Consumer View of Personal Information Risks
|
|
- Robert Sherman
- 6 years ago
- Views:
Transcription
1 Navigating the ephi Minefield Meaningful Consent Meets the Restriction Requirements of the HIPAA Omnibus Rule Timothy Kelly, MS, MBA Standard Register Healthcare Consumer View of Personal Information Risks 40 million customers with compromised credit and debit card information 70 million with compromised and mailing address information Harris EA, Perlroth N. Target missed signs of a data breach. The New York Times. March 13, th AHIMA Convention & Exhibit San Diego, CA Page 1
2 Consumer View of Personal Information Risks 1.2 billion user name and password combinations 500 million addresses Perlroth N, Gelles. Russian hackers amass over a billion internet passwords. The New York Times. August 5, Consumer View of Personal Information Risks 56 million customers compromised Vinton K. With 56 million cards compromised, Home Depot's breach is bigger than Target's. Forbes. September 18, th AHIMA Convention & Exhibit San Diego, CA Page 2
3 Notable PHI Data Breaches $3.3 million fine New York Presbyterian PHI for 6,800 patients accessible by Google $1.73 million Concentra Theft of an unencrypted laptop with records of 148 patients (third incidence of a stolen laptop) $1.7 million WellPoint Disclosure of ephi for 612,000 individuals Source: Health & Human Services, Health Information Privacy (accessed 7/17/14) Notable PHI Data Breaches 206 hospital system Data on 4.5 million patients Names, Social Security numbers, physical addresses, birthdays and telephone numbers Pagliery J. Hospital network hacked, 4.5 million records stolen. CNN Money. August 18, th AHIMA Convention & Exhibit San Diego, CA Page 3
4 Health Information Exchange Health Information Exchange (HIE) System that allows for the secure, electronic transfer of a patient s vital medical information Advantages include: Speed Availability of information Fewer errors Automatic integration of data into the EHR 86 th AHIMA Convention & Exhibit San Diego, CA Page 4
5 HIE Implementation Status Directed and query exchanges are both available Only directed exchange is available Only query exchange is available Source: HealthIT.gov researchersimplementers/state hie implementation status/ (accessed 7/17/14) HIE Participation Options No consent. Health information of patients is automatically included patients cannot opt out Opt out. Default is for health information of patients to be included automatically, but the patient can opt out completely Opt out with exceptions. Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included Opt in. Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out Opt in with restrictions. Default is that no patient health information is made available, but the patient may allow a subset of select data to be included 86 th AHIMA Convention & Exhibit San Diego, CA Page 5
6 Meaningful Use Meaningful Use $25.1 billion paid through August 2014 to hospitals and eligible providers Stages of Meaningful Use th AHIMA Convention & Exhibit San Diego, CA Page 6
7 Stage 2 Objective View, Download, and Transmit to 3rd Party Must satisfy both of the following requirements: More than 50 percent of all patients who are discharged from the inpatient or emergency department have their information available online within 36 hours of discharge More than 5 percent of all patients who are discharged from the inpatient or ED view, download or transmit to a third party Meaningful Use Final Stage Edition Objective. HIPAA Omnibus Final Rule 86 th AHIMA Convention & Exhibit San Diego, CA Page 7
8 HIPAA Omnibus Final Rule Published in the Federal Register January 25, 2013 Went into effect on September 23, CFR Parts 160 and pages HIPAA Omnibus Final Rule Much has changed in health care since HIPAA was enacted over fifteen years ago. The new rule will help protect patient privacy and safeguard patients health information in an ever expanding digital age. HHS Secretary Kathleen Sebelius January 17, th AHIMA Convention & Exhibit San Diego, CA Page 8
9 HIPAA Omnibus Final Rule This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates. HHS Office for Civil Rights Director Leon Rodriguez January 17, 2013 HIPAA Omnibus Final Rule Key Provisions 86 th AHIMA Convention & Exhibit San Diego, CA Page 9
