SlideShare una empresa de Scribd logo

Brian Balow HIPAA Final Rule

Descargar como PPT, PDF
M
mihinpr

Connecting Michigan for Health 2013 http://mihin.org/

Salud y medicinaTecnología
1 de 25
No More Excuses: HHS Releases Tough Final HIPAA Privacy and Security Rules Brian R. Balow Dickinson Wright PLLC June 6, 2013
Overview  Released January 17, 2013  Effective March 26, 2013  Covered entities and business associates have 180 days beyond the effective date to come into compliance with most of the Final Rule’s provisions (September 23, 2013)
Rules to be Discussed  Privacy Rule  Security Rule  Breach Notification Rule  Enforcement Rule
Some General Matters  Patient Safety Organizations are now business associates  HIOs, E-Prescribing Gateways, and others that facilitate ePHI transmission can be business associates (if “access to PHI on routine basis” and not merely a conduit)  PHR vendors can be business associates if the PHR is offered on behalf of a covered entity
Some General Matters  Subcontractors to a covered entity can be business associates “to the extent that they require access to PHI.” Thus, covered entity must gain satisfactory assurances of compliance required by the Rules from its business associates, and business associates must obtain same from subcontractors  PHI “stored, whether intentionally or not, in photocopier, facsimile, and other devices is subject to the Privacy and Security Rules” Copyright 2013 Michigan Health Information Network 5
Privacy Rule  Uses and disclosures of patient information: • Genetic information (health plans as defined in HIPAA) • Sale of PHI • To health plan if services paid by patient • Marketing activities • Fundraising activities • Deceased persons • Immunization records to schools Copyright 2013 Michigan Health Information Network 6
Privacy Rule  Confirms a business associate’s direct liability for specific provisions of the Privacy Rule  Business associates not directly liable for other Privacy Rule provisions (e.g., providing a NPP) unless delegated to BA under a BAA  BA may use PHI for “proper management and administration of the BA and to provide data aggregation services to a covered entity”
Privacy Rule  A BA must enter into a BAA-style agreement with a subcontractor prior to disclosing PHI  Covered entities need no longer report uncured breach by a BA of its obligations under a BAA  A BA must attempt to cure a subcontractor’s breach of “satisfactory assurance” type obligations (parallel to a CE’s obligations vis-à-vis a BA) Copyright 2013 Michigan Health Information Network 8
Privacy Rule  Required changes to BAAs: • BA must comply where applicable with Security Rule re ePHI • BA must report breaches of unsecured PHI to CE • BA must flow down satisfactory assurance provisions to subcontractors • If Privacy Rule requirement delegated to BA, BA liable to CE if BA breaches pertinent Privacy Rule requirement (does not create direct BA liability, however)
Privacy Rule  BAA Amendments IF • Existing BAA in place prior to January 25, 2013, and is compliant with Privacy Rule as then in effect, and • Existing BAA is not renewed or modified between March 26 and September 23, 2013, THEN that BAA is deemed compliant until earlier of • Date on which BAA is renewed or modified after September 23, 2013, or • September 24, 2014 Copyright 2013 Michigan Health Information Network 10
Security Rule  Security Rule’s administrative, physical, and technical safeguard requirements, as well as the Rule’s policies and procedures and documentation requirements, apply to business associates in the same manner as they apply to covered entities, and BAs will be civilly and criminally liable for violations  It is the BA’s, and not the CE’s, obligation to obtain satisfactory assurances from a subcontractor regarding protection of ePHI  Allows that formerly required but duplicative BAA provisions are no longer required (i.e., those required under each of the Privacy Rule and the Security Rule)
Breach Notification Rule  Unsecured PHI • Secured PHI = Compliance with valid encryption processes for data at rest consistent with NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices, and with valid encryption processes for data in motion consistent with NIST Special Publications 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations; 800-77, Guide to IPsec VPNs; or 800-113, Guide to SSL VPNs, or others which are Federal Information Processing Standards (FIPS) 140-2 validated Copyright 2013 Michigan Health Information Network 12
