SlideShare a Scribd company logo

Hipaa training in diversido

Download as PPTX, PDF
D
Diversido

by Yasmina Makh

Healthcare
1 of 30
HIPAA Training 1
2 Every Diversido employee/contractor must know: 1. What is HIPAA 2. What information is protected by HIPAA 3. What violations of HIPAA can be 4. What sanctions will be applied to violators 5. What document must be signed under the HIPAA
HIPAA - 3 Health Insurance Portability and Accountability Act, a federal law of USA, 1996. HIPAA Definitions
4 Purpose of HIPAA: ● to modernize the flow of healthcare information, ● to protect from fraud and theft Personally Identifiable Information maintained by the healthcare and healthcare insurance industries, ● administrative simplification for electronic health care transactions - code sets, unique health identifiers. HIPAA includes HIPAA Privacy rule and HIPAA Security rule.
HIPAA Privacy rule 5 focuses on protections for PHI (Protected Health Information) from a people standpoint using training, contracts, policies and procedures, etc.
HIPAA Security rule 6 focuses on protections specifically for ePHI (electronic protected health information). It is a federal minimum floor of information technology standards and protections (firewalls, password policies, antivirus, encryption, etc.)
7 The Security rule applies only to ePHI, while the Privacy Rule applies to PHI which may be in electronic, oral, and paper form.
Personally Identifiable Information (PII) 8 any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources (name, fingerprints, email, telephone, social security number)
Protected Health Information (PHI) 9 Individually Identifiable Health Information that is transmitted and maintained in electronic media or in any other form or medium.
Individually Identifiable Health Information (IIHI) 10 information that is a subset of health information, including demographic information
11 Individually Identifiable Health Information (1/4) ● Contains identifiers of the patient, relatives, employers, or household members such as the following: ○ Names. ○ Geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code (except for the initial 3 digits of a zip code if, according to the current publicly available data from the Bureaus of the Census all zip codes with the same 3 initial digits contains more than 20,000 people) … next slide
12 Individually Identifiable Health Information (2/4) ○ All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, date of death, all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. ○ Telephone numbers. ○ Fax numbers. ○ Email addresses. ○ Social security numbers. ○ Medical record numbers. … next slide
13 Individually Identifiable Health Information (3/4) ○ Health plan beneficiary numbers. ○ Account numbers. ○ Certificate/license numbers. ○ Vehicle identifiers and serial numbers, including license plate numbers. ○ Device identifiers and serial numbers. ○ Biometric identifiers, including finger and voice prints. ○ Full face photographic images and any comparable images. ○ Any other unique identifying number, characteristic, or code.
14 Individually Identifiable Health Information (4/4) ● Is created or received by a health care provider, health plan, employer, or health care clearinghouse. ● Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. ● That identifies the individual. ● With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
15 Business Associate Agreement legal document under HIPAA legally attest to the client providing PHI that covered entity is HIPAA compliant and agrees to abide by HIPAA. After signing the contract, covered entity is under the legal fines and penalties of HIPAA.
HIPAA - funny training video 16
17 HIPAA in Diversido ● HIPAA Privacy Policy - Diversido: http://bit.ly/37XNLw6 ● HIPAA Security Policy - Diversido: http://bit.ly/2LiX0gA ● HIPAA Sanction Policy - Diversido: http://bit.ly/382Xrp2 ● HIPAA Compliance - Audit checklist: http://bit.ly/2Rgvd4c (is applicable to a project and a company)
18 HIPAA in Diversido The main principles of work with HIPAA covered projects: 1. Role-based access to PHI 2.Increased security requirements to production 3.Responsibility to report known HIPAA risks or violations
19 HIPAA in Diversido Recommendations for employees/ contractors: 1. Don’t copy any ePHI to the personal computer. 2. Use a password protection for personal computer access. 3. Don’t share Diversido testing devices with third parties. 4. Activate Windows Defender on personal computer (for Windows users). 5. Use Bitwarden for passwords management: http://bit.ly/2qeVrZN. 6. All access information must be removed from workstations after the work on the project completion. 7. Computer hard drives and device memory are recommended to be removed without the ability to recover information before selling or transferring their used workstations for recycling.
Offenses Gradation and Sanctions Application 20 According to HIPAA Sanction Policy in Diversido there are three levels of violations that require progressive sanctions to be applied. Depending on the seriousness of the violation, level 3 is the most serious.
21 Level 1: Unintentional breach caused by lack of knowledge, of judgment, human error or carelessness ● Accessing information that you do not need to know to do your job. ● Sharing PHI with another employee without authorization. ● Copying PHI without authorization. ● Changing PHI without authorization. ● Discussing confidential information in a public area or in an area where the public could overhear the conversation. ● Discussing confidential information with an unauthorized person. ● Leaving your computer unattended while you are logged into a PHI system. ● Failure to cooperate with the privacy officer. ● Misdirecting a document containing PHI (email, fax, etc).
22 Level 1: Sanctions may include, but are not limited to: ● Written and verbal reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how it impacts the said employee and said employee’s department. ● Retraining on the proper use of internal forms and HIPAA required forms.
23 Level 2: Deliberate or purposeful violation without harmful intent and effects ● The second offense of any level 1 offense (does not have to be the same offense). ● Sharing your personal access codes (username & password). ● Using another person’s personal access codes (username & password). ● Unauthorized use or disclosure of PHI to third parties. ● Failure to comply with policies and procedures already in place. ● Failure to comply with a team resolution or recommendation. ● Accessing the information of high profile people or celebrities.
24 Level 2: Sanctions may include, but are not limited to: ● Verbal and written reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how they impact the said employee/contractor and said department. ● Retraining on the proper use of internal forms and HIPAA required forms. ● Termination of employment.
25 Level 3: Deliberate unauthorized disclosure of PHI for malice or personal gain with harmful effects ● The third offense of any level 1 offense (does not have to be the same offense). ● The second offense of any level 2 offense (does not have to be the same offense). ● Obtaining PHI under false pretenses. ● Using and/or disclosing PHI for commercial advantage, personal gain or malicious harm. ● Deliberately destroying or altering records with intent of defrauding.
26 Level 3: Sanctions may include, but are not limited to: ● Termination of employment. ● A fine in the amount of monthly salary (non-payment of wages). ● Civil penalties as provided under HIPAA or other applicable. Federal/State/Local law; or, ● Criminal penalties as provided under HIPAA or other applicable Federal/State/Local law.
27 Criminal sanctions in Ukraine ● Unlawful collection, storage, use, destruction, dissemination of confidential information about a person or unlawful alteration of such information, except in cases provided by other articles of this Code, - ○ are punishable by a fine of five hundred to one thousand non-taxable minimum incomes, or correctional labor for a term up to two years, or arrest for a term up to six months, or restraint of liberty for a term up to three years. ● If the same actions are taken repeatedly, or if they caused significant harm to the rights, freedoms and interests of a person protected by law, - ○ are punishable by arrest for a term of three to six months, or restraint of liberty for a term of three to five years, or imprisonment for the same term. Note. Significant damage in this article, if it is to inflict material damages, is considered such damage, which is one hundred times more than the taxable minimum income of citizens: https://urist-ua.net/.
28 Criminal sanctions in the state of Delaware ● A person who wrongfully discloses individually identifiable health information to another person shall be subject to a fine up to $50,000 and/or imprisonment of up to 1 year. ● If the disclosure is committed under false pretenses, the penalties are increased to a fine of up to $100,000 and/or imprisonment up to 5 years. ● "If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm," a fine of up to $250,000 and/or imprisonment up to 10 years may be imposed. 42 U.S.C. § 1320d-6. Note. HIPAA's privacy provisions do not preempt Delaware state confidentiality laws; indeed, the HIPAA regulations will preempt only more lenient state privacy laws: http://www.potteranderson.com/newsroom- publications-115.html.
29 What next 1. Every new Diversido employee/ contractor will be trained for HIPAA Awareness. 2. All Diversido employees/ contractors will be retrained for HIPAA annually. 3. HIPAA covered projects must be audited for HIPAA compliance after every milestone completion.
30 Be good ;) Thank You!

Recommended

JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009Raj Goel
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 

Recommended

JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009Raj Goel
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
Right to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideRight to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideOECD Governance
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...Charlie
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited
 
Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)sabrangsabrang
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.Nachman Phulwani Zimovcak (NPZ) Law Group, P.C.
 
Strategic roadmap
Strategic roadmapStrategic roadmap
Strategic roadmapnicfs
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13University of North Alabama - Academic Affairs
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 

More Related Content

What's hot

Right to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideRight to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideOECD Governance
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...Charlie
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited
 
Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)sabrangsabrang
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
Strategic roadmap
Strategic roadmapStrategic roadmap
Strategic roadmapnicfs
 

What's hot (20)

The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
Right to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideRight to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' Guide
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31
 
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperatives
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
 
Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.
 
Strategic roadmap
Strategic roadmapStrategic roadmap
Strategic roadmap
 

Similar to Hipaa training in diversido

Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowNetwork 1 Consulting
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law TestSachiko Hurst
 
Into the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health PracticeInto the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health PracticeSpectrum Health System
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 
HIPAA presentation GAHU v7
HIPAA presentation GAHU v7HIPAA presentation GAHU v7
HIPAA presentation GAHU v7Jason Karn
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa trainingGina Ruggiero
 
Updated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy RuleUpdated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy RuleJames Pekarek
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
CHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptxCHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptxfarewelldump
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc
 

Similar to Hipaa training in diversido (20)

UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
 
Into the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health PracticeInto the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health Practice
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility mode
 
HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ?
 
HIPAA presentation GAHU v7
HIPAA presentation GAHU v7HIPAA presentation GAHU v7
HIPAA presentation GAHU v7
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa training
 
Updated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy RuleUpdated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy Rule
 
Patient privacy
Patient privacyPatient privacy
Patient privacy
 
Basic HIPAA Training by CMU
Basic HIPAA Training by CMUBasic HIPAA Training by CMU
Basic HIPAA Training by CMU
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
CHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptxCHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptx
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
 

More from Diversido

Introduction to material design
Introduction to material designIntroduction to material design
Introduction to material designDiversido
 
Documents and formatting
Documents and formattingDocuments and formatting
Documents and formattingDiversido
 
Essential soft skills
Essential soft skillsEssential soft skills
Essential soft skillsDiversido
 
Health and fitness frameworks
Health and fitness frameworksHealth and fitness frameworks
Health and fitness frameworksDiversido
 

More from Diversido (6)

Introduction to material design
Introduction to material designIntroduction to material design
Introduction to material design
 
Documents and formatting
Documents and formattingDocuments and formatting
Documents and formatting
 
How To VIM
How To VIMHow To VIM
How To VIM
 
Essential soft skills
Essential soft skillsEssential soft skills
Essential soft skills
 
Health and fitness frameworks
Health and fitness frameworksHealth and fitness frameworks
Health and fitness frameworks
 
Fiddler
FiddlerFiddler
Fiddler
 

Recently uploaded

Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...delhimodelshub1
 
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service HyderabadCall Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girls Service Gurgaon
 
Call Girls Gurgaon Parul 9711199012 Independent Escort Service Gurgaon
Call Girls Gurgaon Parul 9711199012 Independent Escort Service GurgaonCall Girls Gurgaon Parul 9711199012 Independent Escort Service Gurgaon
Call Girls Gurgaon Parul 9711199012 Independent Escort Service GurgaonCall Girls Service Gurgaon
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...ggsonu500
 
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...soniya singh
 
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in LucknowRussian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknowgragteena
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Call Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any TimeCall Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any Timedelhimodelshub1
 
Leading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsLeading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsHelenBevan4
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...Vip call girls In Chandigarh
 
Russian Call Girls in Raipur 9873940964 Book Hot And Sexy Girls
Russian Call Girls in Raipur 9873940964 Book Hot And Sexy GirlsRussian Call Girls in Raipur 9873940964 Book Hot And Sexy Girls
Russian Call Girls in Raipur 9873940964 Book Hot And Sexy Girlsddev2574
 
Call Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service Mohali
Call Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service MohaliCall Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service Mohali
Call Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service MohaliHigh Profile Call Girls Chandigarh Aarushi
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949ps5894268
 
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana TulsiHigh Profile Call Girls Chandigarh Aarushi
 
Basics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxBasics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxAyush Gupta
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 

Recently uploaded (20)

Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
 
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service HyderabadCall Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
 
Call Girls Gurgaon Parul 9711199012 Independent Escort Service Gurgaon
Call Girls Gurgaon Parul 9711199012 Independent Escort Service GurgaonCall Girls Gurgaon Parul 9711199012 Independent Escort Service Gurgaon
Call Girls Gurgaon Parul 9711199012 Independent Escort Service Gurgaon
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
 
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
 
Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 90 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
 
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
 
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in LucknowRussian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
 
Call Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any TimeCall Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any Time
 
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service LucknowVIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
 
Leading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsLeading transformational change: inner and outer skills
Leading transformational change: inner and outer skills
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
 
Russian Call Girls in Raipur 9873940964 Book Hot And Sexy Girls
Russian Call Girls in Raipur 9873940964 Book Hot And Sexy GirlsRussian Call Girls in Raipur 9873940964 Book Hot And Sexy Girls
Russian Call Girls in Raipur 9873940964 Book Hot And Sexy Girls
 
Call Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service Mohali
Call Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service MohaliCall Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service Mohali
Call Girls in Mohali Surbhi ❤️🍑 9907093804 👄🫦 Independent Escort Service Mohali
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949
 
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
 
Basics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxBasics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptx
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
 

Hipaa training in diversido

  • 2. 2 Every Diversido employee/contractor must know: 1. What is HIPAA 2. What information is protected by HIPAA 3. What violations of HIPAA can be 4. What sanctions will be applied to violators 5. What document must be signed under the HIPAA
  • 3. HIPAA - 3 Health Insurance Portability and Accountability Act, a federal law of USA, 1996. HIPAA Definitions
  • 4. 4 Purpose of HIPAA: ● to modernize the flow of healthcare information, ● to protect from fraud and theft Personally Identifiable Information maintained by the healthcare and healthcare insurance industries, ● administrative simplification for electronic health care transactions - code sets, unique health identifiers. HIPAA includes HIPAA Privacy rule and HIPAA Security rule.
  • 5. HIPAA Privacy rule 5 focuses on protections for PHI (Protected Health Information) from a people standpoint using training, contracts, policies and procedures, etc.
  • 6. HIPAA Security rule 6 focuses on protections specifically for ePHI (electronic protected health information). It is a federal minimum floor of information technology standards and protections (firewalls, password policies, antivirus, encryption, etc.)
  • 7. 7 The Security rule applies only to ePHI, while the Privacy Rule applies to PHI which may be in electronic, oral, and paper form.
  • 8. Personally Identifiable Information (PII) 8 any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources (name, fingerprints, email, telephone, social security number)
  • 9. Protected Health Information (PHI) 9 Individually Identifiable Health Information that is transmitted and maintained in electronic media or in any other form or medium.
  • 10. Individually Identifiable Health Information (IIHI) 10 information that is a subset of health information, including demographic information
  • 11. 11 Individually Identifiable Health Information (1/4) ● Contains identifiers of the patient, relatives, employers, or household members such as the following: ○ Names. ○ Geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code (except for the initial 3 digits of a zip code if, according to the current publicly available data from the Bureaus of the Census all zip codes with the same 3 initial digits contains more than 20,000 people) … next slide
  • 12. 12 Individually Identifiable Health Information (2/4) ○ All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, date of death, all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. ○ Telephone numbers. ○ Fax numbers. ○ Email addresses. ○ Social security numbers. ○ Medical record numbers. … next slide
  • 13. 13 Individually Identifiable Health Information (3/4) ○ Health plan beneficiary numbers. ○ Account numbers. ○ Certificate/license numbers. ○ Vehicle identifiers and serial numbers, including license plate numbers. ○ Device identifiers and serial numbers. ○ Biometric identifiers, including finger and voice prints. ○ Full face photographic images and any comparable images. ○ Any other unique identifying number, characteristic, or code.
  • 14. 14 Individually Identifiable Health Information (4/4) ● Is created or received by a health care provider, health plan, employer, or health care clearinghouse. ● Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. ● That identifies the individual. ● With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
  • 15. 15 Business Associate Agreement legal document under HIPAA legally attest to the client providing PHI that covered entity is HIPAA compliant and agrees to abide by HIPAA. After signing the contract, covered entity is under the legal fines and penalties of HIPAA.
  • 16. HIPAA - funny training video 16
  • 17. 17 HIPAA in Diversido ● HIPAA Privacy Policy - Diversido: http://bit.ly/37XNLw6 ● HIPAA Security Policy - Diversido: http://bit.ly/2LiX0gA ● HIPAA Sanction Policy - Diversido: http://bit.ly/382Xrp2 ● HIPAA Compliance - Audit checklist: http://bit.ly/2Rgvd4c (is applicable to a project and a company)
  • 18. 18 HIPAA in Diversido The main principles of work with HIPAA covered projects: 1. Role-based access to PHI 2.Increased security requirements to production 3.Responsibility to report known HIPAA risks or violations
  • 19. 19 HIPAA in Diversido Recommendations for employees/ contractors: 1. Don’t copy any ePHI to the personal computer. 2. Use a password protection for personal computer access. 3. Don’t share Diversido testing devices with third parties. 4. Activate Windows Defender on personal computer (for Windows users). 5. Use Bitwarden for passwords management: http://bit.ly/2qeVrZN. 6. All access information must be removed from workstations after the work on the project completion. 7. Computer hard drives and device memory are recommended to be removed without the ability to recover information before selling or transferring their used workstations for recycling.
  • 20. Offenses Gradation and Sanctions Application 20 According to HIPAA Sanction Policy in Diversido there are three levels of violations that require progressive sanctions to be applied. Depending on the seriousness of the violation, level 3 is the most serious.
  • 21. 21 Level 1: Unintentional breach caused by lack of knowledge, of judgment, human error or carelessness ● Accessing information that you do not need to know to do your job. ● Sharing PHI with another employee without authorization. ● Copying PHI without authorization. ● Changing PHI without authorization. ● Discussing confidential information in a public area or in an area where the public could overhear the conversation. ● Discussing confidential information with an unauthorized person. ● Leaving your computer unattended while you are logged into a PHI system. ● Failure to cooperate with the privacy officer. ● Misdirecting a document containing PHI (email, fax, etc).
  • 22. 22 Level 1: Sanctions may include, but are not limited to: ● Written and verbal reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how it impacts the said employee and said employee’s department. ● Retraining on the proper use of internal forms and HIPAA required forms.
  • 23. 23 Level 2: Deliberate or purposeful violation without harmful intent and effects ● The second offense of any level 1 offense (does not have to be the same offense). ● Sharing your personal access codes (username & password). ● Using another person’s personal access codes (username & password). ● Unauthorized use or disclosure of PHI to third parties. ● Failure to comply with policies and procedures already in place. ● Failure to comply with a team resolution or recommendation. ● Accessing the information of high profile people or celebrities.
  • 24. 24 Level 2: Sanctions may include, but are not limited to: ● Verbal and written reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how they impact the said employee/contractor and said department. ● Retraining on the proper use of internal forms and HIPAA required forms. ● Termination of employment.
  • 25. 25 Level 3: Deliberate unauthorized disclosure of PHI for malice or personal gain with harmful effects ● The third offense of any level 1 offense (does not have to be the same offense). ● The second offense of any level 2 offense (does not have to be the same offense). ● Obtaining PHI under false pretenses. ● Using and/or disclosing PHI for commercial advantage, personal gain or malicious harm. ● Deliberately destroying or altering records with intent of defrauding.
  • 26. 26 Level 3: Sanctions may include, but are not limited to: ● Termination of employment. ● A fine in the amount of monthly salary (non-payment of wages). ● Civil penalties as provided under HIPAA or other applicable. Federal/State/Local law; or, ● Criminal penalties as provided under HIPAA or other applicable Federal/State/Local law.
  • 27. 27 Criminal sanctions in Ukraine ● Unlawful collection, storage, use, destruction, dissemination of confidential information about a person or unlawful alteration of such information, except in cases provided by other articles of this Code, - ○ are punishable by a fine of five hundred to one thousand non-taxable minimum incomes, or correctional labor for a term up to two years, or arrest for a term up to six months, or restraint of liberty for a term up to three years. ● If the same actions are taken repeatedly, or if they caused significant harm to the rights, freedoms and interests of a person protected by law, - ○ are punishable by arrest for a term of three to six months, or restraint of liberty for a term of three to five years, or imprisonment for the same term. Note. Significant damage in this article, if it is to inflict material damages, is considered such damage, which is one hundred times more than the taxable minimum income of citizens: https://urist-ua.net/.
  • 28. 28 Criminal sanctions in the state of Delaware ● A person who wrongfully discloses individually identifiable health information to another person shall be subject to a fine up to $50,000 and/or imprisonment of up to 1 year. ● If the disclosure is committed under false pretenses, the penalties are increased to a fine of up to $100,000 and/or imprisonment up to 5 years. ● "If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm," a fine of up to $250,000 and/or imprisonment up to 10 years may be imposed. 42 U.S.C. § 1320d-6. Note. HIPAA's privacy provisions do not preempt Delaware state confidentiality laws; indeed, the HIPAA regulations will preempt only more lenient state privacy laws: http://www.potteranderson.com/newsroom- publications-115.html.
  • 29. 29 What next 1. Every new Diversido employee/ contractor will be trained for HIPAA Awareness. 2. All Diversido employees/ contractors will be retrained for HIPAA annually. 3. HIPAA covered projects must be audited for HIPAA compliance after every milestone completion.