SlideShare a Scribd company logo

HIPAA

Download as DOCX, PDF
Z
Zauntre Dyer

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect individuals' personal health information and ensure the privacy of protected health information. HIPAA applies to health plans, healthcare providers, and healthcare clearinghouses that electronically transmit health information. It requires these covered entities and their business associates to implement safeguards to ensure the confidentiality, integrity and security of electronic protected health information. The Office of Civil Rights enforces HIPAA and can impose civil penalties on covered entities that violate patients' privacy rights. Experts in HIPAA compliance at the national and state level can advise on meeting HIPAA requirements, which also apply to developers of medical apps and websites to ensure protected health information

1 of 6
1 To: Kwame Christian, Esq. From: Zauntre Dyer, Intern Date: 1st June 2015 Re: HIPAA Rules and Leaders HIPAA Issue How does the U.S. provide legal protection of health care insurance, specifically to improve the portability of health insurance coverage, to combat healthcare fraud and abuse, as well as to protect individual privacy of personal health records?1 Introduction to HIPAA The federal Health Insurance Portability and Accountability Act, or HIPAA, was enacted in 1996, for the preservation of healthcare insurance and the security of protected health information.2 There are two main sections, or “Titles,” to HIPAA; Title I deals with portability and allows individuals to continue their health coverage after switching jobs.3 Title II includes a set of provisions called “Administrative Simplification” which governs the electronic 1 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 2 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 3 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/
1 maintenance and transmission of healthcare information, while ensuring the privacy and security of identifiable PHI, or protected health information.4 PHI is any information that, even without the presence of a name, can positively identify an individual, and includes names, dates relating to a patient (i.e. birthdate or date of death), addresses, Social Security numbers, finger and voice prints, and many more forms of information.5 The rules and standards of HIPAA apply to the three types of covered entities (CE), including health plans, healthcare providers, or healthcare clearinghouses.6 In addition, any business associate that helps a CE carry out business activities or functions must meet HIPAA compliance.7 As stated by the Code of Federal Regulations (CFR), covered entities and business associates must follow these requirements: (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits. 4 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 5 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 6 U.S Department of Health and Human Services.For Covered Entities and Business Associates.Retrieved June 1, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html 7 U.S Department of Health and Human Services. For Covered Entities and Business Associates.Retrieved June 1, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html
1 (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. (3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part. (4) Ensure compliance with this subpart by its workforce8 Covered entities and business associates are expected to use any and all appropriate security measures to ensure that these standards are met, and must review the CFR’s security measures as necessary in order to preserve the appropriate protection of electronic protected health information.9 A covered entity or business associate may not use or disclose an individual’s PHI unless the information is given to the individual, is for treatment, payment, or healthcare operations, or is required by law.10 The Office of Civil Rights (OCR), of the Department of Health and Human Services (HHS), teaches civil communities about their civil rights and health information privacy rights, while also informing health and social service workers of the patient safety confidentiality laws that they must follow in regards to HIPAA.11 An individual can file a complaint with OCR if 8 ECFR — Code of Federal Regulations.(n.d.). Retrieved June 2, 2015,from http://www.ecfr.gov/cgi -bin/text- idx?SID=5ebc995b5c4623967ed33b44b822bda4&mc=true&node=sp45.1.164.c&rgn=div6 9 ECFR — Code of Federal Regulations.(n.d.). Retrieved June 2, 2015,from http://www.ecfr.gov/cgi-bin/text- idx?SID=5ebc995b5c4623967ed33b44b822bda4&mc=true&node=sp45.1.164.c&rgn=div6 10 ECFR — Code of Federal Regulations.(n.d.). Retrieved June 2, 2015,from http://www.ecfr.gov/cgi -bin/text- idx?SID=5ebc995b5c4623967ed33b44b822bda4&mc=true&node=se45.1.164_1502&rgn=div8 11 How OCR Enforces the HIPAA Privacy & Security Rules.(n.d.). Retrieved June 2, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html
