SlideShare a Scribd company logo

Business Associates: How to differentiate your organization using HIPAA compliance

Compliancy Group
Compliancy Group

Vendors that provide services to health care providers and health insurers are under increasing pressure to protect confidential patient/member information and certify compliance with HIPAA. These “business associates” must comply with numerous data privacy and security requirements under HIPAA and state law, and their ability to do so is often a key factor health care companies use when selecting a vendor. To stand out and make the sale, business associates need to be able to demonstrate robust HIPAA compliance and sufficient policies, procedures and protocols to protect their client’s sensitive data. This webinar will address what business associates need to do to comply with HIPAA and how to differentiate your organization from the competition using HIPAA compliance. Presenter: William J. Roberts, Shipman & Goodwin LLP

Health & Medicine
1 of 21
Download to read offline
www.shipmangoodwin.com @SGHealthLaw www.shipmangoodwin.com HARTFORD | STAMFORD | GREENWICH | WASHINGTON, DC Business Associates: How to Differentiate Your Organization Using HIPAA Compliance December 2, 2015 William J. Roberts, Esq. © Shipman & Goodwin LLP 2015. All rights reserved.
www.shipmangoodwin.com @SGHealthLaw Today’s Agenda 2 1 •  Who are HIPAA business associates? 2 •  How can I use HIPAA compliance to my advantage? 3 •  What must I do to comply with HIPAA?
www.shipmangoodwin.com @SGHealthLaw About HIPAA •  HIPAA is a federal law that governs the use, disclosure and safeguarding of individually identifiable health information. v  Referred to as “protected health information” or “PHI.” •  One of many state and federal laws that govern information held by health care providers and health plans. Others include: v  Substance abuse confidentiality regulations; and v  State personal information laws. 3
www.shipmangoodwin.com @SGHealthLaw When Does HIPAA Apply? •  HIPAA applies to most health care providers and health plans (“covered entities”) and certain third parties who use PHI to provide services for or on behalf of the covered entity (“business associates”). v  Business associates often include attorneys, consultants, IT firms, shredding companies and other vendors. •  Exceptions may include: v  health care services provided by schools or colleges/universities; or v  certain health care providers that are cash-only. 4
www.shipmangoodwin.com @SGHealthLaw Identifying Business Associates •  Any individual or organization that either: v  Creates, receives, maintains, or transmits PHI on behalf of a covered entity for a function or activity regulated under HIPAA, such as claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities, billing, benefit management, practice management, or repricing; or v  Provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for a covered entity, if the service involves the disclosure of PHI. •  Those who store or otherwise maintain PHI. •  Certain data transmission services. •  Certain personal health record vendors. •  Subcontractors. 5
www.shipmangoodwin.com @SGHealthLaw Data Transmission Services •  Data Transmission Services v  Business associates include health information organizations and e- prescribing gateways. v  To qualify as a business associate, the data transmission service must have “routine” access to the PHI it is transmitting. v  The “conduit exception” – if an entity is simply acting as a pass- through with no routine access, not a business associate. ►  Examples include telephone company, UPS and courier services. 6
www.shipmangoodwin.com @SGHealthLaw Personal Health Record Vendors •  Personal Health Record vendors may be a business associate. v  Not all vendors of personal health records will be your business associate. v  Fact-specific determination. v  Key: If you are hiring a vendor to provide a personal health record service for your patients, the vendor is likely a business associate. 7
www.shipmangoodwin.com @SGHealthLaw Entities that “Maintain” PHI •  The definition of business associate includes entities which “maintain” PHI on behalf of a covered entity, even if the entity does not access or view the PHI. v  Includes paper record and cloud storage firms. v  Whether the vendor accesses your PHI is irrelevant. •  Entities that “temporarily” maintain or store PHI. v  If the conduit exception applies, no business associate relationship (i.e. UPS or an internet service provider temporarily storing PHI while transmitting it, while not routinely accessing it). v  Otherwise, temporary storage would create a business associate relationship (e.g. a shredding company which temporarily maintains PHI prior to shredding it). 8
www.shipmangoodwin.com @SGHealthLaw Subcontractors •  The definition of “business associate” includes subcontractors that create, receive, maintain, or transmit PHI on behalf of a business associate. v  Excludes workforce members. v  Examples: ►  Hospital engages a consulting firm to advise the hospital on quality and patient safety issues, and provides PHI to the consulting firm as part of the engagement. ►  Consulting firm in turn provides the PHI to a third party copy center, off-site shredding firm and cloud storage email platform. •  HIPAA applies to all downstream subcontractors in the same manner as it applies to the business associates that directly contract with covered entities. 9
www.shipmangoodwin.com @SGHealthLaw Non-Business Associate Vendors •  Generally, a vendor is not a business associate if it does not receive, use, disclose or maintain PHI. •  Examples: v  IT vendor will have access to hospital information systems to install, update or maintain malware protection (but not PHI). v  Cleaning service with access to staff offices, medical record rooms or other areas in which PHI may exist. v  A software company which licenses a locally hosted program which utilizes or processes PHI. v  A consultant who is granted limited access to quality, compliance or other internal reports which include only aggregate information. 10
