Your SlideShare is downloading. ×
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Hipaa omnibus presentation webinar

552

Published on

Description of the changes to HIPAA and HITECH made by the new Omnibus Rules as it affects Business Associates.

Description of the changes to HIPAA and HITECH made by the new Omnibus Rules as it affects Business Associates.

Published in: Health & Medicine
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
552
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Humongous InsuranceHIPAA New Final Omnibus Rule: “Key Business AssociateImplications for Your Organization”
  • 2. Your Presenter A.J. (Andy) Weitzberg President of HIPAA Continuity Planners President of the Association of Contingency Planners Long Island Chapter © HIPAA Continuity Planners 2013
  • 3. History• Health Insurance Portability and Accountability Act (HIPAA)of 1996• The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009• Omnibus Rule of 2013 © HIPAA Continuity Planners 2013
  • 4. Omnibus Rule conforms HIPAA regulations to HITECH Act changes: – Before HITECH, BAs regulated through business associate contracts or agreements ("BAAs") – After HITECH, BAs and subcontractors are now regulated directly under HIPAA, therefore they: Must comply with Security Rules Must comply with some of Privacy Rule and provisions of BAA © HIPAA Continuity Planners 2013
  • 5. By the Numbers from August 2009 through December 2012*• 538 breaches of protected health information (PHI)• 21,408,505 patient health records affected• 21.5% increase in # of large breaches in 2012 over 2011• but… a 77% decrease in # of patient records impacted• 67% of all breaches have been the result of theft or loss• 57% of all patient records breached involved a business associate• 5X historically, breaches at business associates have impacted 5 times as many patient records as those at a covered entity• 38% of incidents were as a result of an unencrypted laptop or other portable electronic device• 63.9% percent of total records breached in 2012 resulted from the 5 largest incidents• 780,000 number of records breached in the single largest incident of 2012*These numbers include breaches that affected >500 individuals and were © HIPAA Continuity reported to HHS from August 2009 to January 17, 2013. Planners 2013
  • 6. Expanded definition of “Business Associates”"Business associate" ” means one who, on behalf of a covered entity creates, receives, maintains or transmits PHI* now also means "subcontractor of business associate“ who creates, receives, maintains or transmits PHI* on behalf of a business associateStatus as BA based upon role and responsibilities, not upon who are the parties to the contractContract between the covered entitys BA and that BAs subcontractor must satisfy the BA agreement requirements *Personal Health Information © HIPAA Continuity Planners 2013
  • 7. Business Associate - Consequences Secretary (HHS) authorized to receive and investigate complaints against BAs (including subcontractors), and to take action regarding complaints and noncompliance BAs (incl. subs) required to maintain records and submit compliance reports to Secretary, cooperate in complaint investigations and compliance reviews, give Secretary access to information BAs (incl. subs) forbidden to intimidate, discriminate against, etc. those who make complaints, cooperate with regulators or oppose unlawful actionsBAs (incl. subcontractors) subject to civil money penalties for HIPAA violations BA/Subs remain liable under contract to Covered Entity and BA © HIPAA Continuity Planners 2013
  • 8. How do these updates affect your Business As a “Business Associate” you have HIPAA/HITECH Compliance Requirements: 1. A Written Risk Analysis 2. A Written Continuity Plan 3. A Documented Security Practices and Procedures 4. An Incident Response Plan (Breach Response) 5. Termination Procedures 6. A Record Disposal Procedure for Electronic Media xxxxx and Paper Records 7. Employee Training Program 8. Documentation and Logs © HIPAA Continuity Planners 2013
  • 9. Penalties for Your non-Compliance CATEGORIES OF VIOLATIONS AND RESPECTIVE PENALTY AMOUNTS AVAILABLEViolation Category Each Violation All such violationsSection 1176(a)(1) of an identical provision in a calendar year(A) Did Not Know $100 to Max $1,500,000 $50,000(B) Reasonable $1,000 to Max $1,500,000Cause $50,000(C)(i) Willful $10,000 to Max $1,500,000Neglect-Corrected $50,000(C)(ii) Willful $50,000 $1,500,000Neglect-NotCorrected © HIPAA Continuity Planners 2013
  • 10. Are you a “Business Associate”? Illustration of the types of firms that are now considered “Business Associates”• IT Support and Software Vendors• IT Equipment Vendors• Leasing firms• Telephone CPE Vendors• Shredding Vendors• Data Centers• Cloud Computing Providers• Answering Services for Medical Offices• Medical Billing Services• Medical Transcriptions Services• Medical Collection Agencies• Temporary Employment Agencies © HIPAA Continuity Planners 2013
  • 11. Questions A.J. (Andy) Weitzberg PresidentHIPAA Continuity Planners Email: AJ@HIPAACP.COM 1.800.654.2041 Toll Free 1.631.654.4001 Office 1.516.641.4001 Mobile © HIPAA Continuity Planners 2013

×