an update on hipaa policy and enforcement ncvhs
play

An Update on HIPAA Policy and Enforcement NCVHS Rachel Seeger, - PowerPoint PPT Presentation

Sep 20, 2023 •25 likes •285 views

An Update on HIPAA Policy and Enforcement NCVHS Rachel Seeger, MPA, MA HHS Office for Civil Rights May 15, 2018 U.S. Department of Health and Human Services Office for Civil Rights 1 HIPAA Policy Development U.S. Department of Health and

  1. An Update on HIPAA Policy and Enforcement NCVHS Rachel Seeger, MPA, MA HHS Office for Civil Rights May 15, 2018 U.S. Department of Health and Human Services – Office for Civil Rights 1

  2. HIPAA Policy Development U.S. Department of Health and Human Services – Office for Civil Rights 2

  3. OCR Responds to Nation’s Opioid Crisis • Opioid abuse crisis and national health emergencies have heightened concerns about providers’: – ability to notify patients’ family and friends when a patient has overdosed – reluctance to share health information with patients’ families in an emergency or crisis situation, particularly patients with serious mental illness and substance use disorder – uncertainty about HIPAA permissions for sharing information when a patient is incapacitated or presents a threat to self or others U.S. Department of Health and Human Services – Office for Civil Rights 3

  4. New OCR Guidance on HIPAA and Information Related to Mental and Behavioral Health • Opioid Overdose Guidance (issued 10/27/2017) • Updated Guidance on Sharing Information Related to Mental Health (new additions to 2014 guidance) • 30 Frequently Asked Questions • New Materials for Professionals and Consumers – Fact Sheets for patients, families, and health care providers – Information-sharing Decision Charts U.S. Department of Health and Human Services – Office for Civil Rights 4

  5. Dangerous Patients and Public Safety Disclosures • Disclosures are permitted without the patient’s authorization or permission to law enforcement, family, friends or others who are in a position to lessen the threatened harm —when disclosure “is necessary to prevent or lessen a serious and imminent threat to the health or safety of the patient or others.” • Disclosures must be consistent with applicable law. U.S. Department of Health and Human Services – Office for Civil Rights 5

  6. Where to Find OCR's New Materials • For professionals: https://www.hhs.gov/hipaa/for- professionals/index.html > Special Topics > Mental Health & Substance Use Disorders • For consumers: https://www.hhs.gov/hipaa/for- individuals/index.html > Mental Health & Substance Use Disorders • Mental Health FAQ Database: https://www.hhs.gov/hipaa/for professionals/faq/mental-health • Future FERPA and HIPAA Joint Guidance U.S. Department of Health and Human Services – Office for Civil Rights 6

  7. Proposed Changes to HIPAA Privacy and Enforcement Rules • NPRM on Presumption of Good Faith of Health Care Providers • NPRM on Changing Requirement to Obtain Acknowledgment of Receipt of Notice of Privacy Practices • Request for Information on Distribution of a Percentage of Civil Monetary Penalties or Monetary Settlements to Harmed Individuals U.S. Department of Health and Human Services – Office for Civil Rights 7

  8. Future HIPAA Guidance • Texting • Social Media • Encryption U.S. Department of Health and Human Services – Office for Civil Rights 8

  9. RECENT HIPAA ENFORCEMENT AND BREACH HIGHLIGHTS U.S. Department of Health and Human Services – Office for Civil Rights 9

  10. HIPAA Enforcement Highlights April 14, 2003 – January 31, 2018 • Over 175,534 complaints received to date • Over 25,742 cases resolved with corrective action and/or technical assistance • Expect to receive 24,000 complaints this year U.S. Department of Health and Human Services – Office for Civil Rights 10

  11. Enforcement, cont. • In most cases, entities are able to demonstrate satisfactory compliance through voluntary cooperation and corrective action during the investigation • In some cases though, the nature or scope of indicated noncompliance warrants additional enforcement action • Resolution Agreements/Corrective Action Plans • 52 settlement agreements that include detailed corrective action plans and monetary settlement amounts • 3 civil money penalties U.S. Department of Health and Human Services – Office for Civil Rights 11

