AGENDA. 10:45 a.m. CT Attendees Sign On 11:00 a.m. CT Webinar 11:50 a.m. CT Questions and Answers

Similar documents
Telemedicine Privacy and Security: Safeguarding Protected Health Information and Minimizing Risks of Disclosure

Welcome to the Kentucky Health Information Exchange Newsletter!

The Privacy & Security of Protected Health Information

Understanding the Privacy and Security Regulations

If you have any questions about this notice, please contact the SSHS Privacy Officer at:

NOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018

NOTICE OF HOSPICE EL PASO S PRIVACY PRACTICES

CHI Mercy Health. Definitions

April, 2007 QUESTIONABLE PRACTICES BY HOSPICES AND NURSING HOMES UNDER HEALTH CARE FRAUD AND ABUSE RULES

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

FAFSA Completion Initiative Participation Agreement

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

NOTICE OF PRIVACY PRACTICES

CLINICIAN S GUIDE TO HIPAA PRIVACY

DO ASK BUT DON T TELL HIPAA PRIVACY RULE

PATIENT INFORMATION Please Print

Health Information Privacy Policies and Procedures

Compliance Program Updated August 2017

Advanced HIPAA Communications and University Relations

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

HIPAA Notice of Privacy Practices

Catholic Charities Disabilities Services. In-Home Behavioral Support Services (2017)

NOTICE OF PRIVACY PRACTICES

Stanford University Privacy Guidelines Fundraising

2018 Employee HIPAA Orientation (EHO) Handbook

HIPAA and HITECH: Privacy and Security of Protected Health Information

SUMMARY OF NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

FDRs = "First tier", "Downstream" and "Related" entities 3/8/2017. Session 410: Medicare FDRs and Compliance Programs. Presentation Overview

An Introduction to the HIPAA Privacy Rule. Prepared for

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

Patient Privacy Requirements Beyond HIPAA

Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL Phone Number: (334)

Protecting Health Information: Health Data Security Training

NOTICE OF PRIVACY PRACTICES

Notice of HIPAA Privacy Practices Updates

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

Notice of Privacy Practices

Southwest Acupuncture College /PWFNCFS

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

Notice of Privacy Practices

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

OREGON HIPAA NOTICE FORM

Chapter 9 Legal Aspects of Health Information Management

Alignment. Alignment Healthcare

Statement of Guidance: Outsourcing Regulated Entities

FCSRMC 2017 HIPAA PRESENTATION

Southwest Idaho Ear, Nose and Throat, P.A. Notice of Privacy Practices

A general review of HIPAA standards and privacy practices 2016

Business Risk Planning

September 3, Dear Provider:

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

NOTICE OF PRIVACY PRACTICES

HH Health System-Shoals, LLC dba Helen Keller Hospital Notice of Privacy Practices

Slide 1 WHO IS THE CLIENT? WHO CONTROLS THE RECORD? ETHICS AND HIPAA. Slide 2. Slide 3. The Four As of Ethical Practice

HIPAA Education Program

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

Catholic Charities Disabilities Services 2017 Family Reimbursement Grant For Respite Funds 1 Park Place, Suite 200 Albany, NY (518)

Patient Section All fields are required. Please print clearly and complete all information.

NOTICE OF PRIVACY PRACTICES

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

Notice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity

Payment: We are permitted to use and disclose your health information to receive payment for our services. For example, we may:

The 411 on HIPAA and OCR Guidance. Wednesday, March 5th, 2014

The Queen s Medical Center HIPAA Training Packet for Researchers

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

LivaNova Terms and Conditions for Donations and Grants

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

GDPR DATA PROCESSING ADDENDUM. (Revision March 2018)

Tracey L. Klein, J.D

Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation

COMPLIANCE ROUND-UP. December 13, Aegis Compliance & Ethics Center, LLP 1

The HIPAA privacy rule and long-term care : a quick guide for researchers

Patient Section. Patient Name: (Last) (First) (MI) Address: City: State: Zip: Date of Birth: / / Month Day Year Home Phone: ( ) - Cell Phone: ( ) -