www.shipmangoodwin.com @SGHealthLaw HIPAA Compliance is Good for Business (Seriously) •  View HIPAA compliance as less of a burden, and more of a marketing opportunity. •  Use compliance to differentiate yourself from the competition v  HIPAA compliance statement on your website. v  Post copy of HIPAA privacy policy? v  Inform potential customers of highlights of your HIPAA compliance program – work with counsel, training programs, policies, risk assessments. v  Address your commitment to compliance in sales and marketing materials. 11
www.shipmangoodwin.com @SGHealthLaw HIPAA Compliance is Good for Business (Seriously) •  Be able to answer vendor screening tools quickly, accurately and confidently. v  More and more health care providers use such tools to “weed out” potential vendors who lack sufficient HIPAA compliance programs – be ready so you aren’t one of the vendors cut. •  Offer potential health care sector clients the option to review your HIPAA compliance program, policies and procedures. •  Make your HIPAA privacy officer available for questions. 12
www.shipmangoodwin.com @SGHealthLaw How To Comply With HIPAA – A Checklist 13 ü Privacy Policies ü Security Policies ü Appoint Privacy and Security Officer ü Training ü Data Incident Response Plan
www.shipmangoodwin.com @SGHealthLaw Privacy Policies •  Identifying HIPAA covered entity clients v  BAA process •  Collection, access and use of health information v  What information will you/must you collect? Minimum necessary? v  How will you use and/or disclose it? Internally? To subcontractors? •  Designated Record Set policy; Accounting of Disclosures •  Appointment of Privacy Officer •  Training Policy •  Complaints •  Sanctions for violation of HIPAA compliance program 14
www.shipmangoodwin.com @SGHealthLaw Security Policies •  Risk assessment, analysis and management policies •  Appoint security officer •  Auditing •  Data backup/storage •  Disaster recovery/emergency operations •  Workstation use (e.g. access, passwords, authentication) •  PHI disposal (paper and electronic) •  Media re-use •  Encryption •  Physical security (e.g. locks, office access, securing files) 15
www.shipmangoodwin.com @SGHealthLaw Training •  Business associates must establish a training program to provide HIPAA education and security awareness to employees and applicable contractors. v  Conduct training within 30 days of hire and at least annually thereafter. v  Consider periodic emails/reminders, posters or other educational approaches. v  Address HIPAA, security best practices and knowledge of entity HIPAA compliance program, such as how to report a data breach. •  Training may be held online; however, if done through an online program, provide an opportunity for employee questions. 16
www.shipmangoodwin.com @SGHealthLaw Data Incident Response Plan •  Define what is meant by a data incident. v  Go beyond HIPAA. •  Establish an internal reporting protocol. •  Consider convening a data incident response committee (IT, admin, C- Suite, Privacy/Security officers, HR, legal). v  Consider the benefit of attorney-client privilege. •  Understand legal and contractual obligations to clients and affected individuals. •  Address insurance coverage up-front and notify insurance if necessary. 17
www.shipmangoodwin.com @SGHealthLaw Keeping Your HIPAA Compliance Program Current •  HIPAA compliance is not a “one and done” process and requires a continual, periodic review and update of your policies and procedures. •  The government and your customers will expect you to review your HIPAA compliance program at least once per year and any time there is a significant change to your organization (e.g. new office, new computer system) v  Consider having an outside party review your HIPAA compliance program – benefit to fresh eyes and an independent analysis brings more credibility. v  Establish a relationship to enable you to learn of changes to HIPAA. 18
www.shipmangoodwin.com @SGHealthLaw Additional Compliance Strategies •  Ask: Does my entire organization need to comply with HIPAA? If not, which departments? Which employees? Which subcontractors? v  Cater your HIPAA compliance program to your covered functions/ personnel. •  Ask: Do we already address what is required by HIPAA through other policies or programs? v  Don’t re-invent the wheel. v  Many companies have existing policies which can be re-cast for HIPAA purposes – saves time and money. •  Ask: Can we incorporate HIPAA into an existing compliance program? 19
www.shipmangoodwin.com @SGHealthLaw Biography & Contact Information William Roberts is an associate in Shipman & Goodwin LLP’s Health Law Practice Group and is the Chair of the firm’s Privacy and Data Protection Group. Bill focuses his practice on health care corporate, regulatory, data privacy and compliance matters. He represents health care providers; health insurers; medical device and pharmaceutical companies and a wide variety of technology, consulting and other entities which operate in the health care sector. As Chair of the firm’s Privacy and Data Protection Group, Bill routinely advises clients on data privacy and security laws, particularly as those laws intersect with the health care industry. He prepares comprehensive privacy and data security programs and policies for businesses, and regularly counsels clients regarding the collection, use, retention, disclosure, transfer and disposal of protected health information and personal information. Bill has assisted clients navigate and remediate over 150 data breaches. William J. Roberts, Esq. Shipman & Goodwin LLP 860-251-5051 wroberts@goodwin.com http://shipmangoodwin.com/wroberts 20
855.85HIPAA www.compliancygroup.com 21Copyright 2007-2015 HIPAA Education Series sponsored by: www.compliancy-group.com 855.85 HIPAA (855.854.4722) Compliance In 3 Steps! The Guard Outside Consultant Manuals or Templates Risk Assessmen Provider Other Compliance Software