10 Patients may request a copy of their electronic medical record in electronic form Patient Access Sharing Restrictions Patients who pay for tests or services outof pocket may restrict sharing of that information with: Their Health Plan Medicare 86 th AHIMA Convention & Exhibit San Diego, CA Page 10
11 Definition of Breach Expanded to include limited data sets of information 54 data breaches of 500 or more patient records reported in the first 6 months of 2014 U.S. Department of Health and Human Services' Office for Civil Rights (OCR) Limits on Sharing of Information New limits on permissible uses for marketing and fundraising No sales of PHI without the patient s permission 86 th AHIMA Convention & Exhibit San Diego, CA Page 11
12 State Law Minors State Law In California, a minor may consent to medical or dental care if all of the following are true: Minor 15 years of age Minor is living apart from parent or guardian Minor is managing the minor s own financial affairs California Legislative Code. 6922(a). 86 th AHIMA Convention & Exhibit San Diego, CA Page 12
13 Manner/Method of Communication In California Can request manner specify address Can request mechanism phone, US mail, State Law Patient Education 86 th AHIMA Convention & Exhibit San Diego, CA Page 13
14 Goals of Patient Education Patient must understand: What an HIE is What information can be accessed via an HIE Who can access that information How that information is secured His or her consent options The benefits of allowing access to health information Tools for Patient Education Substantial resources are available on the HealthIT.gov website rovidersprofessionals/patientconsent electronic healthinformationexchange/econsent toolkit 86 th AHIMA Convention & Exhibit San Diego, CA Page 14
15 Special Situations Providers must be prepared to address patients with unique issues: Patients who require a surrogate decision maker Patients with disabilities or impairments Patients with limited health literacy Patients with limited English proficiency Implementation 86 th AHIMA Convention & Exhibit San Diego, CA Page 15
16 Form a Review Group Membership: IT, clinical leadership, legal counsel, patient relations and typical patients Design procedures from the patient s perspective Address any applicable state statutes Review other consent scenarios as appropriate (e.g. consent for treatments and procedures, consent for participation in clinical trials) Determine the Approach(es) An Opt in approach is recommended Opt out strategies may bear a higher burden of proving adequate patient education Determine the exceptions that must be supported and how those exceptions can be honored 86 th AHIMA Convention & Exhibit San Diego, CA Page 16
17 Set an Education Standard Consider a designing a Consent Time Out to be employed, as appropriate, to evaluate the patient s ability to understand information and to provide consent Develop all materials: Patient education materials Consent documents Provider script Develop a FAQ document Create a Documentation Process Determine how to document consent and any exceptions Determine how opt in/opt out and any exceptions are flagged in other systems Consider comprehension verification strategies (e.g. teach back) and documentation of such Address how to handle future changes to previous direction 86 th AHIMA Convention & Exhibit San Diego, CA Page 17
18 The ephi Minefield Benefits of the HIE Better care coordination Faster diagnosis Improved health [Attain Meaningful Use Objectives] Potential Landmines Patient understanding Exceptions to sharing ephi Handling changes Maintaining patient wishes 86 th AHIMA Convention & Exhibit San Diego, CA Page 18
19 Success Factors Patient education Provider training Leveraging HIT systems to support policies Further Reading Rozovsky F, Kelly T. Mitigating the risks of 'meaningful consent' for HIE participation. Healthcare IT News. April 3, gating risks meaningful consent hieparticipation 86 th AHIMA Convention & Exhibit San Diego, CA Page 19
20 Questions? 86 th AHIMA Convention & Exhibit San Diego, CA Page 20
Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living
