SlideShare una empresa de Scribd logo

HIPAA and HITECH : What you need to know

Shred-it
Shred-it

This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.

TecnologíaEmpresariales
1 de 25
Descargar para leer sin conexión
HIPAA and HITECH What You Need to Know
Today's Presenters Andrew Lenardon, Director of National Accounts Indirect Solutions for North America at Shred-it Andrew Lenardon is the Director of National Accounts Indirect Solutions for North America at Shred-it International,Inc., where he brings over 15 years of sales and leadership experience. In his role, Lenardon leads a team of professionals in helping Healthcare and Enterprise client improve the security of how they handle confidential records and identify wasteful spending that can be shifted to priorities such as information security, compliance efforts and business efficiency. Lenardon has worked at Shred-it since 2006. A graduate from McMaster University, Lenardon holds a B.Sc. in Biochemistry and currently resides in Toronto, Canada. Chris Sheehan, Compliance Agent, Providence, Rhode Island Chris has a combined 17 years of experience in the Records Management & Information Security industries. In the past he has served on the Board of Directors and Vice President for ARMA (Association for Records Managers & Administrators). For the last five years Chris has worked with the Federal & State governments in implementing policies to assist with the prevention of Fraud and the protection of Identity. Certified in Mass Law with regard to Mass Reg 201 CMR 17:00 Chris conducts Compliance Training for clients and assists with developing their Written Information Security Plan (WISP). Chris conducts Information Sessions for a number of Colleges and Universities to future educate Administrators, faculty and the student body on information security and sustainability for saving the Environment. David Pinter, National Accounts Executive David began his career at Shred-it over 12 years ago. He has been assisting healthcare organizations with their compliance and document security efforts since 2003 when HIPAA was first launched. David is a member of Shred-it’s National Accounts Healthcare Team where he provides new business development support and consulting activities for customers in the Healthcare and Group Purchase Organization spaces. 2
Protecting Patient Privacy – how important is it? 3
What is HIPAA? • Health Insurance Portability and Accountability Act (HIPAA) HIPAA requires health care organizations to have and maintain safeguards to prevent intentional or unintentional use or disclosure of protected health information. • The Federal law that requires health care organizations to, “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” • Specifically, the management of private information is detailed through the Privacy Rule and the Security Rule. Both rules are designed to protect an individual’s private and confidential information by standardizing the rules for how it is used, handled, stored, etc. 4
What is HITECH? • The Health Information Technology for Economic and Clinical Health (HITECH) Act includes rules that impact organizations that operate within HIPAA legislation. • It is in direct relation to HIPAA because it imposes standards on medical and healthcare organizations (business associates) in addition to those that are imposed by HIPAA (CE’s). It was part of the Reinvestment Act of 2009. • This act requires that all organizations in the medical field apply “meaningful use” of technology that demonstrates security efforts. This ensures that the confidentiality, integrity and availability of protected data is not compromised. 5
Major Changes Brought on by HITECH Since 2009 •Enforcement has become more proactive; meaning there are more penalties for smaller breaches and more parties. •Data that falls under the scope of protection is now grown to include other personal information beyond EPHI. •Stricter audits are now in practice. •Every consumer now has a right to own a copy of their PHI without paying a fee. •Business Associates are now required to comply with this act, not just Covered Entities. •There are now more restrictions on the use of protected health information for marketing purposes. 6
Key Terms • PHI and EPHI • Covered Entity and Business Associate • Security Rule and Privacy Rule • Common Control • Willful Neglect 7
PHI and EPHI PHI: Protected Health Information EPHI: PHI that has been converted in some way to electronic media 8
What is Considered PHI? • Medical records • Diagnosis of a certain condition • Procedure codes on claim forms • Claims data or information • Explanation of Benefits (EOB) • Pre-authorization forms • Crime reports • Coordination of benefit forms • Enrolment information and forms • Election forms • Reimbursement request forms • Records indicating payment • Claims denial and appeal information 9
Covered Entity and Business Associate Covered Entities (CE’s) include health care providers, health care clearinghouses, and health plans that electronically store, process or transmit electronic protected information (EPHI). Business Associates (BA’s) are parties that include any person or group that provides or facilitates for a covered entity in some way. 10