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

******************************************************************** Policy Expectation:

R. Gregory Cochran, MD, JD

Discharge Planning for Patients Hospitalized for Mental Health Treatment Interpretative Guidelines for Oregon Hospitals

A self-assessment for GxP and HIPAA concerns

Notice of Privacy Practices

Notice of Privacy Practices for Protected Health Information (PHI)

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

MSK Group, PC NOTICE O F PRIVACY PRACTICES Effective Date: December 30, 2015

HIPAA Privacy & Security Training

SENATE, No STATE OF NEW JERSEY. 216th LEGISLATURE INTRODUCED APRIL 28, 2014

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

- Cardiac Catherization - Cardiac Angioplasty - Cardiac Bypass - MUGA - CT Scan

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

Presenter. Changes to Federal Programs & Single Audits (A-87, A-21, A-122, A-102, A-110, A-89, A-133 & A-50) The New OMB Uniform Guidance

Forward-thinking healthcare solutions It s what we do. Healthcare Law

Notice of Privacy Practices

CAPITAL SURGEONS GROUP, PLLC

Compliance Hot Topic Issues for Senior Living Communities Wednesday September 30, :45 4:15 p.m.

Hello. National Grants Management Association Monthly Training November 16, Eric J. Russell, CIA, CGAP, CGMS, MPA Crowe Horwath LLP

OVERVIEW OF THE USES AND DISCLOSURES OF PHI

Transcription:

AGENDA 10:45 a.m. CT Attendees Sign On 11:00 a.m. CT Webinar 11:50 a.m. CT Questions and Answers Asking Questions Throughout the webinar, type your questions using the "send note" button at the top of the screen. Using the dropdown box, send your note to REINHART BOERNER VAN DEUREN. We will answer as many questions as possible during our Q & A session at the end of the webinar. 1 1

PRESENTERS Meg S.L. Pekarske Shareholder, co-chair of the firm's Hospice and Palliative Care Practice Group 608-229-2216 mpekarske@reinhartlaw.com Heather L. Fields Shareholder in firm's Hospice and Palliative Care Practice Group and Hospitals and Health Systems Practice Group 414-298-8166 hfields@reinhartlaw.com 2 Meg S.L. Pekarske has devoted her legal practice to serving the ever-changing legal needs of the hospice industry. As co-chair of Reinhart's Hospice and Palliative Care Practice Group, she manages the firm's hospice practice. In working day in and day out with hospice clients across the country, Ms. Pekarske is intimately familiar with the operational challenges of hospices and has the experience to address the full spectrum of legal issues facing the industry, from routine regulatory compliance issues to multi-million dollar Zone Program Integrity Contractor (ZPIC), Medicaid and other government audits. Additionally, Ms. Pekarske routinely advises hospices on palliative care program development, innovative inpatient unit structures, fraud investigations and a wide range of contracting issues. With an extensive background in long-term care, she brings a unique perspective and skill set to helping hospices create successful partnerships with nursing homes and assisted living facilities and providing quality end-of-life care to patients. Heather L. Fields is a shareholder in the firm's Health Care Practice and the Tax-Exempt Organizations group. She addresses a wide variety of health care regulatory and transactional issues in her practice, but has extensive experience in compliance matters, including designing and implementing corporate compliance programs and assessing compliance program effectiveness. She also advises clients regarding internal and external investigations, audits and corrective action plans, all aspects of HIPAA compliance, clinical research compliance and 340B compliance. She has assisted clients in preparing and negotiating OIG disclosures and refunding overpayments, as well as counseling clients with respect to fraud and abuse issues that arise in the context of various health care provider relationships and transactions. She is certified in Healthcare Compliance (CHC) and is a Certified Compliance and Ethics Professional (CCEP). 2