Recommended

HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
Compliancy Group
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
Deena Fetrow
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010
DataMotion
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud
Compliancy Group
 
The caldicott role in general practice vo presentation
The caldicott role in general practice vo presentationThe caldicott role in general practice vo presentation
The caldicott role in general practice vo presentation
OutlookSouthWest
 
Review of Caldicott report-2 2013 by Dr Saurabh Bhatia
Review of Caldicott report-2 2013 by Dr Saurabh BhatiaReview of Caldicott report-2 2013 by Dr Saurabh Bhatia
Review of Caldicott report-2 2013 by Dr Saurabh Bhatia
allbhatias
 
Keeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementKeeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor Management
Paige Rasid
 

Recommended

HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
Compliancy Group
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
Deena Fetrow
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010
DataMotion
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud
Compliancy Group
 
The caldicott role in general practice vo presentation
The caldicott role in general practice vo presentationThe caldicott role in general practice vo presentation
The caldicott role in general practice vo presentation
OutlookSouthWest
 
Review of Caldicott report-2 2013 by Dr Saurabh Bhatia
Review of Caldicott report-2 2013 by Dr Saurabh BhatiaReview of Caldicott report-2 2013 by Dr Saurabh Bhatia
Review of Caldicott report-2 2013 by Dr Saurabh Bhatia
allbhatias
 
Keeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementKeeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor Management
Paige Rasid
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
Ryan Snell
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
ClearDATACloud
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
ControlCase
 
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Medical Billers and Coders
 
Hipaa Compliance
Hipaa Compliance Hipaa Compliance
Hipaa Compliance
DeterminedSkin124
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry compliance
Thomas Bronack
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
Jose Ivan Delgado, Ph.D.
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
HIPAA
HIPAA HIPAA
HIPAA
ravelo1212
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
Compliancy Group
 
HIPAA
HIPAAHIPAA
HIPAA
belziebub
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
Kartheek Kein
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations
OnRamp
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
TrueVault
 
Understanding HIPAA / HITECH as a Mail Service Provider
Understanding HIPAA / HITECH as a Mail Service ProviderUnderstanding HIPAA / HITECH as a Mail Service Provider
Understanding HIPAA / HITECH as a Mail Service Provider
Karla Humphrey
 
hitech act
hitech acthitech act
hitech act
padler01
 
Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...
GaryRichards30
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
MassEHealth
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
Compliancy Group
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
Compliancy Group
 