1 he/she believes a CE has violated patient rights under HIPAA. OCR will commit an investigation of the complaint and if it appears that an action could be a criminal violation, OCR may send the complaint over to Department of Justice for investigation.12 If it has been decided that a CE has committed a violation of the, OCR will attempt to resolve the situation by obtaining voluntary compliance, corrective action, and/or resolution agreement.13 If the CE does not appropriately resolve the matter, OCR may decide to impose civil money penalties (CMPs) on the covered entity.14 Complainants will not receive a portion of the CMPs, which are deposited in the U.S. Treasury.15 Private parties may not sue a company.16 National Leaders 12 How OCR Enforces the HIPAA Privacy & Security Rules.(n.d.). Retrieved June 2, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 13 How OCR Enforces the HIPAA Privacy & Security Rules. Retrieved June 2, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 14 How OCR Enforces the HIPAA Privacy & Security Rules.Retrieved June 2, 2015, from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 15 How OCR Enforces the HIPAA Privacy & Security Rules. Retrieved June 2, 2015, from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 16 http://health.state.tn.us/hipaa/
1 At the national level, there are several advisors who specialize in HIPAA compliance and claim expertise. Some of these groups are Clearwater Compliance17, Strategic Management18, as well as Abner E. Weintraub and Expert HIPAA.19 Statewide Leaders In Ohio, some leaders in compliance are CALFEE, Frantz Ward, Willis Law Firm, and Shumaker LLP.20 In Columbus, OH specifically, notable experts are INCompliance, Bricker and Eckler, and Kegler and Brown.21 These firms received very high ratings from clients as well as peers. HIPAA Applied to Applications and Websites Media developers need to be highly cautious of the Privacy and Security Rules of HIPAA. App creators must be aware of who is going to be using their apps, (covered entities or the average person), as well as what type of information will be made available (identifiable PHI 17 HIPAA ComplianceExpert Advisors.(n.d.). Retrieved June 2, 2015,from https://clearwatercompliance.com/hipaa-expert-advisors/ 18 Expert HIPAA ComplianceConsultants | Compliance.com. (n.d.). Retrieved June 2, 2015, from http://compliance.com/hipaa-compliance-consultants 19 Abner E. Weintraub - HIPAA & HITECH Consulting| Expert HIPAA. (n.d.). Retrieved June 2, 2015,from http://www.experthipaa.com/ 20 http://www.lawyers.com/health-insurance-portability-and-accountability-act-hipaa/ohio/find-law-firms-by-city/ 21 http://www.lawyers.com/health-insurance-portability-and-accountability-act-hipaa/ohio/find-law-firms-by-city/
1 vs. low-risk medical information such as weight, or disease information).22 Developers must remember that any leak of PHI constitutes as a violation of HIPAA, even if that use of PHI was not intended by the developer.23 Websites can remain HIPAA compliant by ensuring that PHI is always encrypted during storage and transmission, backed up in case it is lost, authorized for certified usage only, and can be permanently destroyed once usage is finished.24 22 HIPAA Compliance:What Every Developer Should Know - InformationWeek. (n.d.). Retrieved June 2, 2015,from http://www.informationweek.com/healthcare/security-and-privacy/hipaa-compliance-what-every-developer- should-know/a/d-id/1297180 23 HIPAA Compliance:What Every Developer Should Know - InformationWeek. (n.d.). Retrieved June 2, 2015,from http://www.informationweek.com/healthcare/security-and-privacy/hipaa-compliance-what-every-developer- should-know/a/d-id/1297180 24 7 Steps to Make your Web Site HIPAA-Secure. (2015,February 13). Retrieved June 2, 2015, from https://luxsci.com/blog/what-makes-a-web-site-hipaa-secure.html

Recommended

Greater Cincinnati Infragard Healthcare and Public Health Sector
Greater Cincinnati Infragard Healthcare and Public Health Sector Greater Cincinnati Infragard Healthcare and Public Health Sector
Greater Cincinnati Infragard Healthcare and Public Health Sector "Apolonio \"Apps\"" Garcia
 
PHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CarePHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CareBob Coffield
 
Hipaa Goes Hitech
Hipaa Goes HitechHipaa Goes Hitech
Hipaa Goes HitechCandy Matheny
 
COVID 19-Related Liability Protections for Healthcare Providers
COVID 19-Related Liability Protections for Healthcare ProvidersCOVID 19-Related Liability Protections for Healthcare Providers
COVID 19-Related Liability Protections for Healthcare Providersmosmedicalreview
 
Protecting Employee Personal Information: Know the Right Thing To Do
Protecting Employee Personal Information: Know the Right Thing To DoProtecting Employee Personal Information: Know the Right Thing To Do
Protecting Employee Personal Information: Know the Right Thing To DoCBIZ, Inc.
 