Health Information Exchange 101 Your Introduction to HIE and It s Relevance to Senior Living Objectives for Today Provide an introduction to Health Information Exchange Define a Health Information Exchange
More informationFCSRMC 2017 HIPAA PRESENTATION
FCSRMC 2017 HIPAA PRESENTATION BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international
More informationOffice of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV
Office of the Chief Privacy Officer Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV Table of Contents Introduction Why Apps? What ONC is doing to advance use of Apps
More informationAdvanced HIPAA Communications and University Relations
Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability
More informationHIPAA Education Program
HIPAA Education Program 2017-2018 Assurance and Compliance Services HIPAA Training Requirement This HIPAA Training Program is intended for and will satisfy the training requirement for the: Mount Sinai
More informationPrivacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016
Privacy Rio Grande Valley HIE Policy: P1 Effective Date 01/15/2014 Last date Revised/Updated 02/18/2016 Date Board Approved: 02/18/2016 Subject: Authorization to Use and/or Disclose Protected Health Information
More informationCIO Legislative Brief
CIO Legislative Brief Comparison of Health IT Provisions in the Committee Print of the 21 st Century Cures Act (dated November 25, 2016), H.R. 6 (21 st Century Cures Act) and S. 2511 (Improving Health
More informationMITIGATING BREACH RISK IN AN ERA OF EXPANDING PHI DISCLOSURE POINTS AND REQUESTS FOR HEALTH INFORMATION
MITIGATING BREACH RISK IN AN ERA OF EXPANDING PHI DISCLOSURE POINTS AND REQUESTS FOR HEALTH INFORMATION Authors: Mariela Twiggs, MS, RHIA, CHP, FAHIMA National Director, Training and Compliance for MRO
More informationMeaningful Use Achieving Core Objective #14 Montana HIMMS 2012 Spring Convention
Meaningful Use Achieving Core Objective #14 Montana HIMMS 2012 Spring Convention Presented by John Whalen CISSP, CISA, CRISC Contents Objectives Risk exercise Breaches Meaningful Use What is an assessment?
More informationA self-assessment for GxP and HIPAA concerns
WHITE PAPER IS YOUR ORGANIZATION AT RISK? A self-assessment for GxP and HIPAA concerns MDDX RESEARCH & INFORMATICS 58 California St, Floor 6 San Francisco, California 9 T (8) -MDDX F (866) 8-696 info@mddx.com
More informationPreparing for the upcoming 2016 HIPAA audits: Lessons and examples from past breaches and fines
Preparing for the upcoming 2016 HIPAA audits: Lessons and examples from past breaches and fines 1 Your Presenters Robert Grant Co-Founder and Chief Strategy Officer of Compliancy Group Over 15 years of
More informationSharing health information electronically eliminates the need for faxing, copying and handcarrying your health record from provider to provider.
s For Patients and Clients of San Mateo County Health System ENGLISH What is? San Mateo County Connected Care () is the Health Information Exchange (HIE) for the electronic sharing of health-related information
More informationWISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse
Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass... 3 Auditing... 3 Privacy Protections... 4 HIPAA Compliance... 4 State Law Compliance...
More informationHITECH Act. Overview and Estimated Timeline
HITECH Act Overview and Estimated Timeline Key Program, Distribution, Use and Recipients for the HITECH Act* Focused Funds ($2 billion) PROGRAM DISTRIBUTION AGENCY USE OF FUNDS RECIPIENTS HIE Planning
More information2018 Employee HIPAA Orientation (EHO) Handbook
2018 Employee HIPAA Orientation (EHO) Handbook Using EHO The material in this booklet is designed to provide newly hired employees with an understanding of HIPAA s regulations and their impact on the employee
More informationCLINICIAN S GUIDE TO HIPAA PRIVACY
CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,
More informationThe future of patient care. 6 ways workflow automation will transform the healthcare experience
The future of patient care 6 ways workflow automation will transform the healthcare experience Workflow automation: The foundation for improved patient care The patient lifecycle goes through many phases.
