SlideShare une entreprise Scribd logo

Hipaa privacy and security 03192014

Télécharger en tant que PPTX, PDF
S
Samantha Haas
Santé & Médecine
1  sur  13
HIPAA Privacy And Security Presented by: Michele Madison Partner, Healthcare & Healthcare IT Practices Morris, Manning & Martin, LLP mmadison@mmmlaw.com Direct: 404-504-7621
Privacy and Security 2
HIPAA Omnibus Rule Purpose 3 Final Rule Addresses 4 Proposed Rules Published in 2009 and 2010 1. Strengthen the HIPAA Privacy and Security Requirements Mandated by HITECH (Proposed Rule July 2010) • Strengthen Restrictions on Marketing and Fundraising Activities • Enhanced Patient Rights on Access and Restricting Disclosures to Health Plans • Modify the Notice of Privacy Practices • Modify the Authorization process • Expands Direct Enforcement of HIPAA Requirements and Penalties to Business Associates
HIPAA Omnibus Rule Purposes 4 2. Adopt changes to the Enforcement Rule (Proposed October 2009) • New Tiered Civil Monetary Penalties Standards • Increased Monetary Penalties 3. Modifies the Breach Notification for Unsecured Protected Health Information by replacing the breach notification rule‘s ‗‗harm‘‘ threshold with a more objective standard. (Proposed Rule August 2009 –supplanted) 4. Modifies HIPAA to conform with Genetic Information Nondiscrimination Act
Important Dates and Laws 5 1. HIPAA – Privacy Rule Effective on April 14, 2003 Security Rule Effective on April 20, 2005 2. HITECH signed February 17, 2009 • Interim Final Rule on Breach of Unsecured PHI– August 24, 2009 and effective on September 23, 2009 • Interim Final Rule on Civil Monetary Penalty—October 30, 2009 and effective on November 30, 2009 • Proposed Rule on July 14, 2010 3. GINA 2008 – Proposed Rule to address HIPAA on October 7, 2009
Effective Dates 6 Final Rule Provisions:  Final Rule Effective on March 26, 2013  Compliance Deadline September 23, 2013 (for Privacy and Security)  Business Associates flexible compliance date standards  Transition provisions permit time to address documents and practices to establish compliance
Security Risk Assessment 7  Ensure the full Risk Assessment has been completed - Administrative - Physical - Technical Safeguards  This is part of the Meaningful Use Requirements
Security Breach Notification 8 • Old standard: Notification required where ―significant risk of financial, reputational, or other harm to individual‖. Burden was on CE or BA to show there was no significant risk. • New standard: Subject to certain existing exceptions, any access, use or disclosure of unsecured PHI in violation of Privacy Rule is presumed a breach unless demonstrate low probability that PHI has been compromised based on risk assessment involving at least the following factors: – Nature and extent of PHI involved, including types of identifiers and likelihood of re-identification – Unauthorized person who used the PHI or to whom disclosure was made – Whether PHI was actually acquired or viewed – Extent to which risk to PHI has been mitigated • Rule also eliminates exception for limited data sets that do not contain dates of birth or zip codes.
Common Violations 9  Of the 90,000 complaints investigated most are, compiled cumulatively, in order of frequency:  Impermissible uses and disclosures of protected health information;  Lack of safeguards of protected health information;  Lack of patient access to their protected health information;  Uses or disclosures of more than the minimum necessary protected health information; and  Lack of administrative safeguards of electronic protected health information.
Most Common Violators 10 The most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:  PRIVATE PRACTICES;  General Hospitals;  Outpatient Facilities;  Health Plans (group health plans and health insurance issuers); and,  Pharmacies.
Enforcement Activities 11 Adult & Pediatric Dermatology, P.C., of Concord, Massachusetts (APDerm) -$150,000.00 Affinity Health Plan, Inc. will settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules for $1,215,780. WellPoint Inc. has agreed to pay the U.S. Department of Health and Human Services $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
Major Steps to Take Now 12 • Evaluate BA and subcontractor status • Evaluate BA and subcontractor agreements for compliance and amend as appropriate • Evaluate whether BAs and subcontractors are federal common law agents • Review Security Rule compliance • Implement BA policies and procedures as appropriate—for example, minimum necessary • Amend security breach policies and procedures appropriately • Ensure the Security Risk Assessment and policies are completed and in effect
Questions 13 Michele Madison, Partner, Morris, Manning & Martin, LLP Healthcare & Healthcare IT Practices mmadison@mmmlaw.com Direct: 404-504-7621

Recommandé

HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesJose Ivan Delgado, Ph.D.
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector PlanCyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector Plansarahb171
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 

Recommandé

HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesJose Ivan Delgado, Ph.D.
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector PlanCyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector Plansarahb171
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2complianceonline123
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Protecting patient privacy
Protecting patient privacyProtecting patient privacy
Protecting patient privacydlemin919
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Alexander Davis
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunellesjbusnpa
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Armor
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rulecomplianceonline123
 
How to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHow to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHanna Global
 
HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus PresentationCompliancy Group
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAAManas Deep
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHostway|HOSTING
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and trainingLaDavia Day, MHA, BS
 
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinarHipaa omnibus presentation webinar
Hipaa omnibus presentation webinarHIPAA Continuity Plannaers
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Arpitha Aarushi
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibuswardell henley
 

Contenu connexe

Tendances

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Protecting patient privacy
Protecting patient privacyProtecting patient privacy
Protecting patient privacydlemin919
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Alexander Davis
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunellesjbusnpa
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Armor
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rulecomplianceonline123
 
How to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHow to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHanna Global
 
HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus PresentationCompliancy Group
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAAManas Deep
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHostway|HOSTING
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and trainingLaDavia Day, MHA, BS
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 

Tendances (20)

Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
 
Protecting patient privacy
Protecting patient privacyProtecting patient privacy
Protecting patient privacy
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunelle
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rule
 
How to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHow to Ensure HIPPA Compliance
How to Ensure HIPPA Compliance
 
HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus Presentation
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and training
 
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinarHipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 

Similaire à Hipaa privacy and security 03192014

Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Arpitha Aarushi
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceThomas Bronack
 
PanoMed HIPAA Omnibus Compendium
PanoMed HIPAA Omnibus CompendiumPanoMed HIPAA Omnibus Compendium
PanoMed HIPAA Omnibus CompendiumOmar Vázquez
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationThomas Bronack
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilituescomplianceexpert
 
Hipaa in clinical trails
Hipaa in clinical trailsHipaa in clinical trails
Hipaa in clinical trailsTejaswi Reddy
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
Describe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfDescribe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfmohammedfootwear
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersLawgical
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 

Similaire à Hipaa privacy and security 03192014 (20)

Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry compliance
 
PanoMed HIPAA Omnibus Compendium
PanoMed HIPAA Omnibus CompendiumPanoMed HIPAA Omnibus Compendium
PanoMed HIPAA Omnibus Compendium
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & Security
 
HiPAA info
HiPAA infoHiPAA info
HiPAA info
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance Presentation
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilitues
 
Hipaa in clinical trails
Hipaa in clinical trailsHipaa in clinical trails
Hipaa in clinical trails
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
Describe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfDescribe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdf
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummies
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process Servers
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 

Plus de Samantha Haas

Tammy carter troy spicer pp
Tammy carter troy spicer ppTammy carter troy spicer pp
Tammy carter troy spicer ppSamantha Haas
 
Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...
Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...
Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...Samantha Haas
 
Savannah innovations
Savannah innovationsSavannah innovations
Savannah innovationsSamantha Haas
 
Paula guy gpt 3-27-2015
Paula guy gpt 3-27-2015Paula guy gpt 3-27-2015
Paula guy gpt 3-27-2015Samantha Haas
 
Mario gutierrez georgia trc 2015 mario final
Mario gutierrez georgia trc 2015 mario finalMario gutierrez georgia trc 2015 mario final
Mario gutierrez georgia trc 2015 mario finalSamantha Haas
 
Kelly kesler gpt savannah aiha
Kelly kesler gpt savannah aihaKelly kesler gpt savannah aiha
Kelly kesler gpt savannah aihaSamantha Haas
 