Audit Alert: How to Keep Your Benefits Plans in Good Order
Audit Alert: How to Keep Your Benefits Plans in Good OrderAudit Alert: How to Keep Your Benefits Plans in Good Order
Audit Alert: How to Keep Your Benefits Plans in Good OrderCBIZ, Inc.
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Hipaa,obra ariz
Hipaa,obra arizHipaa,obra ariz
Hipaa,obra arizAriz Krizia
 

Recommended

Greater Cincinnati Infragard Healthcare and Public Health Sector
Greater Cincinnati Infragard Healthcare and Public Health Sector Greater Cincinnati Infragard Healthcare and Public Health Sector
Greater Cincinnati Infragard Healthcare and Public Health Sector "Apolonio \"Apps\"" Garcia
 
PHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CarePHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CareBob Coffield
 
Hipaa Goes Hitech
Hipaa Goes HitechHipaa Goes Hitech
Hipaa Goes HitechCandy Matheny
 
COVID 19-Related Liability Protections for Healthcare Providers
COVID 19-Related Liability Protections for Healthcare ProvidersCOVID 19-Related Liability Protections for Healthcare Providers
COVID 19-Related Liability Protections for Healthcare Providersmosmedicalreview
 
Protecting Employee Personal Information: Know the Right Thing To Do
Protecting Employee Personal Information: Know the Right Thing To DoProtecting Employee Personal Information: Know the Right Thing To Do
Protecting Employee Personal Information: Know the Right Thing To DoCBIZ, Inc.
 
Audit Alert: How to Keep Your Benefits Plans in Good Order
Audit Alert: How to Keep Your Benefits Plans in Good OrderAudit Alert: How to Keep Your Benefits Plans in Good Order
Audit Alert: How to Keep Your Benefits Plans in Good OrderCBIZ, Inc.
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Hipaa,obra ariz
Hipaa,obra arizHipaa,obra ariz
Hipaa,obra arizAriz Krizia
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Broome
BroomeBroome
BroomeSal Lucido
 
Health web sites and different health apps 31.12.2020
Health web sites and different health apps 31.12.2020Health web sites and different health apps 31.12.2020
Health web sites and different health apps 31.12.2020Shazia Iqbal
 
Maintaining patient privacy
Maintaining patient privacyMaintaining patient privacy
Maintaining patient privacyspoullard1
 
Pharmacists Gain Recognition as Providers under S. 314
Pharmacists Gain Recognition as Providers under S. 314Pharmacists Gain Recognition as Providers under S. 314
Pharmacists Gain Recognition as Providers under S. 314Travis Leonardi
 
Confidentiality: Effective Training for Healthcare Employees
Confidentiality: Effective Training for Healthcare EmployeesConfidentiality: Effective Training for Healthcare Employees
Confidentiality: Effective Training for Healthcare Employeesjacquelinecwinston
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
Hippa
HippaHippa
HippaRoderickLaino
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Lk 10
Lk 10Lk 10
Lk 10jayus jayus yus
 
Lk 08
Lk 08Lk 08
Lk 08jayus jayus yus
 
Alojamiento de diapositivas u6 a2_slideshare
Alojamiento de diapositivas u6 a2_slideshareAlojamiento de diapositivas u6 a2_slideshare
Alojamiento de diapositivas u6 a2_slideshareJoelus Slide
 