More Related Content

What's hot

HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
Ryan Snell
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
ClearDATACloud
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
ControlCase
 
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Medical Billers and Coders
 
Hipaa Compliance
Hipaa Compliance Hipaa Compliance
Hipaa Compliance
DeterminedSkin124
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry compliance
Thomas Bronack
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
Jose Ivan Delgado, Ph.D.
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
HIPAA
HIPAA HIPAA
HIPAA
ravelo1212
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
Compliancy Group
 
HIPAA
HIPAAHIPAA
HIPAA
belziebub
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
Kartheek Kein
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations
OnRamp
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
TrueVault
 
Understanding HIPAA / HITECH as a Mail Service Provider
Understanding HIPAA / HITECH as a Mail Service ProviderUnderstanding HIPAA / HITECH as a Mail Service Provider
Understanding HIPAA / HITECH as a Mail Service Provider
Karla Humphrey
 
hitech act
hitech acthitech act
hitech act
padler01
 
Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...
GaryRichards30
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
MassEHealth
 

What's hot (20)

HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
 
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
 
Hipaa Compliance
Hipaa Compliance Hipaa Compliance
Hipaa Compliance
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry compliance
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA
HIPAA HIPAA
HIPAA
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
HIPAA
HIPAAHIPAA
HIPAA
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
 
Understanding HIPAA / HITECH as a Mail Service Provider
Understanding HIPAA / HITECH as a Mail Service ProviderUnderstanding HIPAA / HITECH as a Mail Service Provider
Understanding HIPAA / HITECH as a Mail Service Provider
 
hitech act
hitech acthitech act
hitech act
 
Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
 

Similar to Business Associates: How to differentiate your organization using HIPAA compliance

How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
Compliancy Group
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
Compliancy Group
 
Is your billing partner hipaa compliant
Is your billing partner hipaa compliantIs your billing partner hipaa compliant
Is your billing partner hipaa compliant
jennyvergeese
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
rogersons
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
Carbonite
 
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
RightScale
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
Compliancy Group
 
Best Practices to Avoid HIPAA Violations in a Medical Practice
Best Practices to Avoid HIPAA Violations in a Medical PracticeBest Practices to Avoid HIPAA Violations in a Medical Practice
Best Practices to Avoid HIPAA Violations in a Medical Practice
Medical Transcription Service Company
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
Kimberly Simon MBA
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
Kimberly Simon MBA
 
How good we are in adhering HIPAA rules
How good we are in adhering HIPAA rulesHow good we are in adhering HIPAA rules
How good we are in adhering HIPAA rules
Medical Transcriptions Service
 
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfUnderstanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
OmniMD Healthcare
 
Navigating Healthcare Compliance: A Guide to HIPAA Certification
Navigating Healthcare Compliance: A Guide to HIPAA CertificationNavigating Healthcare Compliance: A Guide to HIPAA Certification
Navigating Healthcare Compliance: A Guide to HIPAA Certification
ShyamMishra72
 
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesProtecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Conference Panel
 
Demystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to ComplianceDemystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to Compliance
ShyamMishra72
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
Provider Resources Group
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010
DataMotion
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
Allison Walton
 

Similar to Business Associates: How to differentiate your organization using HIPAA compliance (20)

How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
 
Is your billing partner hipaa compliant
Is your billing partner hipaa compliantIs your billing partner hipaa compliant
Is your billing partner hipaa compliant
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
 
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
 
Best Practices to Avoid HIPAA Violations in a Medical Practice
Best Practices to Avoid HIPAA Violations in a Medical PracticeBest Practices to Avoid HIPAA Violations in a Medical Practice
Best Practices to Avoid HIPAA Violations in a Medical Practice
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
How good we are in adhering HIPAA rules
How good we are in adhering HIPAA rulesHow good we are in adhering HIPAA rules
How good we are in adhering HIPAA rules
 
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfUnderstanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
 
Navigating Healthcare Compliance: A Guide to HIPAA Certification
Navigating Healthcare Compliance: A Guide to HIPAA CertificationNavigating Healthcare Compliance: A Guide to HIPAA Certification
Navigating Healthcare Compliance: A Guide to HIPAA Certification
 
