Shoals, LLC dba Helen Keller Hospital Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationINFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS
INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS The purpose of this brochure is to provide you with a brief orientation to Children s Mercy Hospitals and Clinics. It provides important information
More informationNotice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity
Notice of Privacy Practices Dartmouth-Hitchcock Affiliated Covered Entity This Notice describes how medical information about you may be used and disclosed and how you can get access to this information.
More informationSecurity Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health
Security Risk Analysis and 365 Days of Meaningful Use Rodney Gauna & Val Tuerk, Object Health 2 3 Agenda Guidelines for Conducting a Security Risk Analysis Scope of Analysis Risk of a Breach Security Risks
More informationThe Privacy & Security of Protected Health Information
The Privacy & Security of Protected Health Information By the end of this course, you should: Be familiar with the patient s rights to privacy under HIPAA Privacy Act Be able to identify Protected Health
More informationIf you have any questions about this notice, please contact our privacy officer Dr. Jev Sikes at
Notice of Privacy Practices For Deep Eddy Psychotherapy THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES 1 Effective Date: April 14, 2003 Revision Date: September 23, 2013 Revision Date: January 17, 2018 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationNOTICE OF PRIVACY PRACTICES Full Length Version Effective Date: 4/19/2016
Conrad l Pearson Clinic, P.C. NOTICE OF PRIVACY PRACTICES Full Length Version Effective Date: 4/19/2016 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationOREGON HIPAA NOTICE FORM
MARCIA JOHNSTON WOOD, Ph.D. Clinical Psychologist 5441 SW Macadam, #104, Portland, OR 97239 Phone (503) 248-4511/ Fax (503) 248-6385 - Effective Sept.23, 2013 - (This copy for you to keep) OREGON HIPAA
More informationWISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse
Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass... 3 Auditing... 3 Privacy Protections... 4 HIPAA Compliance... 4 State Law Compliance...
More informationStudy Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
More informationHealthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation
Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation June 20, 2012 ID Experts Webinar www.idexpertscorp.com Mahmood
More informationIf you have any questions about this notice, please contact the SSHS Privacy Officer at:
Notice of Privacy Practices 0 Effective Date: April 14, 2003 Revision Date: July 15, 2016 South Shore Health System ( SSHS ) is an integrated health care delivery system. For a list of entities which comprise
More informationThe Queen s Medical Center HIPAA Training Packet for Researchers
The Queen s Medical Center HIPAA Training Packet for Researchers 1 The Queen s Medical Center HIPAA Training Packet for Researchers Table of Contents Overview of HIPAA and Research 3 Penalties for violations
More informationThe HIPAA privacy rule and long-term care : a quick guide for researchers
Scripps Gerontology Center Scripps Gerontology Center Publications Miami University Year 2005 The HIPAA privacy rule and long-term care : a quick guide for researchers Jane Straker Patricia Faust Miami
More informationphysicians, nurses, and technicians and other Facility personnel for review and learning purposes. We may also combine the medical information we
WESTMINSTER CANTERBURY - RICHMOND NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
More informationLifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research
LifeBridge Health HIPAA Policy 4 Uses of Protected Health Information for Research This Policy contains the following Sections: I. Policy II. III. IV. Definitions Applicability Procedures A. Individual
More informationHIPAA & PRIVACY TRAINING FOR HEALTH PROFESSIONALS: Part 1 Denise M. Hill, JD, MPA
HIPAA & PRIVACY TRAINING FOR HEALTH PROFESSIONALS: Part 1 Denise M. Hill, JD, MPA 2016 Denise M. Hill & CEI, Photos used Creative Commons. Disclosure & Disclaimer DISCLOSURE Denise Hill reports no actual
More informationFAFSA Completion Initiative Participation Agreement
Larry Hogan Governor Boyd K. Rutherford Lt. Governor Anwer Hasan Chairperson James D. Fielder, Jr., Ph. D. Secretary FAFSA Completion Initiative Participation Agreement This FAFSA Completion Initiative
More informationHIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.
HIPAA for CNAs This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020. Copyright 2015 by RN.com. All Rights Reserved. Reproduction and distribution of these materials
More informationINFORMED CONSENT FOR TREATMENT
INFORMED CONSENT FOR TREATMENT I (name of patient), agree and consent to participate in behavioral health care services offered and provided at/by Children s Respite Care Center, a behavioral health care
More informationNotice of Privacy Practices for Protected Health Information (PHI)
Notice of Privacy Practices for Protected Health Information (PHI) Dermatology Associates of Colorado, PC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationA Deep Dive into the Privacy Landscape
A Deep Dive into the Privacy Landscape David Goodis Assistant Commissioner Information and Privacy Commissioner of Ontario Canadian Institute Advertising & Marketing Law January 22, 2018 Who is the Information
More informationThe University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office
The University of Toledo Corporate Compliance and HIPAA Training Presented by: The Compliance and Privacy Office Topics Compliance HIPAA (Health Insurance Portability and Accountability Act) FERPA( Family
More informationChapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)
Health Insurance Portability and Accountability Act (HIPAA) of 1996 Chapter 19 Section 3 1.0 BACKGROUND AND APPLICABILITY 1.1 The contractor shall comply with the provisions of the Health Insurance Portability
More informationNotice of Privacy Practices
Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully. Our commitment
More informationS.E. Wisconsin Hearing Center Inc.
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Effective Date:
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES 1 Effective Date: April 14, 2003 Revised: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO
More informationNOTICE OF PRIVACY PRACTICES
THIS NOTICE OF PRIVACY PRACTICES ( NOTICE ) DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Respect for
More informationNew Patient Information
New Patient Information PATIENT INFORMATION M / F Last Name First Name Middle Name Suffix- Jr, Sr, etc. Mr, Mrs, Ms, Dr Sex Date of Birth Social Security Number Alias- Nickname (Last, First, Middle) Permanent
More informationREVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY
REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationHIPAA PRIVACY NOTICE
HIPAA PRIVACY NOTICE PLEASE REVIEW THIS NOTICE CAREFULLY. IT DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU MAY GAIN ACCESS TO THAT INFORMATION. POLICY STATEMENT This Practice
More information