Privacy Rule & Security Rule • The Privacy Rule • Establishes national standards to protect individuals’ medical records and other personal health information • Applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically • Requires appropriate safeguards to protect the privacy of personal health information • Sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization • Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections • The Security Rule • Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity • Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information 11
What is Common Control? •A situation where a covered entity has indirect or direct power or influence over another entity’s actions or policies. •It places the onus on the CE to ensure that the outside BA they contracted is taking the necessary safe guards and actions to protect the PHI of individuals. 12
What is Willful Neglect? • Defined as “A tendency to be negligent and uncaring” • In the context of HIPAA and HITECH the terms differs from case to case. • With regards to the health care industry, willful neglect is a failure to comply or perform certain necessary tasks that is either intentional or conscious. • HITECH brought in harsher penalties for willful neglect. 13
How do organizations and individuals comply? • Companies should explore the requirements of HIPAA Privacy and Security Rules. • Health care organizations must implement policies and procedures related to accessing information. • Business associates must adopt HIPAA-compliant practices. 14
Why is compliance important? Patient privacy is very important and people have the expectation that health care organizations keep their information secure and private. They expect that their information will be safe from breaches. Not only is compliance important for the patient’s sake, but for the company’s own interests as well. Not only is your reputation at risk of being damaged, but cases of willful neglect in HITECH can be vulnerable to a penalty of AT LEAST $50,000.00 per violation for a total of $1.5 million in a calendar year. Compliance is important on many levels regardless of the circumstances. 15
What happens if you don’t comply? There are different penalties put into place by HIPAA and HITECH depending on the circumstances and situation. Since HITECH came into the picture in 2009, the penalties have become harsher and less forgiving. 16
Security Breach A major insurance coverer in Tennessee had a massive breach in 2009 which affected over 1 million people. They settled in court as of this year with a settlement of $1.5 million •It involved the theft of 57 unencrypted computer hard-drives On those hard-drives were: •Members names •Social Security Numbers •Diagnosis Codes •Date of birth’s •Health plan ID numbers •The investigation showed a lack of and failure of implementation of an appropriate safe guards for information. Not only digital but physical safe guards are required by HIPAA/HITECH and were missing in this situation. •The Company spent almost $17 million attempting to rectify the situation 17
What are the Penalties? 18
If a person… They will be fined… Or face Imprisonment of… Causes, uses or Up to $50,000.00 1 Year obtains individually identifiable information Commits an offense Up to $100,000.00 5 Years under false pretences If a person Commits Up to $250,000.00 10 Years an offense with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm. 19
What are some ways that you can avoid a violation or a breach? Here are Some Tips for Best Practice… 20
Best Practices Stay informed Learn about HIPAA and HITECH and other privacy laws that impact your organization, and how to stay compliant. Establish a security Document the flow of confidential plan information in your workplace, and make sure that you have formal security policies in place. Educate and enforce Train your employees to understand and follow your information security policies. Update staff on a regular basis and post your policy and guidelines as frequent reminders. 21
Best Practices Limit access Only authorized personnel should handle confidential documents. Create a retention Determine which documents you must policy keep and for how long. Clearly mark a destruction date on all records in storage. Eliminate risk Introduce a Shred-All policy for all documents that are no longer needed, so that your employees do not have to decide what is – or isn’t – confidential. Secure destruction Partner with a knowledgeable industry leader that specializes in secure information destruction. 22
Who is Shred-it? • Shred-it specializes in providing a tailored information destruction service that allows businesses to comply with legislation and ensure that the client, employee and confidential business information is kept secure at all times. • Through our strict chain-of-custody processes, reliable on-time service and a global network of local service centers, Shred-it provides the most secure and efficient confidential information destruction service in the industry. 23
QUESTIONS? 24
Where can you find more information? Sources http://resource.shredit.com/LegislativeFactSheets http://www.healthcareinfosecurity.com/ http://www.hipaasurvivalguide.com/ http://www.hhs.gov/ http://www.datamountain.com/resources/hipaa- hitech-compliance/hipaa-hitech-faq/ 25

