SlideShare une entreprise Scribd logo

Legal implications of HIPAA, HITECH and BAAs

Online Tech
Online Tech
TechnologieÉconomie & financeBusiness
1  sur  10
• HIPAA (Health Insurance Portability and Accountability Act) • Passed in 1996 • Enacted to protect health information • transaction standards for the exchange of health information • security standards • privacy standards • Protects “protected health information” • means individually identifiable health information that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium • there are certain exclusions such as education records and employment records held by a covered entity in its role as employer
• Applies to “covered entities” • Covered entity means (1) A health plan, (2) A health care clearinghouse, (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter • Health information means any information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, . . .employer, . . . and (2) Relates to the past, present, OR future physical or mental health or condition of an individual; the provision of health care to an individual; OR the past, present, or future payment for the provision of health care to an individual.
• Also applies to the “business associates” of covered entities • Business associate means broadly, a person who “performs, or assists in the performance of . . . a function or activity involving the use or disclosure of individually identifiable health information” • including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing • Broadly, this means that if you use or receive PHI, then you are either a covered entity or a business associate
• HITECH (Health Information Technology for Economic and Clinical Health) • Signed into law on February 17, 2009 • Provides for the adoption of electronic health records • Also adds new breach provisions • "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information"
HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements
HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements • What are an entity’s Obligations? • Investigate, give notice, reprimand, record/notify Secretary of Health and Human Services • If over 500 individuals affected, then must report to the Secretary • As of September 26, 2011, 330 reports (several organizations more than once), impacting more than 11 million records
Getting out of Breach Notification • Only provide the required notification if the breach involved unsecured protected health information • Unsecured PHI is PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance
Getting out of Breach Notification • Guidance available: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificatio nrule/brguidance.html (and is to be updated annually) • Data at Rest: NIST • Data in Motion:
Legal implications of HIPAA, HITECH and BAAs

Recommandé

Hippa
Hippa Hippa
Hippa penetration Tester
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Tina Norris
 
Hippa
HippaHippa
HippaBetty Davis
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaadigitalpractice
 
Confidentiality presentation(1)
Confidentiality presentation(1)Confidentiality presentation(1)
Confidentiality presentation(1)Kimberlin1
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedGretchen Husted
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017Ashley Valenzuela
 

Recommandé

Hippa
Hippa Hippa
Hippa penetration Tester
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Tina Norris
 
Hippa
HippaHippa
HippaBetty Davis
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaadigitalpractice
 
Confidentiality presentation(1)
Confidentiality presentation(1)Confidentiality presentation(1)
Confidentiality presentation(1)Kimberlin1
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedGretchen Husted
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017Ashley Valenzuela
 
DVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PADVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PAWilliam Buddy Gillespie ITIL Certified
 
Understanding the HIPPA Act
Understanding the HIPPA ActUnderstanding the HIPPA Act
Understanding the HIPPA ActAlice Bell, M.B.A.
 
Hipaa training
Hipaa trainingHipaa training
Hipaa trainingschmoikel987
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refreshererikalsm
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingridley27
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Hi103 week 5 chpt 13
Hi103 week 5 chpt 13Hi103 week 5 chpt 13
Hi103 week 5 chpt 13BealCollegeOnline
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingndejesus4
 
Hippa laws
Hippa lawsHippa laws
Hippa lawsBecky Bauer
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersLawgical
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection ActsJoseph White MPA CPM
 

Contenu connexe

Tendances

Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refreshererikalsm
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingridley27
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingndejesus4
 

Tendances (20)

DVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PADVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PA
 
Understanding the HIPPA Act
Understanding the HIPPA ActUnderstanding the HIPPA Act
Understanding the HIPPA Act
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refresher
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynch
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide show
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
 
Hi103 week 5 chpt 13
Hi103 week 5 chpt 13Hi103 week 5 chpt 13
Hi103 week 5 chpt 13
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 
Hippa laws
Hippa lawsHippa laws
Hippa laws
 

Similaire à Legal implications of HIPAA, HITECH and BAAs

HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersLawgical
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptxQmcleod
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptxQmcleod
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
HIPAA and Privacy Training
HIPAA and Privacy TrainingHIPAA and Privacy Training
HIPAA and Privacy TrainingJasAmataga
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
2017 HIPAA Clinical Research Training
2017 HIPAA Clinical Research Training2017 HIPAA Clinical Research Training
2017 HIPAA Clinical Research TrainingCynthia Holland
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Xiaoming Zeng
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYDenise Masella
 