Breach Notification Rule, Cont’d “Breach” 1. Impermissible use or disclosure of PHI is presumed to be a breach unless CE or BA can demonstrate “low probability” that PHI was “compromised” (move away from “risk of harm” standard) 2. CE or BA must conduct a risk assessment to determine if PHI was compromised
Breach Notification Rule, Cont’d Risk Assessment: 1. Nature and extent of PHI involved (including identifiers/likelihood of re-identification) 2. Consider the recipient (e.g., already under HIPAA obligation?) 3. Was PHI actually acquired or viewed 4. Extent to which risk has been mitigated
Breach Notification Rule, Cont’d Notification to Individuals  “Discovery”: When CE knew or by exercising reasonable diligence would have been known to any person other than the person committing the breach, who is a workforce member or agent of CE  Timeliness: w/o unreasonable delay, not more than 60 days post-discovery (law enforcement delay exception remains)  Content: • What happened, when, and when discovered • Description of compromised PHI • Steps individuals should take to mitigate effects • Steps CE is taking, plus contact information
Breach Notification Rule, Cont’d Notification to Media:  Unsecured PHI  500+ affected individuals of any one State  Within 60 days of discovery, max  “Prominent media outlet” (depends on the market)  Press release on a CE website does not meet this requirement
Breach Notification Rule, Cont’d  Notification to Secretary:  500+ affected individuals (anywhere): “immediate” (meaning at time individual notices are sent)  Less than 500, maintain log and report on HHS website annually, within 60 days of end of year  Notification by a Business Associate:  BA’s knowledge of breach is imputed to CE if the BA is an agent of the CE (meaning CE’s clock starts ticking when BA “discovers”  Otherwise, CE’s clock begins upon notice from BA
Enforcement Rule  Four civil money penalty tiers based on culpability:
Enforcement Rule, Cont’d  “Reasonable cause” (second tier) defined as “an act or omission in which a covered entity or business associate knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the covered entity or business associate did not act with willful neglect.”  Covered entities and business associates are now liable as principals for the acts of business associates (for CEs) or subcontractors (for BAs) acting as agents under Federal common law principles Copyright 2013 Michigan Health Information Network 19
Enforcement Rule, Cont’d  Bases for Penalty Determinations: 1. Nature and extent of violation 2. Nature and extent of harm 3. History of prior compliance 4. Financial condition of the CE or BA 5. Other matters “as justice requires”
To-Do List: All 1.Print pp. 491 – 562 of the Final Rule and put them in a binder 2.Read them in conjunction with existing HIPAA regulations (which should likewise be in a binder)
To Do List: Covered Entities 1. Update privacy policies (uses and disclosures of PHI) 2. Update compliance plan consistent with Breach Notification Rule changes 3. Examine BA relationships in light of agency liability issues 4. BAA review and revision (including amendments to existing BAAs) 5. Update notice of privacy practices and patient authorization form 6. (Seriously) consider encryption of ePHI if not already done 7. Conduct training 8. Use OCR resources
To Do List: Business Associates 1. Determine if you are a “business associate” (and if not be prepared to defend your case) 2. Evaluate your current operations for compliance with applicable Privacy Rule, Security Rule, and Breach Notification provisions 3. Ensure you have appropriate subcontracts in place and with proper content 4. Conduct training 5. Use OCR resources
Disclaimer This presentation is informational only. It does not constitute legal or professional advice. You are encouraged to consult with an attorney if you have specific questions relating to any of the topics covered in this presentation
Contact Information Brian R. Balow 248-433-7536 bbalow@dickinsonwright.com Thank you