  12. HIPAA Enforcement since April 2017 4/12/2017 Metro Community Provider Network $400,000 4/21/2017 Center for Children's Digestive Health $31,000 4/21/2017 CardioNet $2,500,000 5/10/2017 Memorial Hermann Health System $2,400,000 5/23/2017 St. Luke's-Roosevelt Hospital Center $387,200 12/28/2017 21st Century Oncology $2,300,000 2/1/2018 Fresenius Medical Care North America $3,500,000 2/13/2018 FileFax $100,000 Total $11,618,200 U.S. Department of Health and Human Services – Office for Civil Rights 12

  13. HIPAA Resolution Agreements and Civil Monetary Penalties 50 settlement agreements and 3 civil money penalties through 2017 U.S. Department of Health and Human Services – Office for Civil Rights 13

  14. Recurring Compliance Issues • Business Associate Agreements • Risk Analysis • Failure to Manage Identified Risk, e.g. Encryption • Lack of Transmission Security • Lack of Appropriate Auditing • No Patching of Software • Insider Threat • Improper Disposal • Insufficient Data Backup and Contingency Planning U.S. Department of Health and Human Services – Office for Civil Rights 14

  15. New HIPAA Breach Reporting Tool • The revised web tool still publicly reports all breaches involving 500 or more records – but presents that information in a more understandable way. • The HBRT also features improved navigation for both those looking for information on breaches and ease-of-use for organizations reporting incidents. • The tool helps educate industry on the types of breaches that are occurring, industry-wide or within particular sectors, and how breaches are commonly resolved following investigations launched by OCR, which can help industry improve the security posture of their organizations. U.S. Department of Health and Human Services – Office for Civil Rights 15

  16. Key Improvements Indicates active cases under investigation within last 24 months Help for consumers provides tools on identity theft Archive tab takes users to OCR’s database of all breach cases https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf U.S. Department of Health and Human Services – Office for Civil Rights 16

  17. Advanced Search Functions U.S. Department of Health and Human Services – Office for Civil Rights 17

  18. Latest Breach Reporting Highlights September 2009 through February 28, 2018 • Approximately 2,222 reports involving a breach of PHI affecting 500 or more individuals – Theft and Loss are 46% of large breaches – Hacking/IT now account for 19% of incidents – Laptops and other portable storage devices account for 25% of large breaches – Paper records are 21% of large breaches – Individuals affected are approximately 177,298,024 • Approximately 341,002 reports of breaches of PHI affecting fewer than 500 individuals U.S. Department of Health and Human Services – Office for Civil Rights 18

  19. 500+ Breaches by Type of Breach from September 2009 through February 28, 2018 Unknown Improper 1% Disposal 3% Other 4% Hacking/IT Theft 19% 38% Unauthorized Access/Disclosur e Loss 28% 8% U.S. Department of Health and Human Services – Office for Civil Rights 19

  20. 500+ Breaches by Type of Breach from March 1, 2015 – February 28, 2018 Improper Disposal 2% Theft 20% Hacking/IT 34% Loss 5% Unauthorized Access/Disclosure 39% U.S. Department of Health and Human Services – Office for Civil Rights 20

  21. 500+ Breaches by Location of Breach from September 2009 through January 31, 2018 Other 10% EMR Paper Records 6% 21% Email 11% Desktop Computer 10% Network Server 17% Laptop 16% Portable Electronic Device 9% U.S. Department of Health and Human Services – Office for Civil Rights 21

  22. 500+ Breaches by Location of Breach from September 2009 through January 31, 2018 Other 9% Paper Records EMR 21% 9% Desktop Computer Email 8% 16% Laptop 9% Network Server 22% Portable Electronic Device 6% U.S. Department of Health and Human Services – Office for Civil Rights 22

  23. Cyber Security Guidance Material U.S. Department of Health and Human Services – Office for Civil Rights 23

  24. Ransomware • Following the May 2017 WannaCry ransomware attack, HHS reminded organizations to adhere to the OCR ransomware guidance as part of strong cyber hygiene. • OCR presumes a breach in the case of a ransomware attack. U.S. Department of Health and Human Services – Office for Civil Rights 24

  25. Cybersecurity Resources ⚫ Newsletters http://www.hhs.gov/hipaa/for- professionals/security/guidance/index.html ⚫ Health Information Technology Portal http://hipaaQsportal.hhs.gov ⚫ Medscape http://www.medscape.org/viewarticle/876110 U.S. Department of Health and Human Services – Office for Civil Rights 25