More informationHCCA Institute Privacy Officer Round Table Discussion
HCCA Institute Privacy Officer Round Table Discussion Marti Arvin Deann Baker Why We re Here X A facilitated discussion of current issues that Privacy Professionals are dealing with in their day-to-day
More informationStatus Check On Health IT
Status Check On Health IT CTHIMA Annual Conference September 17, 2017 Slides Prepared by Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 The Future Of Healthcare And Health IT Are Not
More informationEMPOWERING THE NEW HEATHCARE ERA
EMPOWERING THE NEW HEATHCARE ERA THE NJ/DV HIMSS REGIONAL MEETING NOVEMBER 12 14, 2014 BALLY S HOTEL & CASINO ATLANTIC CITY, NJ. Ensuring Privacy and Security of Health information Exchange in Pennsylvania
More informationPrivacy and Consent Primer
Privacy and Consent Primer Bob Johnson e-health Project Manager, Minnesota Department of Health Stacie Christensen Director, Information Policy Analysis Division, Minnesota Department of Administration
More informationUnique Health Safety Identifier. Across The Continuum of Care
Unique Health Safety Identifier Across The Continuum of Care Andy Nieto, Health Solutions Executive @ALN669 Trend Longer Life Average life expectancy in OECD countries in 2012 was 80 YEARS, an increase
More informationTHE ECONOMICS OF MEDICAL PRACTICE UNDER HIPAA/HITECH
THE ECONOMICS OF MEDICAL PRACTICE UNDER HIPAA/HITECH Gerald Jud E. DeLoss Serene K. Zeni (312) 985-5925 (248) 988-5894 gdeloss@ szeni@ AGENDA 1. Meaningful Use Incentives 2. HIPAA Enforcement and Compliance
More informationFEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA
FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section 17932; 45 C.F.R.
More informationHIPAA & HEALTH INFORMATION EXCHANGE
HIPAA & HEALTH INFORMATION EXCHANGE (Perspective from the Private Sector) Helen Oscislawski, Esq. March 26, 2012 20 th National HIPAA Summit Washington D.C. 2012 Oscislawski LLC Where Should We Start?
More informationBehavioral Health Information Network of Arizona
Behavioral Health Information Network of Arizona NextGen Ohio Behavioral Health User Group Meeting Highlights Ways in which exchanging BH data differs from physical health data exchange Alerts 42 CFR Part
More informationUnleash Healthcare Information Technology for Successful Sites, Investigators and Subjects
Unleash Healthcare Information Technology for Successful Sites, Investigators and Subjects Timothy J. Kelly, MS, MBA Vice President Dialog Medical Who has heard the term Who has heard the term meaningful
More informationComparison of Health IT Provisions in H.R. 6 (21 st Century Cures Act) and S (Improving Health Information Technology Act)
Comparison of Health IT Provisions in H.R. 6 (21 st Century Cures Act) and S. 2511 (Improving Health Information Technology Act) Policy Proposal Health Software Regulation Senate Innovations Initiative
More informationPrivacy & Security: What You Need to Know
Privacy & Security: What You Need to Know DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationNotice of Privacy Practices
River Valley Chiropractic LLC Notice of Privacy Practices Effective 9/2014; Revised 9/2014 If you have any questions about this notice, please contact the River Valley Chiropractic Privacy Officer at 308-534-5840.
More informationSecurity Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health
Security Risk Analysis and 365 Days of Meaningful Use Rodney Gauna & Val Tuerk, Object Health 2 3 Agenda Guidelines for Conducting a Security Risk Analysis Scope of Analysis Risk of a Breach Security Risks
More informationHIE & Interoperability: Roadmap to Continuum of Care Michael McPherson MU Coordinator KDHE
HIE & Interoperability: Roadmap to Continuum of Care Michael McPherson MU Coordinator KDHE DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily
More informationProtecting Health Information: Health Data Security Training
Protecting Health Information: Health Data Security Training How to secure patient information and manage your obligations under HIPAA, the HITECH Act and other federal and state data privacy and security
More information[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]
CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW I. Policy: Policy Number: [Enter] Effective Date: [Enter] A. Purpose This policy establishes consent requirements for the disclosure of health
More informationPOTENTIAL LIABILITY: PATIENT HEALTH INFORMATION PORTALS
POTENTIAL LIABILITY: PATIENT HEALTH INFORMATION PORTALS Jeanne M. Born, RN, JD 22 JANUARY 2015 Jborn@nexsenpruet.com Medical Record Information: Ownership and Patient Rights The physician owns the physician
More informationHealth Information Technology and Coordinating Care in Ohio
Health Information Technology and Coordinating Care in Ohio 1 Dan Paoletti, CEO Ohio Health Information Partnership CliniSync Health Information Exchange Health Information Technology in Ohio HITECH Federal
More informationCHI Mercy Health. Definitions
CHI Mercy Health Definitions If you have any questions about this notice, please contact the CHI Mercy Health s Privacy Office at (701) 845-6540 or 570 Chautauqua Blvd, Valley City ND 58072. Notice of
More informationINSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.