Recomendados

Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Lyndon Godsall
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 

Recomendados

Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Lyndon Godsall
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 
Electronic Medical Record
Electronic Medical RecordElectronic Medical Record
Electronic Medical RecordTricia Gervacio
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Hippa
HippaHippa
Hippacameonicole
 
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...Quinnipiac University
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
Hitech Act
Hitech ActHitech Act
Hitech ActISACA New England
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Electronic health record
Electronic health recordElectronic health record
Electronic health recordPS Deb
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationplunkk
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical recordFrank James
 
Emr presentation
Emr presentationEmr presentation
Emr presentationChris Oyibe
 
information technology in healthcare
information technology in healthcareinformation technology in healthcare
information technology in healthcareSamiksha Parab
 
What Are Electronic Health Records (EHRs)?
What Are Electronic Health Records (EHRs)?What Are Electronic Health Records (EHRs)?
What Are Electronic Health Records (EHRs)?Practice Fusion
 
EHR Chapter 1
EHR Chapter 1EHR Chapter 1
EHR Chapter 1cindynivens
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsJocelyn Garcia
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 

Más contenido relacionado

La actualidad más candente

Electronic Medical Record
Electronic Medical RecordElectronic Medical Record
Electronic Medical RecordTricia Gervacio
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...Quinnipiac University
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Electronic health record
Electronic health recordElectronic health record
Electronic health recordPS Deb
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationplunkk
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical recordFrank James
 
Emr presentation
Emr presentationEmr presentation
Emr presentationChris Oyibe
 
information technology in healthcare
information technology in healthcareinformation technology in healthcare
information technology in healthcareSamiksha Parab
 
What Are Electronic Health Records (EHRs)?
What Are Electronic Health Records (EHRs)?What Are Electronic Health Records (EHRs)?
What Are Electronic Health Records (EHRs)?Practice Fusion
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsJocelyn Garcia
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 

La actualidad más candente (20)

Electronic Medical Record
Electronic Medical RecordElectronic Medical Record
Electronic Medical Record
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
Hippa
HippaHippa
Hippa
 
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
HIPAA's Title II- Administrative Simplification Rules: The Three Basic Rules ...
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentiality
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentation
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical record
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
 
information technology in healthcare
information technology in healthcareinformation technology in healthcare
information technology in healthcare
 
What Are Electronic Health Records (EHRs)?
What Are Electronic Health Records (EHRs)?What Are Electronic Health Records (EHRs)?
What Are Electronic Health Records (EHRs)?
 
EHR Chapter 1
EHR Chapter 1EHR Chapter 1
EHR Chapter 1
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability Act
 
HIPAA
HIPAAHIPAA
HIPAA
 

Similar a HIPAA and HITECH : What you need to know

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersLawgical
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentialityjessie66
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptxQmcleod
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptxQmcleod
 
Hipaa.ppt3
Hipaa.ppt3Hipaa.ppt3
Hipaa.ppt3akwei2
 
Hipaa.ppt5
Hipaa.ppt5Hipaa.ppt5
Hipaa.ppt5akwei2
 
Hipaa.ppt4
Hipaa.ppt4Hipaa.ppt4
Hipaa.ppt4akwei2
 
Hipaa.ppt6
Hipaa.ppt6Hipaa.ppt6
Hipaa.ppt6akwei2
 

Similar a HIPAA and HITECH : What you need to know (20)

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process Servers
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
Hipaa.ppt3
Hipaa.ppt3Hipaa.ppt3
Hipaa.ppt3
 
Hipaa.ppt5
Hipaa.ppt5Hipaa.ppt5
Hipaa.ppt5
 
Hipaa.ppt4
Hipaa.ppt4Hipaa.ppt4
Hipaa.ppt4
 
Hipaa.ppt6
Hipaa.ppt6Hipaa.ppt6
Hipaa.ppt6
 

Más de Shred-it

Lifecycle of a Document
Lifecycle of a Document Lifecycle of a Document
Lifecycle of a Document Shred-it
 
Recycling Shredded Paper
Recycling Shredded PaperRecycling Shredded Paper
Recycling Shredded PaperShred-it
 
Security Tracker 2012 - U.S.
Security Tracker 2012 - U.S.Security Tracker 2012 - U.S.
Security Tracker 2012 - U.S.Shred-it
 
Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...
Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...
Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...Shred-it
 
50 Security Tips – Part 2
50 Security Tips – Part 250 Security Tips – Part 2
50 Security Tips – Part 2Shred-it
 
50 Security Tips – Part 1
50 Security Tips – Part 1 50 Security Tips – Part 1
50 Security Tips – Part 1 Shred-it
 
Your Employees and Information Security
Your Employees and Information SecurityYour Employees and Information Security
Your Employees and Information SecurityShred-it
 

Más de Shred-it (7)

Lifecycle of a Document
Lifecycle of a Document Lifecycle of a Document
Lifecycle of a Document
 
Recycling Shredded Paper
Recycling Shredded PaperRecycling Shredded Paper
Recycling Shredded Paper
 
Security Tracker 2012 - U.S.
Security Tracker 2012 - U.S.Security Tracker 2012 - U.S.
Security Tracker 2012 - U.S.
 
Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...
Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...
Every Workplace Needs to Reduce Risk of Data Breaches – Including Government ...
 
50 Security Tips – Part 2
50 Security Tips – Part 250 Security Tips – Part 2
50 Security Tips – Part 2
 
50 Security Tips – Part 1
50 Security Tips – Part 1 50 Security Tips – Part 1
50 Security Tips – Part 1
 
Your Employees and Information Security
Your Employees and Information SecurityYour Employees and Information Security
Your Employees and Information Security
 

Último

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Último (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

HIPAA and HITECH : What you need to know

  • 1. HIPAA and HITECH What You Need to Know
  • 2. Today's Presenters Andrew Lenardon, Director of National Accounts Indirect Solutions for North America at Shred-it Andrew Lenardon is the Director of National Accounts Indirect Solutions for North America at Shred-it International,Inc., where he brings over 15 years of sales and leadership experience. In his role, Lenardon leads a team of professionals in helping Healthcare and Enterprise client improve the security of how they handle confidential records and identify wasteful spending that can be shifted to priorities such as information security, compliance efforts and business efficiency. Lenardon has worked at Shred-it since 2006. A graduate from McMaster University, Lenardon holds a B.Sc. in Biochemistry and currently resides in Toronto, Canada. Chris Sheehan, Compliance Agent, Providence, Rhode Island Chris has a combined 17 years of experience in the Records Management & Information Security industries. In the past he has served on the Board of Directors and Vice President for ARMA (Association for Records Managers & Administrators). For the last five years Chris has worked with the Federal & State governments in implementing policies to assist with the prevention of Fraud and the protection of Identity. Certified in Mass Law with regard to Mass Reg 201 CMR 17:00 Chris conducts Compliance Training for clients and assists with developing their Written Information Security Plan (WISP). Chris conducts Information Sessions for a number of Colleges and Universities to future educate Administrators, faculty and the student body on information security and sustainability for saving the Environment. David Pinter, National Accounts Executive David began his career at Shred-it over 12 years ago. He has been assisting healthcare organizations with their compliance and document security efforts since 2003 when HIPAA was first launched. David is a member of Shred-it’s National Accounts Healthcare Team where he provides new business development support and consulting activities for customers in the Healthcare and Group Purchase Organization spaces. 2
  • 3. Protecting Patient Privacy – how important is it? 3
  • 4. What is HIPAA? • Health Insurance Portability and Accountability Act (HIPAA) HIPAA requires health care organizations to have and maintain safeguards to prevent intentional or unintentional use or disclosure of protected health information. • The Federal law that requires health care organizations to, “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” • Specifically, the management of private information is detailed through the Privacy Rule and the Security Rule. Both rules are designed to protect an individual’s private and confidential information by standardizing the rules for how it is used, handled, stored, etc. 4
  • 5. What is HITECH? • The Health Information Technology for Economic and Clinical Health (HITECH) Act includes rules that impact organizations that operate within HIPAA legislation. • It is in direct relation to HIPAA because it imposes standards on medical and healthcare organizations (business associates) in addition to those that are imposed by HIPAA (CE’s). It was part of the Reinvestment Act of 2009. • This act requires that all organizations in the medical field apply “meaningful use” of technology that demonstrates security efforts. This ensures that the confidentiality, integrity and availability of protected data is not compromised. 5
  • 6. Major Changes Brought on by HITECH Since 2009 •Enforcement has become more proactive; meaning there are more penalties for smaller breaches and more parties. •Data that falls under the scope of protection is now grown to include other personal information beyond EPHI. •Stricter audits are now in practice. •Every consumer now has a right to own a copy of their PHI without paying a fee. •Business Associates are now required to comply with this act, not just Covered Entities. •There are now more restrictions on the use of protected health information for marketing purposes. 6
  • 7. Key Terms • PHI and EPHI • Covered Entity and Business Associate • Security Rule and Privacy Rule • Common Control • Willful Neglect 7
  • 8. PHI and EPHI PHI: Protected Health Information EPHI: PHI that has been converted in some way to electronic media 8
  • 9. What is Considered PHI? • Medical records • Diagnosis of a certain condition • Procedure codes on claim forms • Claims data or information • Explanation of Benefits (EOB) • Pre-authorization forms • Crime reports • Coordination of benefit forms • Enrolment information and forms • Election forms • Reimbursement request forms • Records indicating payment • Claims denial and appeal information 9