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesProtecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
 
Demystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to ComplianceDemystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to Compliance
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
 
Healthcare preparedness 2010
Healthcare preparedness 2010Healthcare preparedness 2010
Healthcare preparedness 2010
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
 

More from Compliancy Group

HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
Compliancy Group
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 audits
Compliancy Group
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practice
Compliancy Group
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
Compliancy Group
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA Audit
Compliancy Group
 
Meaningful Use vs HIPAA
Meaningful Use vs HIPAAMeaningful Use vs HIPAA
Meaningful Use vs HIPAA
Compliancy Group
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
Compliancy Group
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Compliancy Group
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperability
Compliancy Group
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10
Compliancy Group
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for Auditing
Compliancy Group
 
Business Associate and HIPAA Comliance Infographic
Business Associate and HIPAA Comliance InfographicBusiness Associate and HIPAA Comliance Infographic
Business Associate and HIPAA Comliance Infographic
Compliancy Group
 
Surving a HIPAA Audit Infographic
Surving a HIPAA Audit InfographicSurving a HIPAA Audit Infographic
Surving a HIPAA Audit Infographic
Compliancy Group
 
Cyber & Privacy Risk Infographic
Cyber & Privacy Risk InfographicCyber & Privacy Risk Infographic
Cyber & Privacy Risk Infographic
Compliancy Group
 
Surviving a HIPAA Audit: Five Crucial Steps
Surviving a HIPAA Audit: Five Crucial Steps Surviving a HIPAA Audit: Five Crucial Steps
Surviving a HIPAA Audit: Five Crucial Steps
Compliancy Group
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Compliancy Group
 
HIPAA Breach: Did You Know?
HIPAA Breach: Did You Know?HIPAA Breach: Did You Know?
HIPAA Breach: Did You Know?
Compliancy Group
 
Maintaining HIPAA Compliance with Cloud Based Solutions
Maintaining HIPAA Compliance with Cloud Based SolutionsMaintaining HIPAA Compliance with Cloud Based Solutions
Maintaining HIPAA Compliance with Cloud Based Solutions
Compliancy Group
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
 

More from Compliancy Group (20)

HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 audits
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practice
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA Audit
 
Meaningful Use vs HIPAA
Meaningful Use vs HIPAAMeaningful Use vs HIPAA
Meaningful Use vs HIPAA
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperability
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for Auditing
 
Business Associate and HIPAA Comliance Infographic
Business Associate and HIPAA Comliance InfographicBusiness Associate and HIPAA Comliance Infographic
Business Associate and HIPAA Comliance Infographic
 
Surving a HIPAA Audit Infographic
Surving a HIPAA Audit InfographicSurving a HIPAA Audit Infographic
Surving a HIPAA Audit Infographic
 
Cyber & Privacy Risk Infographic
Cyber & Privacy Risk InfographicCyber & Privacy Risk Infographic
Cyber & Privacy Risk Infographic
 
Surviving a HIPAA Audit: Five Crucial Steps
Surviving a HIPAA Audit: Five Crucial Steps Surviving a HIPAA Audit: Five Crucial Steps
Surviving a HIPAA Audit: Five Crucial Steps
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
HIPAA Breach: Did You Know?
HIPAA Breach: Did You Know?HIPAA Breach: Did You Know?
HIPAA Breach: Did You Know?
 
Maintaining HIPAA Compliance with Cloud Based Solutions
Maintaining HIPAA Compliance with Cloud Based SolutionsMaintaining HIPAA Compliance with Cloud Based Solutions
Maintaining HIPAA Compliance with Cloud Based Solutions
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 

Recently uploaded

Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptxEar and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 
vonoprazan A novel drug for GERD presentation
vonoprazan A novel drug for GERD presentationvonoprazan A novel drug for GERD presentation
vonoprazan A novel drug for GERD presentation
Dr.pavithra Anandan
 
OCT Training Course for clinical practice Part 1
OCT Training Course for clinical practice Part 1OCT Training Course for clinical practice Part 1
OCT Training Course for clinical practice Part 1
KafrELShiekh University
 
The Electrocardiogram - Physiologic Principles
The Electrocardiogram - Physiologic PrinciplesThe Electrocardiogram - Physiologic Principles
The Electrocardiogram - Physiologic Principles
MedicoseAcademics
 
K CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấu
K CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấuK CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấu
K CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấu
HongBiThi1
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
rishi2789
 
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
rishi2789
 
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptxREGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
LaniyaNasrink
 
Ketone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistryKetone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistry
Dhayanithi C
 
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptxMuscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 
Complementary feeding in infant IAP PROTOCOLS
Complementary feeding in infant IAP PROTOCOLSComplementary feeding in infant IAP PROTOCOLS
Complementary feeding in infant IAP PROTOCOLS
chiranthgowda16
 
Chapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptxChapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptx
Earlene McNair
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
Jim Jacob Roy
 
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotesPromoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
PsychoTech Services
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
taiba qazi
 
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
rishi2789
 
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptxVestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdfCHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
rishi2789
 
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
rishi2789
 
TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...
TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...
TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...
Donc Test
 

Recently uploaded (20)

Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptxEar and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
Ear and its clinical correlations By Dr. Rabia Inam Gandapore.pptx
 
vonoprazan A novel drug for GERD presentation
vonoprazan A novel drug for GERD presentationvonoprazan A novel drug for GERD presentation
vonoprazan A novel drug for GERD presentation
 
OCT Training Course for clinical practice Part 1
OCT Training Course for clinical practice Part 1OCT Training Course for clinical practice Part 1
OCT Training Course for clinical practice Part 1
 
The Electrocardiogram - Physiologic Principles
The Electrocardiogram - Physiologic PrinciplesThe Electrocardiogram - Physiologic Principles
The Electrocardiogram - Physiologic Principles
 
K CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấu
K CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấuK CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấu
K CỔ TỬ CUNG.pdf tự ghi chép, chữ hơi xấu
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
 
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
 
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptxREGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
 
Ketone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistryKetone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistry
 
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptxMuscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
 
Complementary feeding in infant IAP PROTOCOLS
Complementary feeding in infant IAP PROTOCOLSComplementary feeding in infant IAP PROTOCOLS
Complementary feeding in infant IAP PROTOCOLS
 
Chapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptxChapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptx
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
 
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotesPromoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
 
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
 
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptxVestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
Vestibulocochlear Nerve by Dr. Rabia Inam Gandapore.pptx
 
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdfCHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
CHEMOTHERAPY_RDP_CHAPTER 6_Anti Malarial Drugs.pdf
 
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 4_ANTI VIRAL DRUGS.pdf
 
TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...
TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...
TEST BANK For Community and Public Health Nursing: Evidence for Practice, 3rd...
 

Business Associates: How to differentiate your organization using HIPAA compliance