Lk 04
Lk 04Lk 04
Lk 04jayus jayus yus
 
Speakman Safety Brochure- Protect Your Employees and Your Customers
Speakman Safety Brochure- Protect Your Employees and Your CustomersSpeakman Safety Brochure- Protect Your Employees and Your Customers
Speakman Safety Brochure- Protect Your Employees and Your CustomersThomas Quinn
 
Temas 9 y 10 georgina
Temas 9 y 10 georginaTemas 9 y 10 georgina
Temas 9 y 10 georginaGeorgina Saman
 
Lk 05
Lk 05Lk 05
Lk 05jayus jayus yus
 
INTLWEAPONLAW
INTLWEAPONLAWINTLWEAPONLAW
INTLWEAPONLAWZauntre Dyer
 
Lk 06
Lk 06Lk 06
Lk 06jayus jayus yus
 
Temas 9 y 10 georgina
Temas 9 y 10 georginaTemas 9 y 10 georgina
Temas 9 y 10 georginaGeorgina Saman
 
Lk 07
Lk 07Lk 07
Lk 07jayus jayus yus
 
FOODBUSINESS
FOODBUSINESSFOODBUSINESS
FOODBUSINESSZauntre Dyer
 
Lk 02
Lk 02Lk 02
Lk 02jayus jayus yus
 

More Related Content

What's hot

Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Health web sites and different health apps 31.12.2020
Health web sites and different health apps 31.12.2020Health web sites and different health apps 31.12.2020
Health web sites and different health apps 31.12.2020Shazia Iqbal
 
Maintaining patient privacy
Maintaining patient privacyMaintaining patient privacy
Maintaining patient privacyspoullard1
 
Pharmacists Gain Recognition as Providers under S. 314
Pharmacists Gain Recognition as Providers under S. 314Pharmacists Gain Recognition as Providers under S. 314
Pharmacists Gain Recognition as Providers under S. 314Travis Leonardi
 
Confidentiality: Effective Training for Healthcare Employees
Confidentiality: Effective Training for Healthcare EmployeesConfidentiality: Effective Training for Healthcare Employees
Confidentiality: Effective Training for Healthcare Employeesjacquelinecwinston
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 

What's hot (9)

Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small Providers
 
Broome
BroomeBroome
Broome
 
Health web sites and different health apps 31.12.2020
Health web sites and different health apps 31.12.2020Health web sites and different health apps 31.12.2020
Health web sites and different health apps 31.12.2020
 
Maintaining patient privacy
Maintaining patient privacyMaintaining patient privacy
Maintaining patient privacy
 
Pharmacists Gain Recognition as Providers under S. 314
Pharmacists Gain Recognition as Providers under S. 314Pharmacists Gain Recognition as Providers under S. 314
Pharmacists Gain Recognition as Providers under S. 314
 
Confidentiality: Effective Training for Healthcare Employees
Confidentiality: Effective Training for Healthcare EmployeesConfidentiality: Effective Training for Healthcare Employees
Confidentiality: Effective Training for Healthcare Employees
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
Hippa
HippaHippa
Hippa
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 

Viewers also liked

Alojamiento de diapositivas u6 a2_slideshare
Alojamiento de diapositivas u6 a2_slideshareAlojamiento de diapositivas u6 a2_slideshare
Alojamiento de diapositivas u6 a2_slideshareJoelus Slide
 
Speakman Safety Brochure- Protect Your Employees and Your Customers
Speakman Safety Brochure- Protect Your Employees and Your CustomersSpeakman Safety Brochure- Protect Your Employees and Your Customers
Speakman Safety Brochure- Protect Your Employees and Your CustomersThomas Quinn
 
Venco Sales Profile General 2016
Venco Sales Profile General 2016Venco Sales Profile General 2016
Venco Sales Profile General 2016Thomas Quinn
 
Change is difficult
Change is difficultChange is difficult
Change is difficultThomas Quinn
 
Benefits of homeopathy
Benefits of homeopathyBenefits of homeopathy
Benefits of homeopathyDrKavita S
 
Colegio de educacion profecional tecnica del estado de mexico
Colegio de educacion profecional tecnica del estado de mexicoColegio de educacion profecional tecnica del estado de mexico
Colegio de educacion profecional tecnica del estado de mexicokevin ortiz
 
