Covered Entity Presentation Regarding Business Associates[1]
Upcoming SlideShare
Loading in...5
×
 

Covered Entity Presentation Regarding Business Associates[1]

on

  • 410 views

HITECH Prsentation for covered entity

HITECH Prsentation for covered entity

Statistics

Views

Total Views
410
Views on SlideShare
402
Embed Views
8

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 8

http://www.linkedin.com 8

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • THE RED FLAGS RULE. Red Flags are patterns, practices, or specific activities that indicate the possible existence of identity theft. Your Red Flags Program must be approved by your Board of Directors or senior management, a senior officer must be put in charge of the program and the FTC Rule requires 4 steps: 1. Identify your dealership’s red flags from a risk-based analysis; No “one size fits all” set of red flags. Have procedures to detect and evaluate red flags in individual covered transactions. 3 key ways are to examine customer ID, examine credit report and examine the report of an electronic identity verification service. Ask out-of-wallet or challenge questions available from electronic identity verification service. 3. Have procedures to respond to red flags. Seek additional information from the customer and escalate unresolved red flags to a senior Program Officer 4. Update program at least annually and make reports to Board or senior management. Training employees is also very important in the Red Flags Rule. Create a “culture of security” in your dealership.
  • THE RED FLAGS RULE. Red Flags are patterns, practices, or specific activities that indicate the possible existence of identity theft. Your Red Flags Program must be approved by your Board of Directors or senior management, a senior officer must be put in charge of the program and the FTC Rule requires 4 steps: 1. Identify your dealership’s red flags from a risk-based analysis; No “one size fits all” set of red flags. Have procedures to detect and evaluate red flags in individual covered transactions. 3 key ways are to examine customer ID, examine credit report and examine the report of an electronic identity verification service. Ask out-of-wallet or challenge questions available from electronic identity verification service. 3. Have procedures to respond to red flags. Seek additional information from the customer and escalate unresolved red flags to a senior Program Officer 4. Update program at least annually and make reports to Board or senior management. Training employees is also very important in the Red Flags Rule. Create a “culture of security” in your dealership.
  • Basic Steps You Can Take In Your Office To Protect Your Clients

Covered Entity Presentation Regarding Business Associates[1] Covered Entity Presentation Regarding Business Associates[1] Presentation Transcript