Mha690 week 1 discusssion 2
Mha690 week 1 discusssion 2 Mha690 week 1 discusssion 2
Mha690 week 1 discusssion 2 Aletha Ratcliff
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationsmallwoods
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationsmallwoods
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationsmallwoods
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2martykoepke
 

Similaire à Legal implications of HIPAA, HITECH and BAAs (20)

HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process Servers
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
HIPAA2
HIPAA2HIPAA2
HIPAA2
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA and Privacy Training
HIPAA and Privacy TrainingHIPAA and Privacy Training
HIPAA and Privacy Training
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
2017 HIPAA Clinical Research Training
2017 HIPAA Clinical Research Training2017 HIPAA Clinical Research Training
2017 HIPAA Clinical Research Training
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
Phi masella
Phi masellaPhi masella
Phi masella
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
 
Mha690 week 1 discusssion 2
Mha690 week 1 discusssion 2 Mha690 week 1 discusssion 2
Mha690 week 1 discusssion 2
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2
 

Plus de Online Tech

New Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudNew Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudOnline Tech
 
Cloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery FrameworkCloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery FrameworkOnline Tech
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the CloudOnline Tech
 
Disaster Recovery in the Cloud -- A Failover Testing Case Study
Disaster Recovery in the Cloud -- A Failover Testing Case StudyDisaster Recovery in the Cloud -- A Failover Testing Case Study
Disaster Recovery in the Cloud -- A Failover Testing Case StudyOnline Tech
 
Navigating the World of Cloud Computing
Navigating the World of Cloud ComputingNavigating the World of Cloud Computing
Navigating the World of Cloud ComputingOnline Tech
 
Colocation Basics for Small to Medium Sized Businesses
Colocation Basics for Small to Medium Sized BusinessesColocation Basics for Small to Medium Sized Businesses
Colocation Basics for Small to Medium Sized BusinessesOnline Tech
 

Plus de Online Tech (6)

New Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudNew Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the Cloud
 
Cloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery FrameworkCloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery Framework
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
 
Disaster Recovery in the Cloud -- A Failover Testing Case Study
Disaster Recovery in the Cloud -- A Failover Testing Case StudyDisaster Recovery in the Cloud -- A Failover Testing Case Study
Disaster Recovery in the Cloud -- A Failover Testing Case Study
 
Navigating the World of Cloud Computing
Navigating the World of Cloud ComputingNavigating the World of Cloud Computing
Navigating the World of Cloud Computing
 
Colocation Basics for Small to Medium Sized Businesses
Colocation Basics for Small to Medium Sized BusinessesColocation Basics for Small to Medium Sized Businesses
Colocation Basics for Small to Medium Sized Businesses
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 

Legal implications of HIPAA, HITECH and BAAs

  • 1.
  • 2. • HIPAA (Health Insurance Portability and Accountability Act) • Passed in 1996 • Enacted to protect health information • transaction standards for the exchange of health information • security standards • privacy standards • Protects “protected health information” • means individually identifiable health information that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium • there are certain exclusions such as education records and employment records held by a covered entity in its role as employer
  • 3. • Applies to “covered entities” • Covered entity means (1) A health plan, (2) A health care clearinghouse, (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter • Health information means any information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, . . .employer, . . . and (2) Relates to the past, present, OR future physical or mental health or condition of an individual; the provision of health care to an individual; OR the past, present, or future payment for the provision of health care to an individual.
  • 4. • Also applies to the “business associates” of covered entities • Business associate means broadly, a person who “performs, or assists in the performance of . . . a function or activity involving the use or disclosure of individually identifiable health information” • including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing • Broadly, this means that if you use or receive PHI, then you are either a covered entity or a business associate
  • 5. • HITECH (Health Information Technology for Economic and Clinical Health) • Signed into law on February 17, 2009 • Provides for the adoption of electronic health records • Also adds new breach provisions • "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information"
  • 6. HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements
  • 7. HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements • What are an entity’s Obligations? • Investigate, give notice, reprimand, record/notify Secretary of Health and Human Services • If over 500 individuals affected, then must report to the Secretary • As of September 26, 2011, 330 reports (several organizations more than once), impacting more than 11 million records
  • 8. Getting out of Breach Notification • Only provide the required notification if the breach involved unsecured protected health information • Unsecured PHI is PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance
  • 9. Getting out of Breach Notification • Guidance available: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificatio nrule/brguidance.html (and is to be updated annually) • Data at Rest: NIST • Data in Motion: