1 / 15

HIPAA: Privacy, Security, and HITECH, Oh My!

HIPAA: Privacy, Security, and HITECH, Oh My!. Presented by Stephanie L. Ganucheau, Special Assistant Attorney General. Knock, knock. HIPAA – 1996 Protects the security and privacy of all medical records and other health information shared in any form (oral, written, electronic, etc.).

Télécharger la présentation

HIPAA: Privacy, Security, and HITECH, Oh My!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General

  2. Knock, knock

  3. HIPAA – 1996Protects the security and privacy of all medical records and other health information shared in any form (oral, written, electronic, etc.).

  4. HIPAA Privacy Rule – First published 12-28-2000, then amended in 2002, with first compliance to begin on April 14, 2003Applies to covered entities and their usage and disclosure of protected health information.

  5. HIPAA Security Rule – Rule adopted in 2003, but first compliance to begin on April 20, 2005.This regulation provided guidance for protecting electronic personal health information, and specified various procedures for doing so. It applies to personal health information created, received, maintained, or transmitted by a covered entity in electronic form. It does not apply to PHI transmitted orally or in writing.

  6. HITECH became effective on 2-17-2009, with most compliance to begin in February 2010Widens the scope of privacy and security provisions; increases the potential legal liability for non-compliance; and it provides for more enforcement.

  7. Definitions • Covered Entities - 1) a health plan; 2) a health care clearinghouse; and 3) a health care provider who transmits any health information in electronic form in connection with various financial and administrative actions.

  8. Health Care Information - Any information, whether oral or recorded in any form or medium that: (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse, and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

  9. Individually Identifiable Health Information - Any information, including demographic information collected from an individual that: (A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (B) relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual, and (i) identifies the individual; or (ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.

  10. Business Associates - A person who, on behalf of a covered entity or of an organized health care arrangement in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement:(A) performs or assists in the performance of a function or activity involving the use or disclosure of protected health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities, billing, benefit management, and repricing; or (B) provides legal, actuarial, accounting, consulting, data aggregation, management, administration, accreditation, or financial services, when the provision of the service involves the disclosure of protected health information.

  11. A covered entity may be a business associate of another covered entity.Business Associate does not include: 1) a health care provider using the information for treatment purposes; 2) a plan sponsor for the purposes of making health care payments under a group insurance plan or HMO; and 3) a governmental agency with respect to determining eligibility for or enrollment in a governmental health plan.

  12. Changes Under HITECH Act • Business Associates and Business Associate Agreements • Notification Requirements • Heightened Civil Enforcement

  13. Potential Problem Areas

  14. Enforcement Actions

More Related