HIPAA PRIVACY RULE & AUTHORIZATION Definitions Breach. The term breach means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy
More informationThe HIPAA privacy rule and long-term care : a quick guide for researchers
Scripps Gerontology Center Scripps Gerontology Center Publications Miami University Year 2005 The HIPAA privacy rule and long-term care : a quick guide for researchers Jane Straker Patricia Faust Miami
More informationNew York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information
New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationThe University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office
The University of Toledo Corporate Compliance and HIPAA Training Presented by: The Compliance and Privacy Office Topics Compliance HIPAA (Health Insurance Portability and Accountability Act) FERPA( Family
More informationLast Chance to Review Your Security Risk Analysis
Learning Forum Fridays Countdown to MIPS Data Submission Webinar Series Last Chance to Review Your Security Risk Analysis Emilie Sundie, MSCIS, PMP, CPHIMS Director, Health IT Services Kari Vanderslice,
More informationA general review of HIPAA standards and privacy practices 2016
A general review of HIPAA standards and privacy practices 2016 45 CFR, 164 Health Insurance Portability and Accountability Act Treatment, Payment and Healthcare Operations 42 CFR, Part 2, Confidentiality
More informationDoes HIPAA Satisfy Meaningful Use? Two regulations with one stone
Does HIPAA Satisfy Meaningful Use? Two regulations with one stone Tod Ferran, CISSP, QSA Hi There! Tod Ferran 25 years working with IT and physical security 3 years PCI and HIPAA security consulting, performing
More informationNOTICE OF PRIVACY PRACTICES
Our Responsibilities Notice of Privacy Practices - Page 1 NOTICE OF PRIVACY PRACTICES Our Responsibilities. Your Information. Your Rights. This Notice of Privacy Practices ( Notice ) explains how University
More informationMedicare and Medicaid EHR Incentive Program. Stage 3 and Modifications to Meaningful Use in 2015 through 2017 Final Rule with Comment
Medicare and Medicaid EHR Incentive Program Stage 3 and Modifications to Meaningful Use in 2015 through 2017 Final Rule with Comment Measures, and Proposed Alternative Measures with Select Proposed 1 Protect
More informationHIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance
HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both
More informationNotice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity
Notice of Privacy Practices Dartmouth-Hitchcock Affiliated Covered Entity This Notice describes how medical information about you may be used and disclosed and how you can get access to this information.
More informationParental Consent For Minors to Receive Services
Parental Consent For Minors to Receive Services Welcome to the University of San Diego s Wellness Area! We appreciate your coming our way, and look forward to working with you. The following provides important
More informationHITECH Act, EHR Adoption, Meaningful Use Criteria, ARRA Grants, and Adoption Alternatives. The MARYLAND HEALTH CARE COMMISSION
HITECH Act, EHR Adoption, Meaningful Use Criteria, ARRA Grants, and Adoption Alternatives The MARYLAND HEALTH CARE COMMISSION On February 17, 2009, President Barack Obama signed the American Recovery
More informationAUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director
UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE For the period October 2008 through May 2009 JEREMIAH P. CARROLL II, CPA Audit Director Audit Department 500 S Grand Central Pkwy Ste 5006 PO Box 551120 Las Vegas
More informationMCCP Online Orientation
1 Objectives At the conclusion of this presentation, students will be able to: Discuss application of HIPAA to student s role. Describe the federal requirements of the HIPAA/HITECH regulations that protect
More informationWHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004
Rev. 1/22/2010 HIPAA TRAINING WHAT IS HIPAA? Health Insurance Portability and Accountability Act HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004
More informationPatient Privacy Requirements Beyond HIPAA
Patient Privacy Requirements Beyond HIPAA Jane Hyatt Thorpe, J.D. School of Public Health and Health Services George Washington University Carrie Bill, J.D. Feldesman Tucker Leifer Fidell LLP The George
More informationWRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS
WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS Jeffrey Staton Attorney at Law Legal Aid Society of Louisville 416 W. Muhammad Ali Blvd., Ste. 300 Louisville, KY 40202 Phone: 502.614.3146 Jstaton@laslou.org
More informationPrivacy & Security of Occupational, Behavioral & Deceased Patient Records Alisha R. Smith, RHIA
Privacy & Security of Occupational, Behavioral & Deceased Patient Records Alisha R. Smith, RHIA 1 Objectives Occupational Health Records Roles & Challenges Content HIPAA or OSHA? Authorizations & Disclosures
More informationREVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY
REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationYour Role in Protecting Patient Privacy 2018
Your Role in Protecting Patient Privacy 2018 1 Training Focus This training will focus on what responsibilities you have in order to ensure that both you and our organization are in compliance with state
More informationMeaningful Use Update: Stage 3 and Beyond. Carla McCorkle, Midas+ Solutions CQM Product Lead
Meaningful Use Update: Stage 3 and Beyond Carla McCorkle, Midas+ Solutions CQM Product Lead Objectives Discuss major changes to Meaningful Use program for Stage 3 and impact on hospitals Identify steps
More informationDO ASK BUT DON T TELL HIPAA PRIVACY RULE
DO ASK BUT DON T TELL HIPAA PRIVACY RULE HITECH/OMNIBUS FINAL RULE HIPAA enacted in 1996; compliance required April 14, 2003 for the Privacy Rule and April 21, 2005 for the Security Rule surrounding electronic
More informationAGENDA. 10:45 a.m. CT Attendees Sign On 11:00 a.m. CT Webinar 11:50 a.m. CT Questions and Answers
AGENDA 10:45 a.m. CT Attendees Sign On 11:00 a.m. CT Webinar 11:50 a.m. CT Questions and Answers Asking Questions Throughout the webinar, type your questions using the "send note" button at the top of
More informationInformation Privacy and Security
Information Privacy and Security 2015 Purpose of HIPAA HIPAA stands for the Health Insurance Portability and Accountability Act. Its purpose is to establish nationwide protection of patient confidentiality,
More informationPeek-A-Boo: EHR Access and Compliance
Peek-A-Boo: EHR Access and Compliance HCCA Compliance Institute Orlando, FL April 10, 2011 Miriam Murray, Sava Senior Care Andrea McElroy, Aurora Health Care This is a medical record, can I show it to
More informationNew Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer
New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected
More informationDUTIES OF A CUSTODIAN
DUTIES OF A CUSTODIAN SUMMARY OF CUSTODIAN DUTIES UNDER THE PERSONAL HEALTH INFORMATION ACT Custodians have legislated duties as outlined in the Act. A custodian is required to: 1. prepare and make readily
More informationBreach Risk in Release of Information. Don t Leave Risk to Chance Key trends impacting healthcare providers
Breach Risk in Release of Information Don t Leave Risk to Chance Key trends impacting healthcare providers INTRODUCTION Privacy and security within a healthcare enterprise are topics often on the minds
More informationHIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology
HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology Publish Date: 1/2/2018 This guide has been created to serve Vail Aspen Breckenridge
More informationAmerican Health Lawyers Association State Law Landscape for Health Information Technology
American Health Lawyers Association State Law Landscape for Health Information Technology August 9, 2017 Cason D. Schmit, J.D. Texas A&M University, School of Public Health Department of Health Policy
More information1/21/2011. Cindy C. Parman, CPC, CPC H Coding Strategies, Inc.
Cindy C. Parman, CPC, CPC H Coding Strategies, Inc. www.codingstrategies.com The format and/or content of this presentation is copyright 2011 by Coding Strategies, Inc. (CSI), Powder Springs, GA. This
More informationManaging Privacy Risk in Your Research and Development Enterprise. Sujata Dayal, Abbott Justin McCarthy, Pfizer
Managing Privacy Risk in Your Research and Development Enterprise Sujata Dayal, Abbott Justin McCarthy, Pfizer Why Privacy Matters Human subject data is extremely sensitive Access to data is critical to
More informationMobile Device Use: Increasing Privacy and Security Awareness for Nurse Practitioners
La Salle University La Salle University Digital Commons Economic Crime Forensics Capstones Economic Crime Forensics Program Spring 5-18-2015 Mobile Device Use: Increasing Privacy and Security Awareness
More informationData Sharing Consent/Privacy Practice Summary
Data Sharing Consent/Privacy Practice Summary Profile Element Description Responsible Entity Legal Authority Entities Involved in Data Exchange HIPAAT International Inc. US HIPAA HITECH 42CFR Part II Canada
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES THIS NOTICE OF PRIVACY PRACTICES IS BEING PROVIDED TO YOU AS REQUIRED BY THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT ( HIPAA ). IF YOU WISH TO RECEIVE A PAPER COPY
More informationMEANINGFUL USE 2015 PROPOSED 2015 MEANINGFUL USE FLEXIBILITY RULE
MEANINGFUL USE 2015 PROPOSED 2015 MEANINGFUL USE FLEXIBILITY RULE *Please note, the below guidelines are currently proposed. ASCRS will let you know if and when they are finalized through regulatory alerts
More informationNavpreet Kaur IT /16/16. Electronic Health Records
1 Navpreet Kaur IT 104-002 10/16/16 Electronic Health Records Honor Code: "By placing this statement on my webpage, I certify that I have read and understand the GMU Honor Code on http://oai.gmu.edu/the-mason-honor-code-2/
More informationHealth Insurance Portability and Accountability Act. Awareness Training for Volunteers
Health Insurance Portability and Accountability Act Awareness Training for Volunteers Southeastern Health Southeastern Health has a strong tradition of protecting the privacy of patient information. Confidentiality
More informationMeaningful Use Stage 2
Meaningful Use Stage 2 Presented by: Deb Anderson, HTS Consultant HTS, a division of Mountain Pacific Quality Health Foundation 1 HTS Who We Are Stage 2 MU Overview Learning Objectives 2014 CEHRT Certification
More informationStudy Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
More informationMedicaid EHR Incentive Program Health Information Exchange Objective Stage 3 Updated: February 2017
Medicaid EHR Incentive Program Health Information Exchange Objective Stage 3 Updated: February 2017 The Health Information Exchange (HIE) objective (formerly known as Summary of Care ) is required for
More informationThank you, and enjoy the webinar.
Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that
More informationDavid Behinfar, JD, LLM, CHC, CIPP University of Florida College of Medicine Jacksonville UF Privacy Manager (904)
David Behinfar, JD, LLM, CHC, CIPP University of Florida College of Medicine Jacksonville UF Privacy Manager (904) 244 6229 david.behinfar@jax.ufl.edu 1 Presentation Summary High level Summary of the federal
More informationSAMPLE. Release of Information in California: E-book Series, 12 of 12. Published by:
Release of Information in California: Special Health Published by: Records E-book Series, 12 of 12 The Release of Information (ROI) in California is a series of 12 E-books that will help you navigate and
More informationOREGON HIPAA NOTICE FORM
MARCIA JOHNSTON WOOD, Ph.D. Clinical Psychologist 5441 SW Macadam, #104, Portland, OR 97239 Phone (503) 248-4511/ Fax (503) 248-6385 - Effective Sept.23, 2013 - (This copy for you to keep) OREGON HIPAA
More informationHIPAA Policies and Procedures Manual
UNIVERSITY of NORTH CAROLINA at CHAPEL HILL SCHOOL of NURSING HIPAA Policies and Procedures Manual November 2015 1 Table of Contents I. INTRODUCTION... 3 A. GENERAL POLICY... 3 B. SCOPE... 3 II. DEFINITIONS...
More informationExecTech. The following examples help explain why the US Government created the HIPAA Privacy Rule.