  • 1. www.shipmangoodwin.com @SGHealthLaw www.shipmangoodwin.com HARTFORD | STAMFORD | GREENWICH | WASHINGTON, DC Business Associates: How to Differentiate Your Organization Using HIPAA Compliance December 2, 2015 William J. Roberts, Esq. © Shipman & Goodwin LLP 2015. All rights reserved.
  • 2. www.shipmangoodwin.com @SGHealthLaw Today’s Agenda 2 1 •  Who are HIPAA business associates? 2 •  How can I use HIPAA compliance to my advantage? 3 •  What must I do to comply with HIPAA?
  • 3. www.shipmangoodwin.com @SGHealthLaw About HIPAA •  HIPAA is a federal law that governs the use, disclosure and safeguarding of individually identifiable health information. v  Referred to as “protected health information” or “PHI.” •  One of many state and federal laws that govern information held by health care providers and health plans. Others include: v  Substance abuse confidentiality regulations; and v  State personal information laws. 3
  • 4. www.shipmangoodwin.com @SGHealthLaw When Does HIPAA Apply? •  HIPAA applies to most health care providers and health plans (“covered entities”) and certain third parties who use PHI to provide services for or on behalf of the covered entity (“business associates”). v  Business associates often include attorneys, consultants, IT firms, shredding companies and other vendors. •  Exceptions may include: v  health care services provided by schools or colleges/universities; or v  certain health care providers that are cash-only. 4
  • 5. www.shipmangoodwin.com @SGHealthLaw Identifying Business Associates •  Any individual or organization that either: v  Creates, receives, maintains, or transmits PHI on behalf of a covered entity for a function or activity regulated under HIPAA, such as claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities, billing, benefit management, practice management, or repricing; or v  Provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for a covered entity, if the service involves the disclosure of PHI. •  Those who store or otherwise maintain PHI. •  Certain data transmission services. •  Certain personal health record vendors. •  Subcontractors. 5
  • 6. www.shipmangoodwin.com @SGHealthLaw Data Transmission Services •  Data Transmission Services v  Business associates include health information organizations and e- prescribing gateways. v  To qualify as a business associate, the data transmission service must have “routine” access to the PHI it is transmitting. v  The “conduit exception” – if an entity is simply acting as a pass- through with no routine access, not a business associate. ►  Examples include telephone company, UPS and courier services. 6
  • 7. www.shipmangoodwin.com @SGHealthLaw Personal Health Record Vendors •  Personal Health Record vendors may be a business associate. v  Not all vendors of personal health records will be your business associate. v  Fact-specific determination. v  Key: If you are hiring a vendor to provide a personal health record service for your patients, the vendor is likely a business associate. 7
  • 8. www.shipmangoodwin.com @SGHealthLaw Entities that “Maintain” PHI •  The definition of business associate includes entities which “maintain” PHI on behalf of a covered entity, even if the entity does not access or view the PHI. v  Includes paper record and cloud storage firms. v  Whether the vendor accesses your PHI is irrelevant. •  Entities that “temporarily” maintain or store PHI. v  If the conduit exception applies, no business associate relationship (i.e. UPS or an internet service provider temporarily storing PHI while transmitting it, while not routinely accessing it). v  Otherwise, temporary storage would create a business associate relationship (e.g. a shredding company which temporarily maintains PHI prior to shredding it). 8
  • 9. www.shipmangoodwin.com @SGHealthLaw Subcontractors •  The definition of “business associate” includes subcontractors that create, receive, maintain, or transmit PHI on behalf of a business associate. v  Excludes workforce members. v  Examples: ►  Hospital engages a consulting firm to advise the hospital on quality and patient safety issues, and provides PHI to the consulting firm as part of the engagement. ►  Consulting firm in turn provides the PHI to a third party copy center, off-site shredding firm and cloud storage email platform. •  HIPAA applies to all downstream subcontractors in the same manner as it applies to the business associates that directly contract with covered entities. 9
  • 10. www.shipmangoodwin.com @SGHealthLaw Non-Business Associate Vendors •  Generally, a vendor is not a business associate if it does not receive, use, disclose or maintain PHI. •  Examples: v  IT vendor will have access to hospital information systems to install, update or maintain malware protection (but not PHI). v  Cleaning service with access to staff offices, medical record rooms or other areas in which PHI may exist. v  A software company which licenses a locally hosted program which utilizes or processes PHI. v  A consultant who is granted limited access to quality, compliance or other internal reports which include only aggregate information. 10
  • 11. www.shipmangoodwin.com @SGHealthLaw HIPAA Compliance is Good for Business (Seriously) •  View HIPAA compliance as less of a burden, and more of a marketing opportunity. •  Use compliance to differentiate yourself from the competition v  HIPAA compliance statement on your website. v  Post copy of HIPAA privacy policy? v  Inform potential customers of highlights of your HIPAA compliance program – work with counsel, training programs, policies, risk assessments. v  Address your commitment to compliance in sales and marketing materials. 11