  • 10. Covered Entity and Business Associate Covered Entities (CE’s) include health care providers, health care clearinghouses, and health plans that electronically store, process or transmit electronic protected information (EPHI). Business Associates (BA’s) are parties that include any person or group that provides or facilitates for a covered entity in some way. 10
  • 11. Privacy Rule & Security Rule • The Privacy Rule • Establishes national standards to protect individuals’ medical records and other personal health information • Applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically • Requires appropriate safeguards to protect the privacy of personal health information • Sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization • Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections • The Security Rule • Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity • Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information 11
  • 12. What is Common Control? •A situation where a covered entity has indirect or direct power or influence over another entity’s actions or policies. •It places the onus on the CE to ensure that the outside BA they contracted is taking the necessary safe guards and actions to protect the PHI of individuals. 12
  • 13. What is Willful Neglect? • Defined as “A tendency to be negligent and uncaring” • In the context of HIPAA and HITECH the terms differs from case to case. • With regards to the health care industry, willful neglect is a failure to comply or perform certain necessary tasks that is either intentional or conscious. • HITECH brought in harsher penalties for willful neglect. 13
  • 14. How do organizations and individuals comply? • Companies should explore the requirements of HIPAA Privacy and Security Rules. • Health care organizations must implement policies and procedures related to accessing information. • Business associates must adopt HIPAA-compliant practices. 14
  • 15. Why is compliance important? Patient privacy is very important and people have the expectation that health care organizations keep their information secure and private. They expect that their information will be safe from breaches. Not only is compliance important for the patient’s sake, but for the company’s own interests as well. Not only is your reputation at risk of being damaged, but cases of willful neglect in HITECH can be vulnerable to a penalty of AT LEAST $50,000.00 per violation for a total of $1.5 million in a calendar year. Compliance is important on many levels regardless of the circumstances. 15
  • 16. What happens if you don’t comply? There are different penalties put into place by HIPAA and HITECH depending on the circumstances and situation. Since HITECH came into the picture in 2009, the penalties have become harsher and less forgiving. 16
  • 17. Security Breach A major insurance coverer in Tennessee had a massive breach in 2009 which affected over 1 million people. They settled in court as of this year with a settlement of $1.5 million •It involved the theft of 57 unencrypted computer hard-drives On those hard-drives were: •Members names •Social Security Numbers •Diagnosis Codes •Date of birth’s •Health plan ID numbers •The investigation showed a lack of and failure of implementation of an appropriate safe guards for information. Not only digital but physical safe guards are required by HIPAA/HITECH and were missing in this situation. •The Company spent almost $17 million attempting to rectify the situation 17
  • 18. What are the Penalties? 18
  • 19. If a person… They will be fined… Or face Imprisonment of… Causes, uses or Up to $50,000.00 1 Year obtains individually identifiable information Commits an offense Up to $100,000.00 5 Years under false pretences If a person Commits Up to $250,000.00 10 Years an offense with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm. 19
  • 20. What are some ways that you can avoid a violation or a breach? Here are Some Tips for Best Practice… 20
  • 21. Best Practices Stay informed Learn about HIPAA and HITECH and other privacy laws that impact your organization, and how to stay compliant. Establish a security Document the flow of confidential plan information in your workplace, and make sure that you have formal security policies in place. Educate and enforce Train your employees to understand and follow your information security policies. Update staff on a regular basis and post your policy and guidelines as frequent reminders. 21
  • 22. Best Practices Limit access Only authorized personnel should handle confidential documents. Create a retention Determine which documents you must policy keep and for how long. Clearly mark a destruction date on all records in storage. Eliminate risk Introduce a Shred-All policy for all documents that are no longer needed, so that your employees do not have to decide what is – or isn’t – confidential. Secure destruction Partner with a knowledgeable industry leader that specializes in secure information destruction. 22
  • 23. Who is Shred-it? • Shred-it specializes in providing a tailored information destruction service that allows businesses to comply with legislation and ensure that the client, employee and confidential business information is kept secure at all times. • Through our strict chain-of-custody processes, reliable on-time service and a global network of local service centers, Shred-it provides the most secure and efficient confidential information destruction service in the industry. 23
  • 25. Where can you find more information? Sources http://resource.shredit.com/LegislativeFactSheets http://www.healthcareinfosecurity.com/ http://www.hipaasurvivalguide.com/ http://www.hhs.gov/ http://www.datamountain.com/resources/hipaa- hitech-compliance/hipaa-hitech-faq/ 25