  26. For More Information http://www.hhs.gov/hipaa Join our Privacy and Security listservs at https://www.hhs.gov/hipaa/for- professionals/list-serve/ Find us on Twitter @hhsocr U.S. Department of Health and Human Services – Office for Civil Rights 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS Subcommittee on Privacy, Confidentiality and Security September 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other

189 views • 15 slides
Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement

Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement

Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement HIPAA Security 2 HIPAA & Research HIPAA & Research 4 HIPAA & Research PHI Disclosure for PHI Use for Research Research

752 views • 59 slides
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a persons medical records for court proceedings and law enforcement purposes. A) Entities covered by HIPAA The medical records of a patient

405 views • 6 slides
The Irish Waste Management Conference Waste policy and enforcement: update Alison Fanagan 28

The Irish Waste Management Conference Waste policy and enforcement: update Alison Fanagan 28

The Irish Waste Management Conference Waste policy and enforcement: update Alison Fanagan 28 November 2019 M-47824253-1 Introduction Waste policy Waste enforcement 2012 A resource opportunity: up for review What are Irelands

400 views • 28 slides
National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards Hearing on

National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards Hearing on

National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards Hearing on HIPAA and ACA Administrative Simplification Attachment Standards Testimony by Don St Jacques, Senior Vice President Jopari Solutions, Inc. Feb 16,

271 views • 12 slides
HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs, MS, RHIA, CHP, FAHIMA AGENDA OCRs Task List OCRs Guidance OCRs Enforcement Activities Phase 2 Audits Preparation

338 views • 16 slides
HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

Presenting a live 90 minute webinar with interactive Q&A HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches THURS DAY, MAY 5, 2011 1pm Eastern

836 views • 56 slides
Fare enforcement policy update Rider Experience and Operations Committee Executive Committee

Fare enforcement policy update Rider Experience and Operations Committee Executive Committee

Fare enforcement policy update Rider Experience and Operations Committee Executive Committee February 6, 2020 Agenda Briefing with no Board action required at this time. Process update. Discuss findings from onboard survey, online

800 views • 45 slides
Enforcement Policy Presented by Cris Carrigan David Boyers, & Dr. Matthew Buffleben State

Enforcement Policy Presented by Cris Carrigan David Boyers, & Dr. Matthew Buffleben State

2017 Update: Enforcement Policy Presented by Cris Carrigan David Boyers, & Dr. Matthew Buffleben State Water Resources Control Board Office of Enforcement February 7, 2017 Board Meeting Item 5 2017 Enforcement Policy Highlights

570 views • 20 slides
Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement is a kind of Update Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P . Bisquert, C. Cayrol, F . Dupin de Saint-Cyr, MC. Lagasquie IRIT, Toulouse University, France July 2013 F. Dupin de

752 views • 71 slides
NCPDP Standards Update Alix Goss and Nick Coussoule, Co-Chairs Standards Subcommittee May 15,

NCPDP Standards Update Alix Goss and Nick Coussoule, Co-Chairs Standards Subcommittee May 15,

NCPDP Standards Update Alix Goss and Nick Coussoule, Co-Chairs Standards Subcommittee May 15, 2018 NCVHS Full Meeting Presentation Agenda Who is the NCPDP? Overview of Current HIPAA Adopted NCPDP Standards NCPDP Telecommunication

315 views • 10 slides
Fare enforcement policy update Rider Experience and Operations Committee Executive Committee

Fare enforcement policy update Rider Experience and Operations Committee Executive Committee

Fare enforcement policy update Rider Experience and Operations Committee Executive Committee January 16, 2020 Agenda Briefing with no Board action required at this time. Interdisciplinary work group. Data collection and engagement

710 views • 33 slides
Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA initially went into effect April 14, 2003 HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.

284 views • 25 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
Fare enforcement policy update Rider Experience and Operations Committee October 3, 2019 Agenda

Fare enforcement policy update Rider Experience and Operations Committee October 3, 2019 Agenda

Fare enforcement policy update Rider Experience and Operations Committee October 3, 2019 Agenda Briefing with no Board action required at this time. Interdisciplinary work group vision and mission. Objectives and timeline.