Dagobert Trends 2013 : Persocial Years
Dagobert Trends 2013 : Persocial YearsDagobert Trends 2013 : Persocial Years
Dagobert Trends 2013 : Persocial YearsDagobert
 
5 clés pour améliorer sa visibilité sur Internet
5 clés pour améliorer sa visibilité sur Internet5 clés pour améliorer sa visibilité sur Internet
5 clés pour améliorer sa visibilité sur InternetKeeg-seo
 

Viewers also liked (20)

Lk 10
Lk 10Lk 10
Lk 10
 
Lk 08
Lk 08Lk 08
Lk 08
 
Alojamiento de diapositivas u6 a2_slideshare
Alojamiento de diapositivas u6 a2_slideshareAlojamiento de diapositivas u6 a2_slideshare
Alojamiento de diapositivas u6 a2_slideshare
 
Lk 04
Lk 04Lk 04
Lk 04
 
Speakman Safety Brochure- Protect Your Employees and Your Customers
Speakman Safety Brochure- Protect Your Employees and Your CustomersSpeakman Safety Brochure- Protect Your Employees and Your Customers
Speakman Safety Brochure- Protect Your Employees and Your Customers
 
Temas 9 y 10 georgina
Temas 9 y 10 georginaTemas 9 y 10 georgina
Temas 9 y 10 georgina
 
Lk 05
Lk 05Lk 05
Lk 05
 
INTLWEAPONLAW
INTLWEAPONLAWINTLWEAPONLAW
INTLWEAPONLAW
 
Lk 06
Lk 06Lk 06
Lk 06
 
Temas 9 y 10 georgina
Temas 9 y 10 georginaTemas 9 y 10 georgina
Temas 9 y 10 georgina
 
Lk 07
Lk 07Lk 07
Lk 07
 
FOODBUSINESS
FOODBUSINESSFOODBUSINESS
FOODBUSINESS
 
Lk 02
Lk 02Lk 02
Lk 02
 
Venco Sales Profile General 2016
Venco Sales Profile General 2016Venco Sales Profile General 2016
Venco Sales Profile General 2016
 
Change is difficult
Change is difficultChange is difficult
Change is difficult
 
Benefits of homeopathy
Benefits of homeopathyBenefits of homeopathy
Benefits of homeopathy
 
Colegio de educacion profecional tecnica del estado de mexico
Colegio de educacion profecional tecnica del estado de mexicoColegio de educacion profecional tecnica del estado de mexico
Colegio de educacion profecional tecnica del estado de mexico
 
Dagobert Trends 2013 : Persocial Years
Dagobert Trends 2013 : Persocial YearsDagobert Trends 2013 : Persocial Years
Dagobert Trends 2013 : Persocial Years
 
5 clés pour améliorer sa visibilité sur Internet
5 clés pour améliorer sa visibilité sur Internet5 clés pour améliorer sa visibilité sur Internet
5 clés pour améliorer sa visibilité sur Internet
 
Johnny-Five : Robotique et IoT en JavaScript
Johnny-Five : Robotique et IoT en JavaScriptJohnny-Five : Robotique et IoT en JavaScript
Johnny-Five : Robotique et IoT en JavaScript
 

Similar to HIPAA

The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Davis Wright Tremaine LLP
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law TestSachiko Hurst
 
Health Insurance Portability And Accountability Act (HIPAA
Health Insurance Portability And Accountability Act (HIPAAHealth Insurance Portability And Accountability Act (HIPAA
Health Insurance Portability And Accountability Act (HIPAAKatie Gulley
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Envision Technology Advisors
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
Szjp advocacy plan 12.3.17 (1) (1)
Szjp advocacy plan 12.3.17 (1) (1)Szjp advocacy plan 12.3.17 (1) (1)
Szjp advocacy plan 12.3.17 (1) (1)Jonathan Palisoc
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayJamie Boyd
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy PresentationSarah Forbes
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityPolsinelli PC
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...susmitaghosh93
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 

Similar to HIPAA (20)

The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
 
Health Insurance Portability And Accountability Act (HIPAA
Health Insurance Portability And Accountability Act (HIPAAHealth Insurance Portability And Accountability Act (HIPAA
Health Insurance Portability And Accountability Act (HIPAA
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
 
Chapter 1 the goal of hipaa administrative simplification
Chapter 1 the goal of hipaa administrative simplificationChapter 1 the goal of hipaa administrative simplification
Chapter 1 the goal of hipaa administrative simplification
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research Paper
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
Szjp advocacy plan 12.3.17 (1) (1)
Szjp advocacy plan 12.3.17 (1) (1)Szjp advocacy plan 12.3.17 (1) (1)
Szjp advocacy plan 12.3.17 (1) (1)
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
Saúde 2.0
Saúde 2.0Saúde 2.0
Saúde 2.0
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act Essay
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy Presentation
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH Era
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide show
 
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA Training
 

HIPAA

  • 1. 1 To: Kwame Christian, Esq. From: Zauntre Dyer, Intern Date: 1st June 2015 Re: HIPAA Rules and Leaders HIPAA Issue How does the U.S. provide legal protection of health care insurance, specifically to improve the portability of health insurance coverage, to combat healthcare fraud and abuse, as well as to protect individual privacy of personal health records?1 Introduction to HIPAA The federal Health Insurance Portability and Accountability Act, or HIPAA, was enacted in 1996, for the preservation of healthcare insurance and the security of protected health information.2 There are two main sections, or “Titles,” to HIPAA; Title I deals with portability and allows individuals to continue their health coverage after switching jobs.3 Title II includes a set of provisions called “Administrative Simplification” which governs the electronic 1 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 2 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 3 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/
  • 2. 1 maintenance and transmission of healthcare information, while ensuring the privacy and security of identifiable PHI, or protected health information.4 PHI is any information that, even without the presence of a name, can positively identify an individual, and includes names, dates relating to a patient (i.e. birthdate or date of death), addresses, Social Security numbers, finger and voice prints, and many more forms of information.5 The rules and standards of HIPAA apply to the three types of covered entities (CE), including health plans, healthcare providers, or healthcare clearinghouses.6 In addition, any business associate that helps a CE carry out business activities or functions must meet HIPAA compliance.7 As stated by the Code of Federal Regulations (CFR), covered entities and business associates must follow these requirements: (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits. 4 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 5 Department of Health. John J. Dreyzehner, MD, MPH, Commissioner.Retrieved June 1, 2015,from http://health.state.tn.us/hipaa/ 6 U.S Department of Health and Human Services.For Covered Entities and Business Associates.Retrieved June 1, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html 7 U.S Department of Health and Human Services. For Covered Entities and Business Associates.Retrieved June 1, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html
  • 3. 1 (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. (3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part. (4) Ensure compliance with this subpart by its workforce8 Covered entities and business associates are expected to use any and all appropriate security measures to ensure that these standards are met, and must review the CFR’s security measures as necessary in order to preserve the appropriate protection of electronic protected health information.9 A covered entity or business associate may not use or disclose an individual’s PHI unless the information is given to the individual, is for treatment, payment, or healthcare operations, or is required by law.10 The Office of Civil Rights (OCR), of the Department of Health and Human Services (HHS), teaches civil communities about their civil rights and health information privacy rights, while also informing health and social service workers of the patient safety confidentiality laws that they must follow in regards to HIPAA.11 An individual can file a complaint with OCR if 8 ECFR — Code of Federal Regulations.