Joseph ebberwein 2015 gpt conference
Joseph ebberwein 2015 gpt conferenceJoseph ebberwein 2015 gpt conference
Joseph ebberwein 2015 gpt conferenceSamantha Haas
 
Jonathan neufeld nuts and bolts
Jonathan neufeld nuts and boltsJonathan neufeld nuts and bolts
Jonathan neufeld nuts and boltsSamantha Haas
 
Jessica aspinwall mumc telemedicine presentation
Jessica aspinwall mumc telemedicine presentationJessica aspinwall mumc telemedicine presentation
Jessica aspinwall mumc telemedicine presentationSamantha Haas
 
Jerry kolosky gpt 032615 v2.0
Jerry kolosky gpt 032615 v2.0Jerry kolosky gpt 032615 v2.0
Jerry kolosky gpt 032615 v2.0Samantha Haas
 
Jeff robbins tift regional-power point
Jeff robbins tift regional-power pointJeff robbins tift regional-power point
Jeff robbins tift regional-power pointSamantha Haas
 
Gpt 2015 conference exhibitor slide show
Gpt 2015 conference exhibitor slide showGpt 2015 conference exhibitor slide show
Gpt 2015 conference exhibitor slide showSamantha Haas
 
Ellen bolch & max stachura advanced telehomecare
Ellen bolch & max stachura advanced telehomecareEllen bolch & max stachura advanced telehomecare
Ellen bolch & max stachura advanced telehomecareSamantha Haas
 
Dr. zanga power point
Dr. zanga power pointDr. zanga power point
Dr. zanga power pointSamantha Haas
 
Dr. winston price decatur co telehealth march 26
Dr. winston price decatur co telehealth march 26Dr. winston price decatur co telehealth march 26
Dr. winston price decatur co telehealth march 26Samantha Haas
 

Plus de Samantha Haas (20)

Tammy carter troy spicer pp
Tammy carter troy spicer ppTammy carter troy spicer pp
Tammy carter troy spicer pp
 
Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...
Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...
Suleima salgado dph telehealth telemedicine presentation gpt conference_s_sal...
 
Savannah innovations
Savannah innovationsSavannah innovations
Savannah innovations
 
Savannah gpt
Savannah gptSavannah gpt
Savannah gpt
 
Paula guy gpt 3-27-2015
Paula guy gpt 3-27-2015Paula guy gpt 3-27-2015
Paula guy gpt 3-27-2015
 
Nsat mar2015
Nsat mar2015Nsat mar2015
Nsat mar2015
 
Michael osborne
Michael osborneMichael osborne
Michael osborne
 
Mario gutierrez georgia trc 2015 mario final
Mario gutierrez georgia trc 2015 mario finalMario gutierrez georgia trc 2015 mario final
Mario gutierrez georgia trc 2015 mario final
 
Kelly kesler gpt savannah aiha
Kelly kesler gpt savannah aihaKelly kesler gpt savannah aiha
Kelly kesler gpt savannah aiha
 
Kayla money's pp
Kayla money's ppKayla money's pp
Kayla money's pp
 
Joseph ebberwein 2015 gpt conference
Joseph ebberwein 2015 gpt conferenceJoseph ebberwein 2015 gpt conference
Joseph ebberwein 2015 gpt conference
 
Jonathan neufeld nuts and bolts
Jonathan neufeld nuts and boltsJonathan neufeld nuts and bolts
Jonathan neufeld nuts and bolts
 
Jessica aspinwall mumc telemedicine presentation
Jessica aspinwall mumc telemedicine presentationJessica aspinwall mumc telemedicine presentation
Jessica aspinwall mumc telemedicine presentation
 
Jerry kolosky gpt 032615 v2.0
Jerry kolosky gpt 032615 v2.0Jerry kolosky gpt 032615 v2.0
Jerry kolosky gpt 032615 v2.0
 
Jeff robbins tift regional-power point
Jeff robbins tift regional-power pointJeff robbins tift regional-power point
Jeff robbins tift regional-power point
 