WEBINAR HOUSEKEEPING Viewing the Slides Today's slide presentation will advance automatically in synch with the live presentation. Handouts If you would like a hard copy of the slide presentation, a printable version was e-mailed to you with your registration log-in information yesterday. Adjusting Your Screen If the full slide does not appear on your screen, go to the top of your screen, click "View," then "Shared Application Size" and check "Fit to Whiteboard." Adjusting Your Volume Volume can be adjusted using the volume control on your computer. Asking Questions Throughout the webinar, type your questions using the "send note" button at the top of the screen. Using the dropdown box, send your note to REINHART BOERNER VAN DEUREN. We will answer as many questions as possible during our Q & A session at the end of the webinar. Information This webinar provides general information about legal issues. It should not be construed as legal advice or a legal opinion. Attendees should seek legal counsel concerning specific factual situations confronting them. 4 OVERVIEW: SIGNIFICANT HITECH HIPAA CHANGES Notice of Privacy Practices Business Associates Expanded definition Vicarious liability Breach Notification Other Changes Affecting Hospice Fundraising, Marketing and Sale of PHI Individual rights 5 3

KEY DATES Published: January 25, 2013 Effective Date: March 26, 2013 Compliance Date: September 23, 2013 (w/exception) 6 IMMEDIATE COMPLIANCE STEPS Revise: Notice of Privacy Practices Business Associate Agreements Breach Notification policy/forms Other policies and procedures Provide updated training to ensure changes implemented 7 4

NOTICE OF PRIVACY PRACTICES 8 NOTICE OF PRIVACY PRACTICES: KEY ADDITIONS Must expressly identify certain uses and disclosures requiring authorization (e.g., sale of PHI) Right to opt out of receiving fundraising communications Right to notification following a breach of Unsecured PHI Right to restrict redisclosure of PHI to a health plan with respect to treatment paid for out of pocket 9 5

NOTICE OF PRIVACY PRACTICES: FUNDRAISING Must identify that individual has right to opt out of receiving fundraising communications Opt-out mechanism may not cause the individual to incur an undue burden or more than nominal cost HHS encourages use of a toll-free phone number and/or an e-mail address Cannot require individuals to write a letter to opt out 10 NOTICE OF PRIVACY PRACTICES: DISTRIBUTION Must distribute new notice only if prior notice requires it Must post new notice, or a summary, conspicuously in a clear and prominent location if you have a physical facility Must have new notice immediately available upon request on or after the effective date of the revision (e.g., remember to provide copies to team members conducting home visits) 11 6

BUSINESS ASSOCIATES 12 BUSINESS ASSOCIATES: KEY DEFINITION CHANGES Definition expanded to include all entities that create, receive, maintain or transmit PHI on behalf of a covered entity, such as: E-prescribing gateways Vendors of personal health records Business associate subcontractors 13 7

BUSINESS ASSOCIATES: OTHER KEY CHANGES Business associates must have business associate agreement (BAA) with each of their subcontractors obligating them to the same BAA provisions to which they are subject Covered entity may have vicarious liability for noncompliance of its business associate if business associate is deemed an "agent" under federal common law Business associate may have vicarious liability for noncompliance of its subcontractor 14 IMPORTANT TO PROPERLY IDENTIFY BUSINESS ASSOCIATE RELATIONSHIP Liability exposure means critical to properly identify: Who is and who is not your business associate When you are and are not a business associate of another party (e.g., nursing home relationships do not create business associate relationship) Agreeing to be a business associate creates contractual obligations and regulatory risk Not entering into a BAA when required may give rise to liability 15 8

HOSPICE BUSINESS ASSOCIATES: SELECT WHO'S IN/WHO'S OUT EXAMPLES BUSINESS ASSOCIATES Billing or Clinical Consultant, Accountant, Auditor, Lawyer NOT BUSINESS ASSOCIATES Nursing Home, Independent Attending Physician, Consulting Physician Pharmacy Benefits Management Company Electronic Health Records Vendor Medical Director Independent Contractor Document Storage/Destruction Company Pharmacy Internet Service Provider or Telecom Companies Medical Director Employed or Part of Workforce FedEx, UPS, USPS 16 HIPAA OPTIONS FOR MEDICAL DIRECTORS Treat as member of hospice workforce Usually preferable option given role and duties Physician must complete hospice training and follow hospice HIPAA policies and procedures Treat as business associate and enter into BAA 17 May provide some contractual protection for noncompliance Consider modifying template BAA to reflect special relationship (e.g., follow hospice HIPAA policies and procedures) 9

