1 / 0

HIPAA Privacy and Security 2013: The New Regulations

HIPAA Privacy and Security 2013: The New Regulations. By Melanie A. Herring, Esq. Major Provisions. Breach Notification Regulations Business Associate (BA) Changes Enhanced Enforcement and Penalties New Privacy Requirements Amended Notice of Privacy Practices (NPP ). Important Deadlines.

daryl
Download Presentation

HIPAA Privacy and Security 2013: The New Regulations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA Privacy and Security 2013: The New Regulations

    By Melanie A. Herring, Esq. Our first care is your health care Arizona Health Care Cost Containment System
  2. Major Provisions Breach Notification Regulations Business Associate (BA) Changes Enhanced Enforcement and Penalties New Privacy Requirements Amended Notice of Privacy Practices (NPP) Our first care is your health care arizona health care cost containment system
  3. Important Deadlines January 25, 2013: Final Regs were issued March 22, 2013: Effective Date September 23, 2013: Compliance Date (180 days from Effective Date)* September 22, 2014: Deferred Compliance Date for Certain BA Contracts * For all future HIPAA amendments, default 180 day compliance deadline Our first care is your health care arizona health care cost containment system
  4. Breach Notification Standards . . . When a CE is required to report a privacy or security breach to HHS-OCR, the affected individuals, and/or the media . . . . Our first care is your health care arizona health care cost containment system
  5. . . . Breach Notification Standards Under the old rule, breaches were not reported unless they posed “a significant risk of reputational, financial or other harm” Under the new rule, “harm threshold” is eliminated and replaced with a more objective standard Under the new rule, the “safe harbor” provisions for encrypted and PHI secure disposal remain intact Our first care is your health care arizona health care cost containment system
  6. . . . Breach Notification Standards New Rule: All incidents are assumed to be a reportable breach to HHS-OCR unless a Risk Analysis (RA) reveals a “low probability” that PHI has been compromised Our first care is your health care arizona health care cost containment system
  7. . . . Breach Notification Standards 4 factors to a Risk Analysis: The nature and extent of PHI involved, including the types of identifiers and the likelihood of re-identification The unauthorized person who used or received the PHI Whether the PHI was actually acquired and viewed, and Our first care is your health care arizona health care cost containment system
  8. . . . Breach Notification Standards The extent to which any risk to the PHI has been mitigated Notification to HHS-OCR will be required if the RA reveals any risk except “Low Probability that the PHI will be or has been compromised” Our first care is your health care arizona health care cost containment system
  9. . . . Breach Notification Standards The CE’s Risk Analysis must be in writing and retained by the CE. Willful Negligence: If a breach reported to HHS-OCR suggests “willful negligence” by the CE or its BA, then HHS-OCR must investigate Our first care is your health care arizona health care cost containment system
  10. Business Associate Requirements This section of the regulation has the most changes. Highlights: Amended BA definition: Clarify that a BA is also an entity that “maintains” PHI on behalf of the CE (i.e.: record storage services, record locator services) E-prescribing Gateways, HIO’s, PSO’s are a BA Our first care is your health care arizona health care cost containment system
  11. . . .Business Associate Requirements Security Rule, Minimum Necessary Rule, Accounting of Disclosures Rule now apply directly to BA’s Our BA contracts will require amendments Our BA’s must now have BA contracts in place with their subcontractors Our first care is your health care arizona health care cost containment system
  12. . . . Business Associate Requirements BA’s are now directly liable for their own breaches, and the CE of a BA remains liable as well for its BA’s breaches Subcontractors to BA’s are directly liable for their own breaches Our first care is your health care arizona health care cost containment system
  13. Enhanced Penalties and Enforcement HHS-OCR may fine all parties responsible (i.e.: can fine the CE and the BA for the same violation) The General Rule: Monetary penalties will be tallied on a per person and per day basis Maximum Annual Cap for Violations of a Provision: 1.5 million dollars A few defenses are allowed but if you do not cure the violation within 30 days of the breach you may lose that defense Our first care is your health care arizona health care cost containment system
  14. New Privacy Requirements 50 year deceased exception BA’s are now directly required to comply with significant provisions of the privacy rule Genetic information (GINA) is now expressly included within the definition of “health information” Amendments to the Marketing Requirements (mostly dealing with financial remuneration marketing) Our first care is your health care arizona health care cost containment system
  15. . . . New Privacy Requirements Prohibits the sale of PHI without individual authorization (data use agreements) Enhances an individual’s right to request and receive a copy of their PHI records An individual can restrict disclosures of his/her PHI to health plans if the PHI pertains solely to a service that the individual has paid for in full Our first care is your health care arizona health care cost containment system
  16. . . . New Privacy Requirements Relaxes the regulations surrounding disclosures of PHI to family members or others involved in the person’s care Allows disclosure of immunization records to schools Our first care is your health care arizona health care cost containment system
  17. Notice of Privacy Practices Must Amend the CE’s Notice of Privacy Practices and mail to all individuals by September 23, 2013 Our first care is your health care arizona health care cost containment system
  18. Genetic Information Nondiscrimination Act (GINA) GINA prohibits the use of genetic information for underwriting purposes. HHS has made this prohibition applicable to all health plans subject to HIPAA, not just the limited set of plans covered by GINA Our first care is your health care arizona health care cost containment system
More Related