Gpt logo slide
Gpt logo slideGpt logo slide
Gpt logo slide
 
Gpt 2015 conference exhibitor slide show
Gpt 2015 conference exhibitor slide showGpt 2015 conference exhibitor slide show
Gpt 2015 conference exhibitor slide show
 
Ellen bolch & max stachura advanced telehomecare
Ellen bolch & max stachura advanced telehomecareEllen bolch & max stachura advanced telehomecare
Ellen bolch & max stachura advanced telehomecare
 
Dr. zanga power point
Dr. zanga power pointDr. zanga power point
Dr. zanga power point
 
Dr. winston price decatur co telehealth march 26
Dr. winston price decatur co telehealth march 26Dr. winston price decatur co telehealth march 26
Dr. winston price decatur co telehealth march 26
 

Dernier

History and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfHistory and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfSasikiranMarri
 
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
world health day presentation ppt download
world health day presentation ppt downloadworld health day presentation ppt download
world health day presentation ppt downloadAnkitKumar311566
 
call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Pharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingPharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingArunagarwal328757
 
epilepsy and status epilepticus for undergraduate.pptx
epilepsy and status epilepticus for undergraduate.pptxepilepsy and status epilepticus for undergraduate.pptx
epilepsy and status epilepticus for undergraduate.pptxMohamed Rizk Khodair
 
Apiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.pptApiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.pptkedirjemalharun
 
Measurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxMeasurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxDr. Dheeraj Kumar
 
Let's Talk About It: To Disclose or Not to Disclose?
Let's Talk About It: To Disclose or Not to Disclose?Let's Talk About It: To Disclose or Not to Disclose?
Let's Talk About It: To Disclose or Not to Disclose?bkling
 
Glomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptxGlomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptxDr.Nusrat Tariq
 
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...Wessex Health Partners
 
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxCOVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxBibekananda shah
 
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic AnalysisVarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic AnalysisGolden Helix
 
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...saminamagar
 
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
SWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.pptSWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.pptMumux Mirani
 
Biomechanics- Shoulder Joint!!!!!!!!!!!!
Biomechanics- Shoulder Joint!!!!!!!!!!!!Biomechanics- Shoulder Joint!!!!!!!!!!!!
Biomechanics- Shoulder Joint!!!!!!!!!!!!ibtesaam huma
 
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROApril 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROKanhu Charan
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfPULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfDolisha Warbi
 
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 

Dernier (20)

History and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfHistory and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdf
 
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
world health day presentation ppt download
world health day presentation ppt downloadworld health day presentation ppt download
world health day presentation ppt download
 
call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in munirka DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Pharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingPharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, Pricing
 
epilepsy and status epilepticus for undergraduate.pptx
epilepsy and status epilepticus for undergraduate.pptxepilepsy and status epilepticus for undergraduate.pptx
epilepsy and status epilepticus for undergraduate.pptx
 
Apiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.pptApiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.ppt
 
Measurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxMeasurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptx
 
Let's Talk About It: To Disclose or Not to Disclose?
Let's Talk About It: To Disclose or Not to Disclose?Let's Talk About It: To Disclose or Not to Disclose?
Let's Talk About It: To Disclose or Not to Disclose?
 
Glomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptxGlomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptx
 
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
 
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxCOVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
 
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic AnalysisVarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
 
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
 
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
SWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.pptSWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.ppt
 
Biomechanics- Shoulder Joint!!!!!!!!!!!!
Biomechanics- Shoulder Joint!!!!!!!!!!!!Biomechanics- Shoulder Joint!!!!!!!!!!!!
Biomechanics- Shoulder Joint!!!!!!!!!!!!
 