BUSINESS ASSOCIATE AGREEMENTS: PROVISIONS TO UPDATE OR ADD HIPAA Security Rule compliance details Limitation on subcontractors Notice of nonpermitted use/disclosure not just "breach" notification Audit rights and records retention requirements Indemnification 18 TIMING OF NEW BAAs Exception to September 23, 2103 compliance date for fully compliant BAAs in place prior to January 25, 2013 These BAAs will be deemed "compliant" until September 22, 2014 unless earlier renewed or modified 19 10

THE NEW BREACH STANDARD 20 THE BREACH NOTIFICATION RULE Interim Final Rule: August 24, 2009 Requires covered entities to give notice of breaches of unsecured PHI Requires BAs to notify covered entities of breaches Codified by Omnibus Rule with modifications 21 11

DEFINITION OF BREACH The acquisition, access, use or disclosure of PHI in a manner not permitted by HIPAA that compromises the privacy or security of the PHI 22 DEFINITION OF BREACH (cont.) Interim Final Rule: No breach unless significant risk of financial, reputational or other harm Omnibus Rule: Presumed to be breach unless covered entity demonstrates low probability that PHI was compromised 23 12

OTHER CHANGES TO BREACH NOTIFICATION RULE Limited Data Sets Interim Final Rule: Not a breach (if it excludes DOB and ZIP code) Omnibus Rule: Presumption of breach Minimum Necessary Rule Omnibus Rule clarifies that violations must be analyzed as potential breach 24 25 BREACH NOTIFICATION: FORMAL RISK ASSESSMENT Four factors to document: Nature and extent of PHI involved Persons who used PHI or to whom disclosed Whether PHI actually acquired or viewed Extent to which risks mitigated 13

HIGH RISK ACTIVITIES Using unsecure portable media devices to access, transmit, create, maintain or store PHI (e.g., smart phones, ipads, laptops, flash drives) Texting and e-mailing PHI Failing to encrypt laptops and other electronic media storage devices where PHI resides Failing to properly destroy/remove electronic PHI prior to disposal of device 26 OTHER CHANGES: FUNDRAISING, MARKETING AND SALE OF PHI 27 14

FUNDRAISING CHANGES Types of PHI that may be used for fundraising expanded (e.g., demographic info, name of attending physician, insurance status, outcomes) Must provide individuals option to opt out of additional fundraising communications No undue burden or more than nominal cost Must have data management systems and processes to ensure individuals who opt out do not receive additional communications 28 MARKETING CHANGES Must obtain authorization for all treatment or health care communications (e.g., availability of massage therapy, acupuncture, etc.) where the covered entity receives financial remuneration from a third party for making the communication, except for: 29 cost-based compensation to provide refill reminders or communicate about a drug or biologic that is currently being prescribed for the individual 15

SALE OF PHI Broad definition Includes direct or indirect compensation Authorization required that states that disclosure will result in remuneration to the covered entity 30 INDIVIDUAL RIGHTS 31 16

RIGHTS OF DECEASED INDIVIDUALS Covered entities must comply with Privacy Rule with respect to PHI for deceased individuals for 50 years after death If permitted under state law, may disclose PHI after death to family members, other relatives or close family friends involved in care or payment prior to death, unless inconsistent with prior expressed preferences of the individual 32 Questions? Type your questions using the "send note" button at the top of the screen. Using the dropdown box, send your note to REINHART BOERNER VAN DEUREN. We will answer as many questions as possible during our Q & A session at the end of the webinar. 33 17

THANK YOU! Thank you for attending our webinar. If you have questions, please contact your Reinhart attorney or one of our webinar presenters. Meg S.L. Pekarske Shareholder, co-chair of the firm's Hospice and Palliative Care Practice Group 608-229-2216 mpekarske@reinhartlaw.com Heather L. Fields Shareholder in the firm's Health Care Practice and Tax-Exempt Organizations Group 414-298-8166 hfields@reinhartlaw.com 34 18

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback