1 / 17

Protecting Your Practice November 16-17, 2011

Protecting Your Practice November 16-17, 2011. HIPAA & Other Legal Concerns Presented by Jennifer J. Thomas jennifer.thomas@keanmiller.com Lyn S. Savoie lyn.savoie@keanmiller.com. Overview. HIPAA Security Rule HIPAA Changes in ARRA Accounting/Access HIPAA Breach Notification

justin-clark
Download Presentation

Protecting Your Practice November 16-17, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Your PracticeNovember 16-17, 2011 • HIPAA & Other Legal Concerns • Presented by • Jennifer J. Thomas • jennifer.thomas@keanmiller.com • Lyn S. Savoie • lyn.savoie@keanmiller.com

  2. Overview • HIPAA Security Rule • HIPAA Changes in ARRA • Accounting/Access • HIPAA Breach Notification • HIPAA Enforcement • Louisiana Breach Notification

  3. HIPAA Security Rule • Published February 20, 2003 • Applies to PHI in Electronic Form • Implements Safeguards for Electronic Health Information • Protects PHI while promoting the use of electronic health records

  4. HIPAA Security Rule • Three-layered approach • Administrative Safeguards • Physical Safeguards • Technical Safeguards • Standards • Implementation Specifications • Required • Addressable

  5. HIPAA Security Rule • Compliance Considerations • Size, Complexity, and Capabilities of CE • Infrastructure, hardware and software capabilities • Cost of Security Measures • Probability of Potential Risk

  6. HIPAA Security Rule • Administrative Safeguards • Security Incident Procedures • Contingency Plan • Evaluation • Business Associate Contracts

  7. HIPAA Security Rule • Administrative Safeguards • Security Management Process • Assigned Security Responsibility • Workforce Security • Information Access Management • Security and Awareness Training

  8. HIPAA Security Rule • Physical Safeguards • Facility Access Controls • Workstation Use • Workstation Security • Device and Media Controls

  9. HIPAA Security Rule • Technical Safeguards • Access Control • Audit Controls • Integrity • Person or Entity Authorization • Transmission Security

  10. HIPAA Security Rule – ARRA Changes • Accounting for Disclosures • HIPAA Accounting Requirements • Change for Covered Entities with “electronic health records” • 3 year Accounting Requirement • Timetable for Enactment • Delegation to Business Associates • Access to Electronic Records

  11. HIPAA Breach Notification • Notification of Breaches • What is a breach? • What is an unsecured breach? • Who must be notified? • Individual • HHS • Media • Content of Notification

  12. HIPAA Breach Notification • Description of event • Date of Breach • Date of Discovery • Types of unsecured PHI involved • Steps individual should take • Steps being taken by covered entity • Contact information

  13. HIPAA Enforcement • OCR Audit Program Begins November 2011 • 150 CEs in Pilot Program • Privacy and Security Rule Compliance Monitored • Enforcement from Complaints • 471 Security Rule Complaints • 236 Closed After Investigation and Corrective Action

  14. HIPAA Enforcement • Tiered Civil Monetary Penalties Under ARRA • $100 to $50,000 Per Violation • Maximum Annual Penalty of $25,000 to $1.5 million • Penalty Amount Varies Based Upon Knowledge and Corrective Action Taken

  15. Louisiana Breach Notification • Computerized Data Containing Personal Information • Last Name; and • First Name or Initial; and • Social Security Number, • Driver’s License Number, or • Account Number, credit card number, etc.

  16. Louisiana Breach Notification • Notify Individual • Expedient time • Written, electronic or substitute notification • Notify LA Attorney General • w/in 10 days of individual notification • $5,000 fine for failure to report • Civil Action for Breach

  17. QUESTIONS?

More Related