fcsrmc hipaa privacy amp security presentation
play

FCSRMC HIPAA PRIVACY & SECURITY PRESENTATION BDO US A, LLP, a - PowerPoint PPT Presentation

Mar 28, 2024 •569 likes •908 views

FCSRMC HIPAA PRIVACY & SECURITY PRESENTATION BDO US A, LLP, a Delaware limit ed liabilit y part nership, is t he U.S . member of BDO Int ernat ional Limit ed, a UK company limit ed by guarant ee, and forms part of t he int ernat ional

  1. FCSRMC – HIPAA PRIVACY & SECURITY PRESENTATION BDO US A, LLP, a Delaware limit ed liabilit y part nership, is t he U.S . member of BDO Int ernat ional Limit ed, a UK company limit ed by guarant ee, and forms part of t he int ernat ional BDO net work of independent member firms. BDO is t he brand name fo r a th g e B D O net work and for each of t he BDO Member Firms. P e 1

  2. What is HIPAA? HIPAA stands for: Health Insurance Portability and Accountability Act (HIPAA) Federal law enacted August 1996: Privacy Rule April 2001: S ecurity Rule April 2005 February 2010: HITECH Act March 2013: HIP AA Omnibus (Final) Rule Page 2

  3. HIPAA Privacy Rule HIPAA’s Privacy Rule:  Addresses the use and disclosure of an individual’s health informat ion regardless of how it is communicat ed (electronically, verbally, or writt en).  Establishes standards for an individual to underst and and control how their health informat ion is used.  Assures that health informat ion is properly protected while allowing the flow of health informat ion needed to provide and promot e high quality health care and to protect the public‘ s health and well being. Page 3

  4. Covered Entity (CE) A Covered Entity includes a health plan or payor, a healthcare clearinghouse, and all healthcare providers who transmit any healthcare information in electronic form (including telephones, fax machines and computers). Examples: • Physician Practices • Dentists • Hospitals • Diagnostic S ervices (lab, radiology) • Nursing Homes • Pharmacies • Home Health Agencies • Health Plans Page 4

  5. Covered Entity (CE) FCS RMC is considered a Covered Entity (Group Health Plan) and it’s member colleges act as the plan sponsor. A covered health plan includes a group health plan, which is defined as an employee welfare benefit plan under ERIS A. This may include:  hospital and medical benefit plans  dental plans  vision plans  health flexible spending accounts  employee assistance plans Page 5

  6. Business Associate A Business Associate is a person or ent it y t hat performs certain funct ions or act ivities t hat involve t he use or disclosure of Prot ect ed Healt h Information (PHI) on behalf of, or provides services t o, a Covered Ent it y. Examples include vendors, cont ract ors and subcontract ors such as: ● Billing Company ● At t orney ● Transcription S ● Accountant ervice ● Pract ice Management S ● Consult ant ystem ● Document S ● EMR/ EHR S torage Company yst em ● Collect ion Agency ● I.T . Vendor Business Associat es are accountable for prot ect ing t he privacy/ security of PHI and are direct ly liable for criminal and civil penalt ies for violations. Page 6

  7. Protected Health Information (PHI) Protected Health Information (PHI) is: *individually identifiable healt h informat ion t hat has been t ransmitted or maintained in any medium (paper, verbal, elect ronic). *creat ed or received by t he organization, relat es t o t he healt h of an individual or payment for healt h services, and identifies t he individual.  Employee Name  Medical Record Number  Complete Address  Certificate/ License Number  All Elements of Dates  Vehicle Identifiers (License Plate Number)  Telephone Numbers  IPAddress  Fax Numbers  Biometric Identifiers (voice and fingerprint)  E-Mail Address  Full Face Photographic Images  S ocial S ecurity Number  Any Other Unique Identifying Number/ Code  Health Plan Beneficiary Number  Account Numbers Page 7

  8. De-Identified Health Information De-identified healt h informat ion refers t o informat ion t hat cannot be used t o identify an individual. Examples include informat ion t hat has been redacted from documents cont aining healt h informat ion, or report s t hat do not identify a specific individual. Uses: • Research (market analysis) • Financial Report s • S t at ist ical Report s • Demographic S t udies • Report s for Public Healt h Purposes • Qualit y Improvement Act ivities • Healt h Care Operations Page 8