  • Covered Entity Requirement to Ensure Business Associates & Their Vendors Comply with HITECH Accurate Data Partners, LLC
    • Everything Has Changed
    • What Identity Theft is and why it matters to you individually
    • Why a Covered Entity must oversee their Business Associates Compliance with HITECH
    • Many New Requirements in addition to Business Associate Contract Changes
    • How We Can Help
    What we ’ ll cover the next few minutes Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
  • People make decisions about you, your clients and your employees that are based on more than the information in a Credit Report. It is imperative that Personally Identifiable Information and Non-Public Information be as protected and as accurate as possible. Drivers License Medical Financial Social Security Character/ Criminal Five Common Identity Risks
    • Driving and Drivers License related issues (This does not require number, may be name, address and/or date of birth only.
    • People needing Medical Treatment elective or otherwise who cannot afford it.
    • Family Members using other family members Medical and other ID’s with and without permission.
    • Insurance Fraud (Medicare/Medicaid/Auto Wreck/Personal Injury/Homeowners/Life Insurance/etc.)
    • Financial Fraud of all types (Credit card comes to mind but understand the Secret Service says there is more money here than in the world wide drug trade.)
    • Illegal Immigrants -Millions and Millions of people using others identities in every way that we use our own. Understand competing and conflicting interests within your own practices. Many may be using others IDs unknowingly, business interests in need/necessity for low cost labor, many industries dependant on this labor (farming/construction/restaurant/hospitality/etc) Individuals needing low cost help. Many nationalities-Latvian, Eastern European, Chinese, Middle Eastern, Hispanic, etc.) Hispanic Americans and Legal Immigrants are 50% more likely to have their identity stolen than the rest of the population.
    • Criminal Identity Theft. Criminals using the Identities of others to commit crimes. Any information from Names, Addresses, Date of Birth, Drivers License, and/or Social Security number.
    • Malicious and Unintentional Entry of errant data
    Why the Demand Potential Points of Misuse with Resulting Corruption of Records Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
  • ™ Medical Identity & The DBY Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use. Your Name 1000’s of aggregators Acxiom, Choice Point, LexisNexis, etc. Insurance Companies, Agencies and Agent’s C.L.U.E. DBS, etc... Physician's Data Bases Medical Information Bureau Data Base (MIB) Blood Bank & Various Lab Data Bases Drug Store & Pharmacy Data Bases Employer’s Data Bases Your Address 1000’s of DBS Hospital’s Various Data Bases Center for Disease and Control (CDC) USB Keys, CD/DVDs Thumb & Jump Drives DHEC/State Health Dept Local, State Federal Health DBS Billing and Collection DBS and Credit Repository Computers
  • ™ The Web of The DataBased You Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use. Your Name 1000’s of aggregators Your Fingerprints and DNA FBI, State, and Local DBS Your Insurance Claims C.L.U.E. DBS, etc... Your Military Record DOD DBS Your Criminal History NCIC DBS Your Real Estate Deeds Clerks of Court DBS Your Legal History State and Federal Court DBS Your Credit History Credit Repositories’ DBS Your Birth Certificate Choice Point DBS, State, etc … Your Phone Number and Tracking Info 1000’s of aggregators Your Social Security Number SSA DBS and any you gave to Your Address 1000’s of DBS Your Driver’s License # and Record – DMV DBS Your Medical Records MIB DBS, etc … Your Car Registration & Info DMV, Local Treasurer, On Star, etc … DBS
  • ™ Where the Laws Becomes Logical Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use. Once the credit systems accept bad data it can be next to impossible to clear . USA Today June 5, 2007 Medical identity theft can impair your health and finances… and detecting this isn’t easy… and remedying the damages can be difficult. WSJ Oct 11, 2007 Because it’s so overwhelming to CORRECT the victims’ records, it’s imperative for anyone who touches Medical Info to PROTECT the data. Your Insurance Claims C.L.U.E. DBS, etc... Your Social Security Number SSA DBS and any you gave to Your Name 1000’s of aggregators Your Address 1000’s of DBS Your Fingerprints and DNA FBI, State, and Local DBS Your Driver’s License # and Record – DMV DBS Your Military Record DOD DBS Your Criminal History NCIC DBS Your Real Estate Deeds Clerks of Court DBS Your Medical Records MIB DBS, etc … Your Phone Number and Tracking Info 1000’s of aggregators Your Car Registration & Info Your Legal History State and Federal Court DBS Your Credit History Credit Repositories’ DBS Your Birth Certificate Choice Point DBS, State, etc …
  • 1 The Secure Data Based You – The Complete Approach Patient/Employee Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use. Protecting potential victims, your patients, and yourself
  • Client Data Security Laws, HIPAA, GLB & SC ID Theft Law Privacy Laws, HIPAA, HITECH; GLB & State Laws HITECH, RFR, HIPAA, other State & Federal Laws Red Flags Rule (RFR) State Immigration Acts FACTA – Document Destruction Rule – State Laws 1 Requires Businesses to Protect Personally Identifiable information Reduces threat of thief gaining access to information which can be used to corrupt an individuals records Securing The Data Based You Requires Businesses to Authenticate the Identity of Their Patients/Employees – Helps reduce the risk of perpetuation of a crime against an innocent victim Requires Businesses to Limit Access to and Keep Private Personally Identifiable Information - Reduces access to information & protects individual’s privacy; Only allows permissible access with permissible uses Businesses must Destroy/Shred All Documents or Digital Media Containing PII or NPI upon Disposal - Reduces threat from loss & resulting misuse of PII or NPI which can be used to steal someone’s identity Businesses must Insure that they Share ,Sell, Give, Information with /to ONLY Those Vendors and Business Associates with these same measures in place. Reduces risk of individual becoming a victim through a 3 rd Party Vendor with which the victim has no direct relationship A Legal Safety Net for Identities Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied, sold or used in any form except for the business that has purchased the document for its own use. These issues, although separated by the legislative process, are not so cleanly separated in our day to day practices.
  • Imagine someone stealing your patients or employees information from one of your Business Associates, their Subcontractors, Vendors or Agents and you must notify Victims and Government Agencies. What can you show to prove you acted reasonably in overseeing and requiring compliance by those you entrusted with Patient information The Potential Cost to Covered Entity Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use. Have your Business Associates employees even executed Confidentiality Docs and acknowledged training? Do Business Associates even have required written policies? Do you think a change in your Business Associate Contract accomplished what is required?
  • Covered Entities & Business Assoc. Developments
    • Covered Entities Must Ensure Compliance with HIPAA by Business Assoc., their Subcontractors & others
    • New Breach Notification requirements and enforcement
    • HITECH & State Laws requiring Oversight not just change in Business Contracts
    • New Documentation required in multiple areas by Bus Assoc. and their Subcontractors, Vendors & Agents
    • New Training in Privacy and Security areas essential
    • Encryption does not equal compliance and total solution
    • Third party liability of Covered Entities for actions of Business Associates & their Agents
    Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use. “ you only need to worry about privacy and security laws and rules if you have customers or employees.” - Privacy & Security Law Report
    • Comprehensive approach
    • Online training for Business Associates
    • Online training for all employees of Business Associates,
    • Documentation package with templates for ISO, Breach Notification Plan, RFR Policy (if desired), Sensitive Info Policy, Data Transfer Tracking form and many other docs Bus. Assoc and their Vendors will need to protect Covered Entity
    • Guidance on how to customize program
    • Competitive price model
    Accurate Data Partners Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
  • THANK YOU For additional information please contact: www.accuratedatapartners.com