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROApril 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfPULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
 
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 

Hipaa privacy and security 03192014

  • 1. HIPAA Privacy And Security Presented by: Michele Madison Partner, Healthcare & Healthcare IT Practices Morris, Manning & Martin, LLP mmadison@mmmlaw.com Direct: 404-504-7621
  • 3. HIPAA Omnibus Rule Purpose 3 Final Rule Addresses 4 Proposed Rules Published in 2009 and 2010 1. Strengthen the HIPAA Privacy and Security Requirements Mandated by HITECH (Proposed Rule July 2010) • Strengthen Restrictions on Marketing and Fundraising Activities • Enhanced Patient Rights on Access and Restricting Disclosures to Health Plans • Modify the Notice of Privacy Practices • Modify the Authorization process • Expands Direct Enforcement of HIPAA Requirements and Penalties to Business Associates
  • 4. HIPAA Omnibus Rule Purposes 4 2. Adopt changes to the Enforcement Rule (Proposed October 2009) • New Tiered Civil Monetary Penalties Standards • Increased Monetary Penalties 3. Modifies the Breach Notification for Unsecured Protected Health Information by replacing the breach notification rule‘s ‗‗harm‘‘ threshold with a more objective standard. (Proposed Rule August 2009 –supplanted) 4. Modifies HIPAA to conform with Genetic Information Nondiscrimination Act
  • 5. Important Dates and Laws 5 1. HIPAA – Privacy Rule Effective on April 14, 2003 Security Rule Effective on April 20, 2005 2. HITECH signed February 17, 2009 • Interim Final Rule on Breach of Unsecured PHI– August 24, 2009 and effective on September 23, 2009 • Interim Final Rule on Civil Monetary Penalty—October 30, 2009 and effective on November 30, 2009 • Proposed Rule on July 14, 2010 3. GINA 2008 – Proposed Rule to address HIPAA on October 7, 2009
  • 6. Effective Dates 6 Final Rule Provisions:  Final Rule Effective on March 26, 2013  Compliance Deadline September 23, 2013 (for Privacy and Security)  Business Associates flexible compliance date standards  Transition provisions permit time to address documents and practices to establish compliance
  • 7. Security Risk Assessment 7  Ensure the full Risk Assessment has been completed - Administrative - Physical - Technical Safeguards  This is part of the Meaningful Use Requirements
  • 8. Security Breach Notification 8 • Old standard: Notification required where ―significant risk of financial, reputational, or other harm to individual‖. Burden was on CE or BA to show there was no significant risk. • New standard: Subject to certain existing exceptions, any access, use or disclosure of unsecured PHI in violation of Privacy Rule is presumed a breach unless demonstrate low probability that PHI has been compromised based on risk assessment involving at least the following factors: – Nature and extent of PHI involved, including types of identifiers and likelihood of re-identification – Unauthorized person who used the PHI or to whom disclosure was made – Whether PHI was actually acquired or viewed – Extent to which risk to PHI has been mitigated • Rule also eliminates exception for limited data sets that do not contain dates of birth or zip codes.
  • 9. Common Violations 9  Of the 90,000 complaints investigated most are, compiled cumulatively, in order of frequency:  Impermissible uses and disclosures of protected health information;  Lack of safeguards of protected health information;  Lack of patient access to their protected health information;  Uses or disclosures of more than the minimum necessary protected health information; and  Lack of administrative safeguards of electronic protected health information.
  • 10. Most Common Violators 10 The most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:  PRIVATE PRACTICES;  General Hospitals;  Outpatient Facilities;  Health Plans (group health plans and health insurance issuers); and,  Pharmacies.
  • 11. Enforcement Activities 11 Adult & Pediatric Dermatology, P.C., of Concord, Massachusetts (APDerm) -$150,000.00 Affinity Health Plan, Inc. will settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules for $1,215,780. WellPoint Inc. has agreed to pay the U.S. Department of Health and Human Services $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
  • 12. Major Steps to Take Now 12 • Evaluate BA and subcontractor status • Evaluate BA and subcontractor agreements for compliance and amend as appropriate • Evaluate whether BAs and subcontractors are federal common law agents • Review Security Rule compliance • Implement BA policies and procedures as appropriate—for example, minimum necessary • Amend security breach policies and procedures appropriately • Ensure the Security Risk Assessment and policies are completed and in effect
  • 13. Questions 13 Michele Madison, Partner, Morris, Manning & Martin, LLP Healthcare & Healthcare IT Practices mmadison@mmmlaw.com Direct: 404-504-7621