  • 12. www.shipmangoodwin.com @SGHealthLaw HIPAA Compliance is Good for Business (Seriously) •  Be able to answer vendor screening tools quickly, accurately and confidently. v  More and more health care providers use such tools to “weed out” potential vendors who lack sufficient HIPAA compliance programs – be ready so you aren’t one of the vendors cut. •  Offer potential health care sector clients the option to review your HIPAA compliance program, policies and procedures. •  Make your HIPAA privacy officer available for questions. 12
  • 13. www.shipmangoodwin.com @SGHealthLaw How To Comply With HIPAA – A Checklist 13 ü Privacy Policies ü Security Policies ü Appoint Privacy and Security Officer ü Training ü Data Incident Response Plan
  • 14. www.shipmangoodwin.com @SGHealthLaw Privacy Policies •  Identifying HIPAA covered entity clients v  BAA process •  Collection, access and use of health information v  What information will you/must you collect? Minimum necessary? v  How will you use and/or disclose it? Internally? To subcontractors? •  Designated Record Set policy; Accounting of Disclosures •  Appointment of Privacy Officer •  Training Policy •  Complaints •  Sanctions for violation of HIPAA compliance program 14
  • 15. www.shipmangoodwin.com @SGHealthLaw Security Policies •  Risk assessment, analysis and management policies •  Appoint security officer •  Auditing •  Data backup/storage •  Disaster recovery/emergency operations •  Workstation use (e.g. access, passwords, authentication) •  PHI disposal (paper and electronic) •  Media re-use •  Encryption •  Physical security (e.g. locks, office access, securing files) 15
  • 16. www.shipmangoodwin.com @SGHealthLaw Training •  Business associates must establish a training program to provide HIPAA education and security awareness to employees and applicable contractors. v  Conduct training within 30 days of hire and at least annually thereafter. v  Consider periodic emails/reminders, posters or other educational approaches. v  Address HIPAA, security best practices and knowledge of entity HIPAA compliance program, such as how to report a data breach. •  Training may be held online; however, if done through an online program, provide an opportunity for employee questions. 16
  • 17. www.shipmangoodwin.com @SGHealthLaw Data Incident Response Plan •  Define what is meant by a data incident. v  Go beyond HIPAA. •  Establish an internal reporting protocol. •  Consider convening a data incident response committee (IT, admin, C- Suite, Privacy/Security officers, HR, legal). v  Consider the benefit of attorney-client privilege. •  Understand legal and contractual obligations to clients and affected individuals. •  Address insurance coverage up-front and notify insurance if necessary. 17
  • 18. www.shipmangoodwin.com @SGHealthLaw Keeping Your HIPAA Compliance Program Current •  HIPAA compliance is not a “one and done” process and requires a continual, periodic review and update of your policies and procedures. •  The government and your customers will expect you to review your HIPAA compliance program at least once per year and any time there is a significant change to your organization (e.g. new office, new computer system) v  Consider having an outside party review your HIPAA compliance program – benefit to fresh eyes and an independent analysis brings more credibility. v  Establish a relationship to enable you to learn of changes to HIPAA. 18
  • 19. www.shipmangoodwin.com @SGHealthLaw Additional Compliance Strategies •  Ask: Does my entire organization need to comply with HIPAA? If not, which departments? Which employees? Which subcontractors? v  Cater your HIPAA compliance program to your covered functions/ personnel. •  Ask: Do we already address what is required by HIPAA through other policies or programs? v  Don’t re-invent the wheel. v  Many companies have existing policies which can be re-cast for HIPAA purposes – saves time and money. •  Ask: Can we incorporate HIPAA into an existing compliance program? 19
  • 20. www.shipmangoodwin.com @SGHealthLaw Biography & Contact Information William Roberts is an associate in Shipman & Goodwin LLP’s Health Law Practice Group and is the Chair of the firm’s Privacy and Data Protection Group. Bill focuses his practice on health care corporate, regulatory, data privacy and compliance matters. He represents health care providers; health insurers; medical device and pharmaceutical companies and a wide variety of technology, consulting and other entities which operate in the health care sector. As Chair of the firm’s Privacy and Data Protection Group, Bill routinely advises clients on data privacy and security laws, particularly as those laws intersect with the health care industry. He prepares comprehensive privacy and data security programs and policies for businesses, and regularly counsels clients regarding the collection, use, retention, disclosure, transfer and disposal of protected health information and personal information. Bill has assisted clients navigate and remediate over 150 data breaches. William J. Roberts, Esq. Shipman & Goodwin LLP 860-251-5051 wroberts@goodwin.com http://shipmangoodwin.com/wroberts 20
  • 21. 855.85HIPAA www.compliancygroup.com 21Copyright 2007-2015 HIPAA Education Series sponsored by: www.compliancy-group.com 855.85 HIPAA (855.854.4722) Compliance In 3 Steps! The Guard Outside Consultant Manuals or Templates Risk Assessmen Provider Other Compliance Software