  9. Notice of Privacy Practices The Covered Entity must provide a Notice of Privacy Practices to each individual. It is brief, written in plain language, and includes:  a description of the types of uses and disclosures that the Covered Entity is permitted to make for treatment, payment and healthcare operations.  a description of other purposes for which the Covered Entity is permitted or required to disclose PHI without the individual’s written authorization.  a description of the types of uses and disclosures that require an authorization.  a statement outlining the Covered Entity’s duties to maintain the privacy of PHI.  a statement that individuals may complain to the covered entity if they believe their privacy rights have been violated. The Privacy Notice is provided by the Group’s Health Plan TPA (Florida Blue) to the Group Health Plan participants (FCSRMC). Page 9

  10. Notice of Privacy Practices FCS CSRM RMC C and d it’s t’s mem ember er c colle lleges es have a e adop opted a ed a HIPAA A Pri rivacy acy Polic olicy y Stateme ment nt. . The The Priv ivacy P y Polic olicy y shou ould b ld be e revie iewed ed with th new ew staff a at t the t e tim ime of n of new w hire re or orien ientation. . Emplo ployees ees s shou ould ld sig ign n th the e acknowledg ledgem emen ent fo form i indic dicating t they h y have r e receiv eived ed and h d have h e had d an n oppor opportunit ity y to o rea ead t the e HIP IPAA A Pri rivacy acy Polic olicy. . Page 10

  11. Consent and Authorization Covered Ent ities cannot share PHI wit hout t he individual's awareness of t heir privacy right s. To use and disclose PHI for purposes ot her t han t reat ment, payment and healt h operat ion purposes, Covered Ent ities must obt ain a st andard consent or aut horization wit h a few exceptions. Consent can be revoked by an employee/ individual (pat ient) in writ ing. It is t he policy of FCS RMC and it ’s member colleges t hat individuals have a right t o request t hat no disclosure be made of PHI. FCS RMC or it ’s member colleges is not obligat ed t o grant t he request. Page 11

  12. When Consent and Authorization is NOT Required Permitted PHI disclosures without an authorization: Treatment - Disclosures between Covered Entities (such as other healthcare providers) involved in the patient care, information to/ from pharmacy or diagnostic center Payment – Disclosure regarding balance to patient, all information needed by the health plan, information to collection agencies Health Operations – Fraud/ abuse detection, compliance programs, government inspections, training new employees, competency assessments, business management activities, quality improvement activities • Public health activities • Victims of abuse, neglect or domestic violence • Law enforcement purposes • To comply with Workers’ Compensation • To avoid serious threat to health or safety Page 12

  13. When Consent and Authorization IS Required An authorization is required for: o Use and disclose PHI for purposes other than treatment, payment and health operation purposes o Releasing psychotherapy notes o Marketing, research, sale of PHI, and fundraising o Releasing PHI to the patient’s employer An authorization must include:  Description of the information to be disclosed  Names of persons to whom the information is t o be given  Purpose of t he disclosure  An expiration date for the use of the information Page 13

  14. Individual’s Rights Right t to o Res estric ict t Di Discl closures s Right o of f Acce ccess s Right t to o Amend ndment nt Right t to o Acco ccount nting g Di Discl closures s Request s for t he above should be direct ed t o, and processed by, t he Group’s Healt h Plan TP A. Page 14

  15. Individual’s Rights S taff can file a written complaint if they believe their privacy has been violat ed. Complaint s should be directed to the college’s privacy contact, and any intimidating or retaliatory acts are prohibited . It is import ant for staff to know that their PHI is safeguarded to protect PHI from any intentional or unintent ional use or disclosure that is in violat ion of the HIP AA Privacy Rule. Page 15

  16. “Minimum Necessary” “Minimum Necessary” is limiting the amount of PHI that is used (within the facility) or disclosed (outside of the facility) to the least amount of information possible to accomplish the intended purpose.  Y our facility should evaluate who should be accessing PHI (documented in j ob descriptions).  Only staff who need access to PHI to perform their j ob duties should be granted access to these areas (a unique sign-on and password, access to paper files, etc.). Minimum Necessary does not apply to requests/ disclosures to the staff or another healthcare provider for treatment purposes. Page 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau Chief, Information Security and Technology 1 What is HIPAA? 2 HIPAA What: Health Insurance Portability and How: Congress mandated the establishment

444 views • 9 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

575 views • 33 slides
HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

Presenting a live 90 minute webinar with interactive Q&A HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches THURS DAY, MAY 5, 2011 1pm Eastern

836 views • 56 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA

and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA

Information Privacy and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should be able to: Define privacy practices

827 views • 37 slides
and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA

and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA

Information Privacy and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should be able to: Define privacy practices

691 views • 37 slides
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a persons medical records for court proceedings and law enforcement purposes. A) Entities covered by HIPAA The medical records of a patient

405 views • 6 slides
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the removal of individual