757 views • 24 slides
Update on NCVHS Measurement Framework Implementation Work Soma Stout, Vice President &

Update on NCVHS Measurement Framework Implementation Work Soma Stout, Vice President &

Update on NCVHS Measurement Framework Implementation Work Soma Stout, Vice President & Executive Lead 100MLives Marianne McPherson, Senior Director, 100MLives May 16, 2018| 2:00pm 2:30pm EST National Committee on Vital and Health

390 views • 20 slides
United Way of North Carolina 875 Walnut Street, Suite 150B Cary, NC 27511 Call 911 in an

United Way of North Carolina 875 Walnut Street, Suite 150B Cary, NC 27511 Call 911 in an

United Way of North Carolina 875 Walnut Street, Suite 150B Cary, NC 27511 Call 911 in an Emergency Call 811 before you dig Call 711 to access telecommunications relay services Call 611 to report a phone service issue Call

512 views • 13 slides
Building Connections: Integrating Social Determinants Frank Alexander, Director CDC HUD ASTHO

Building Connections: Integrating Social Determinants Frank Alexander, Director CDC HUD ASTHO

Building Connections: Integrating Social Determinants Frank Alexander, Director CDC HUD ASTHO Convening: Cross-Sector Collaboration to Address Housing Instability November 29, 2016 1 BCDHHS Agenda History behind housing and human system

285 views • 14 slides
Department of Health and Human Services Budget Presentation DHHS Directors Office Richard

Department of Health and Human Services Budget Presentation DHHS Directors Office Richard

Brian Sandoval Richard Whitley Governor Director State of Nevada Department of Health and Human Services Budget Presentation DHHS Directors Office Richard Whitley February 10, 2017 Helping People. Its who we are and what we do.

348 views • 17 slides
Texas HHS Privacy Office Health Insurance Portability And Accountability Act (HIPAA) The

Texas HHS Privacy Office Health Insurance Portability And Accountability Act (HIPAA) The

Presentation to Texas State University Student Speakers Seminar E. Angela Branch, Deputy Chief Privacy Officer of Audit and Compliance Travis Davis, Deputy Chief Privacy Officer Texas HHS Privacy Office Health Insurance Portability And

266 views • 25 slides
MAG Human Services Conference CAN Forum May 2016 Suzanne Pfister President and CEO 1 2

MAG Human Services Conference CAN Forum May 2016 Suzanne Pfister President and CEO 1 2

MAG Human Services Conference CAN Forum May 2016 Suzanne Pfister President and CEO 1 2 Priorities Healthy Community Design Access to Care Health is created People with health where we live, coverage achieve better learn, work, and

278 views • 25 slides
ENVIROMENTAL AND SOCIAL HEALTH DETERMINANTS IN ZANZIBAR INTRODUCTION Zanzibar part of the

ENVIROMENTAL AND SOCIAL HEALTH DETERMINANTS IN ZANZIBAR INTRODUCTION Zanzibar part of the

ENVIROMENTAL AND SOCIAL HEALTH DETERMINANTS IN ZANZIBAR INTRODUCTION Zanzibar part of the United Republic of Tanzania Comprises of 2 main Islands Unguja and Pemba which covers an area of 2328 sq.km. HEALTH STATUS. Zanzibar

233 views • 22 slides
Contract Reporting and Oversight at the Health and Human Services Commission PRESENTED TO HOUSE

Contract Reporting and Oversight at the Health and Human Services Commission PRESENTED TO HOUSE

Contract Reporting and Oversight at the Health and Human Services Commission PRESENTED TO HOUSE APPROPRIATIONS COMMITTEE LEGISLATIVE BUDGET BOARD STAFF APRIL 2018 Presentation Overview TxEVER Procurement Procurement of CHIP Services in

730 views • 26 slides
City of Sammamish Health & Human Services Needs Assessment Presentation to City Council

City of Sammamish Health & Human Services Needs Assessment Presentation to City Council

City of Sammamish Health & Human Services Needs Assessment Presentation to City Council Allegra Calder and Erika Rhett June 6, 2017 What is a needs assessment? A needs assessment identifies key health needs and issues through

494 views • 10 slides

More recommend