ExecTech ExecTech Guideline Six Steps to HIPAA Rules Compliance HIPAA, the Health Insurance Portability and Accountability Act, became law in 1996. Its original intent was to help employees change jobs
More informationHIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?
DIRECTIONS HIPAA Privacy/Security Personal Privacy 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings on the Intranet home page 3. Click on the
More informationGetting Ready for Ontario s Privacy Legislation GUIDE. Privacy Requirements and Policies for Health Practitioners
Getting Ready for Ontario s Privacy Legislation GUIDE Privacy Requirements and Policies for Health Practitioners PUBLISHED BY THE COLLEGE OF DENTAL HYGIENISTS OF ONTARIO SEPTEMBER 2004 2 This booklet is
More informationHIT Usability and Data Breaches. Ritu Agarwal University of Maryland
HIT Usability and Data Breaches Ritu Agarwal University of Maryland Digital Vulnerabilities Private medical data for 20,000 emergency room patients at Stanford Hospital exposed to the public for nearly
More informationChapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)
Health Insurance Portability and Accountability Act (HIPAA) of 1996 Chapter 19 Section 3 1.0 BACKGROUND AND APPLICABILITY 1.1 The contractor shall comply with the provisions of the Health Insurance Portability
More information6/27/2014. THE NEW TECHNOLOGY LANDSCAPE Presentation Objectives. The Landscape Drives Metrics. Issues: Responding to Need. AZ Drivers/Priorities
x == 6/27/2014 THE NEW TECHNOLOGY LANDSCAPE Presentation Objectives Using Business Analytics & Health Information Exchanges to Improve Practice & Sustain Organizations Business Metric Development Strategies
More informationMeaningful Use: Today and in the Future VMGMA Spring Conference Richmond, VA March 21, 2016
Meaningful Use: Today and in the Future VMGMA Spring Conference Richmond, VA March 21, 2016 Agenda-Three Timeframes 2015 Meaningful Use: hardship exception process 2016-2017 Challenging Requirements Made
More informationHIPAA Are You As Compliant as You Think?
HIPAA Are You As Compliant as You Think? Jillian Harrington, MHA, CPC, CPC-I, CPC-P, CCS, CCS-P Regulatory Specialist, HCPro, a division of BLR Agenda Elements of HIPAA Regulations HIPAA Case Study Reviews
More informationEHR Incentive Programs for Eligible Professionals: What You Need to Know for 2016 Tipsheet
EHR Incentive Programs for Eligible Professionals: What You Need to Know for 2016 Tipsheet CMS published a final rule that specifies criteria that eligible professionals (EPs), eligible hospitals, and
More informationUpdated FY15 Dignity Health General Compliance Education for Staff Module 2
Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our
More informationOverview of Privacy Legislation in Ontario
Overview of Privacy Legislation in Ontario Presentation to Home Care Ontario October 12, 2016 Mary Gavel, ehealth Privacy Specialist Health Information Technology Services (HITS) ehealth Office, Hamilton
More informationPrivacy and Security Orientation for Visiting Observers. DUHS Compliance Office
Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy
More informationHealth Information Privacy Policies and Procedures
University of the Pacific Arthur A. Dugoni School of Dentistry Health Information Privacy Policies and s These Health Information Privacy Policies & s implement our obligations to protect the privacy of
More informationUnderstanding the Privacy and Security Regulations
Omnibus Rule Update HIPAA Handbook for Long-Term Care Staff Understanding the Privacy and Security Regulations Kate Borten, CISSP, CISM Handbook for Long-Term Care Staff Understanding the Privacy and Security
More informationMEANINGFUL USE & RISK ASSESSMENT
MEANINGFUL USE & RISK ASSESSMENT Montana HIMSS 2013 Spring Convention Presented by John Whalen CISSP, CISA, CRISC Contents 1. What are we protecting? 2. In what ways are protecting it? 3. What is Meaningful
More informationFinal Meaningful Use Objectives for
Final Meaningful Use Objectives All Eligible Professionals (EP) must attest to all objectives using a 2014 Edition CEHRT. Stage 2 Objective Protect Health Information Clinical Decision Support Stage 2
More information