1.19k views • 61 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it from DUMATEK ! Get you HIPAA Security P&P and CND here! ONLY $5040.00 This solution becomes ongoing and proprietary to your company. HIPAA

107 views • 10 slides
Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS Subcommittee on Privacy, Confidentiality and Security September 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other

189 views • 15 slides
DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The

DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The

DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification provisions apply to three types of entities, which are known as

111 views • 7 slides
New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected Health

660 views • 35 slides
John Houston Vice President, Privacy and Information Security; Assistance Counsel UPMC

John Houston Vice President, Privacy and Information Security; Assistance Counsel UPMC

Principles for Establishing a Practical Cyber Security Incident Management Process in your HIE John Houston Vice President, Privacy and Information Security; Assistance Counsel UPMC Background - HIPAA Most HIEs have established themselves

425 views • 19 slides
Procuring Interoperability: Achieving High-Quality, Connected, and Patient-centered Care Through

Procuring Interoperability: Achieving High-Quality, Connected, and Patient-centered Care Through

Procuring Interoperability: Achieving High-Quality, Connected, and Patient-centered Care Through Strategic Technology Acquisition Specifications A NAM Special Publication Report background, organization, and action priorities Peter

689 views • 21 slides
Knock, Knock, FDA is Here; Be Prepared for a Regulatory Inspection Joanne Schlossin, Consumer

Knock, Knock, FDA is Here; Be Prepared for a Regulatory Inspection Joanne Schlossin, Consumer

Knock, Knock, FDA is Here; Be Prepared for a Regulatory Inspection Joanne Schlossin, Consumer Safety Officer Karen Kosar, BIMO Specialist BIMO-East President Ronald Reagan (4/12/86) "The nine most terrifying words in the English

1.29k views • 42 slides
Capital Partners to Health Care Providers www.globalmedicalreit.com DISCLAIMER This presentation

Capital Partners to Health Care Providers www.globalmedicalreit.com DISCLAIMER This presentation

INVESTOR PRESENTATION AUGUST 2016 Capital Partners to Health Care Providers www.globalmedicalreit.com DISCLAIMER This presentation is for informational purposes only and does not constitute an offer to sell, or a solicitation of offers to

512 views • 23 slides
ALIGNS FOR THE FUTURE (U PDATE ) PRESENTED TO CASA Ronald Pace NY District Director/HAF-E1

ALIGNS FOR THE FUTURE (U PDATE ) PRESENTED TO CASA Ronald Pace NY District Director/HAF-E1

FDA S OFFICE OF REGULATORY AFFAIRS ALIGNS FOR THE FUTURE (U PDATE ) PRESENTED TO CASA Ronald Pace NY District Director/HAF-E1 Division Director FDA Office of Regulatory Affairs Office of Human and Animal Foods April 24, 2018 1

710 views • 43 slides
Protection -- How to cope with Basic Safety Regulation for which the IAEA Guidelines do not exist

Protection -- How to cope with Basic Safety Regulation for which the IAEA Guidelines do not exist

IMRT Photon Photon Proton International Atomic Energy Agency IAEA International Conference on Occupational Radiation Protection -- How to cope with Basic Safety Regulation for which the IAEA Guidelines do not exist ? Michel Baelen COCIR

404 views • 11 slides
Trauma Care Level I Trauma Center SFGH is the only Trauma Center in San Francisco Provider of

Trauma Care Level I Trauma Center SFGH is the only Trauma Center in San Francisco Provider of

Trauma Care Level I Trauma Center SFGH is the only Trauma Center in San Francisco Provider of Trauma Care for Northern San Mateo County Traumatic Blunt Injury Types Penetrating Thermal SFGH Patient Injury Types SFGH Trauma Patient

246 views • 13 slides
ER Medical Director Summit Regional Medical Center Level IV Trauma Center Trauma, Trauma,

ER Medical Director Summit Regional Medical Center Level IV Trauma Center Trauma, Trauma,

Phil Johnson, MD ER Medical Director Summit Regional Medical Center Level IV Trauma Center Trauma, Trauma, Trauma ATLS Disclosure. I have stock in and on the Advisory Board of Global Med. A Telemedicine company. Treat the

441 views • 26 slides
Indiana State Trauma Care Committee February 17, 2016 1 Updates Katie Hokanson, Director of

Indiana State Trauma Care Committee February 17, 2016 1 Updates Katie Hokanson, Director of

Indiana State Trauma Care Committee February 17, 2016 1 Updates Katie Hokanson, Director of Trauma and Injury Prevention Executive Order New Indiana State Trauma Care Committee positions: Licensed physicians (Trauma Medical Directors)

1.19k views • 82 slides

More recommend