(n.d.). Retrieved June 2, 2015,from http://www.ecfr.gov/cgi -bin/text- idx?SID=5ebc995b5c4623967ed33b44b822bda4&mc=true&node=sp45.1.164.c&rgn=div6 9 ECFR — Code of Federal Regulations.(n.d.). Retrieved June 2, 2015,from http://www.ecfr.gov/cgi-bin/text- idx?SID=5ebc995b5c4623967ed33b44b822bda4&mc=true&node=sp45.1.164.c&rgn=div6 10 ECFR — Code of Federal Regulations.(n.d.). Retrieved June 2, 2015,from http://www.ecfr.gov/cgi -bin/text- idx?SID=5ebc995b5c4623967ed33b44b822bda4&mc=true&node=se45.1.164_1502&rgn=div8 11 How OCR Enforces the HIPAA Privacy & Security Rules.(n.d.). Retrieved June 2, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html
  • 4. 1 he/she believes a CE has violated patient rights under HIPAA. OCR will commit an investigation of the complaint and if it appears that an action could be a criminal violation, OCR may send the complaint over to Department of Justice for investigation.12 If it has been decided that a CE has committed a violation of the, OCR will attempt to resolve the situation by obtaining voluntary compliance, corrective action, and/or resolution agreement.13 If the CE does not appropriately resolve the matter, OCR may decide to impose civil money penalties (CMPs) on the covered entity.14 Complainants will not receive a portion of the CMPs, which are deposited in the U.S. Treasury.15 Private parties may not sue a company.16 National Leaders 12 How OCR Enforces the HIPAA Privacy & Security Rules.(n.d.). Retrieved June 2, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 13 How OCR Enforces the HIPAA Privacy & Security Rules. Retrieved June 2, 2015,from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 14 How OCR Enforces the HIPAA Privacy & Security Rules.Retrieved June 2, 2015, from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 15 How OCR Enforces the HIPAA Privacy & Security Rules. Retrieved June 2, 2015, from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/howocrenforces.html 16 http://health.state.tn.us/hipaa/
  • 5. 1 At the national level, there are several advisors who specialize in HIPAA compliance and claim expertise. Some of these groups are Clearwater Compliance17, Strategic Management18, as well as Abner E. Weintraub and Expert HIPAA.19 Statewide Leaders In Ohio, some leaders in compliance are CALFEE, Frantz Ward, Willis Law Firm, and Shumaker LLP.20 In Columbus, OH specifically, notable experts are INCompliance, Bricker and Eckler, and Kegler and Brown.21 These firms received very high ratings from clients as well as peers. HIPAA Applied to Applications and Websites Media developers need to be highly cautious of the Privacy and Security Rules of HIPAA. App creators must be aware of who is going to be using their apps, (covered entities or the average person), as well as what type of information will be made available (identifiable PHI 17 HIPAA ComplianceExpert Advisors.(n.d.). Retrieved June 2, 2015,from https://clearwatercompliance.com/hipaa-expert-advisors/ 18 Expert HIPAA ComplianceConsultants | Compliance.com. (n.d.). Retrieved June 2, 2015, from http://compliance.com/hipaa-compliance-consultants 19 Abner E. Weintraub - HIPAA & HITECH Consulting| Expert HIPAA. (n.d.). Retrieved June 2, 2015,from http://www.experthipaa.com/ 20 http://www.lawyers.com/health-insurance-portability-and-accountability-act-hipaa/ohio/find-law-firms-by-city/ 21 http://www.lawyers.com/health-insurance-portability-and-accountability-act-hipaa/ohio/find-law-firms-by-city/
  • 6. 1 vs. low-risk medical information such as weight, or disease information).22 Developers must remember that any leak of PHI constitutes as a violation of HIPAA, even if that use of PHI was not intended by the developer.23 Websites can remain HIPAA compliant by ensuring that PHI is always encrypted during storage and transmission, backed up in case it is lost, authorized for certified usage only, and can be permanently destroyed once usage is finished.24 22 HIPAA Compliance:What Every Developer Should Know - InformationWeek. (n.d.). Retrieved June 2, 2015,from http://www.informationweek.com/healthcare/security-and-privacy/hipaa-compliance-what-every-developer- should-know/a/d-id/1297180 23 HIPAA Compliance:What Every Developer Should Know - InformationWeek. (n.d.). Retrieved June 2, 2015,from http://www.informationweek.com/healthcare/security-and-privacy/hipaa-compliance-what-every-developer- should-know/a/d-id/1297180 24 7 Steps to Make your Web Site HIPAA-Secure. (2015,February 13). Retrieved June 2, 2015, from https://luxsci.com/blog/what-makes-a-web-site-hipaa-secure.html