Recomendados

Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
Colin Zick
 
Feds Launch Long-Awaited HIPAA Audits
Feds Launch Long-Awaited HIPAA AuditsFeds Launch Long-Awaited HIPAA Audits
Feds Launch Long-Awaited HIPAA Audits
Brian Dickerson
 
On ramp hipaa-omnibus-presentation
On ramp hipaa-omnibus-presentationOn ramp hipaa-omnibus-presentation
On ramp hipaa-omnibus-presentation
OnRampAccess
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...
Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...
Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...
Spencerallen
 
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
RightScale
 
HHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response ChecklistHHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response Checklist
Todd LaRue
 

Recomendados

Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
Colin Zick
 
Feds Launch Long-Awaited HIPAA Audits
Feds Launch Long-Awaited HIPAA AuditsFeds Launch Long-Awaited HIPAA Audits
Feds Launch Long-Awaited HIPAA Audits
Brian Dickerson
 
On ramp hipaa-omnibus-presentation
On ramp hipaa-omnibus-presentationOn ramp hipaa-omnibus-presentation
On ramp hipaa-omnibus-presentation
OnRampAccess
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...
Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...
Federal Registry Cites For New Requirements Of Hipaa Regarding Business Assoc...
Spencerallen
 
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
RightScale
 
HHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response ChecklistHHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response Checklist
Todd LaRue
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
Redspin, Inc.
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
learfield
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
Redspin, Inc.
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
Elizabeth Dimit
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Appsian
 
HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus Presentation
Compliancy Group
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
supportc2go
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
Knowledge Management Associates, LLC
 
Lawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt YouLawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt You
Oregon Law Practice Management
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare Guide
Wirehead Technology
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
Polsinelli PC
 
MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE
Milk663
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
Patton Boggs LLP
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
Compliancy Group
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
Jim Brashear
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
Jim Anfield
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security Update
GuardEra Access Solutions, Inc.
 
MiHIN Cyber-Security Panel Agenda
MiHIN Cyber-Security Panel AgendaMiHIN Cyber-Security Panel Agenda
MiHIN Cyber-Security Panel Agenda
mihinpr
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
mihinpr
 

Más contenido relacionado

La actualidad más candente

Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
learfield
 
HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus Presentation
Compliancy Group
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
supportc2go
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
Polsinelli PC
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
Patton Boggs LLP
 

La actualidad más candente (20)

HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft Systems
 
HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus Presentation
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
 
Lawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt YouLawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt You
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare Guide
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
 
MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security Update
 

Destacado

MiHIN Cyber-Security Panel Agenda
MiHIN Cyber-Security Panel AgendaMiHIN Cyber-Security Panel Agenda
MiHIN Cyber-Security Panel Agenda
mihinpr
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
mihinpr
 
Michigan HIE Model- Cynthia Edwards
Michigan HIE Model- Cynthia EdwardsMichigan HIE Model- Cynthia Edwards
Michigan HIE Model- Cynthia Edwards
mihinpr
 
HIE Day- JCMR Overview June 2012
HIE Day- JCMR Overview June 2012HIE Day- JCMR Overview June 2012
HIE Day- JCMR Overview June 2012
mihinpr
 
GLHIE Presentation June 19 2012
GLHIE Presentation June 19 2012GLHIE Presentation June 19 2012
GLHIE Presentation June 19 2012
mihinpr
 
MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15
MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15
MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15
mihinpr
 

Destacado (16)

MiHIN Cyber-Security Panel Agenda
MiHIN Cyber-Security Panel AgendaMiHIN Cyber-Security Panel Agenda
MiHIN Cyber-Security Panel Agenda
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Doug Dietzman National HIE Landscape
Doug Dietzman National HIE LandscapeDoug Dietzman National HIE Landscape
Doug Dietzman National HIE Landscape
 
Michigan HIE Model- Cynthia Edwards
Michigan HIE Model- Cynthia EdwardsMichigan HIE Model- Cynthia Edwards
Michigan HIE Model- Cynthia Edwards
 
HIE Day- JCMR Overview June 2012
HIE Day- JCMR Overview June 2012HIE Day- JCMR Overview June 2012
HIE Day- JCMR Overview June 2012
 
GLHIE Presentation June 19 2012
GLHIE Presentation June 19 2012GLHIE Presentation June 19 2012
GLHIE Presentation June 19 2012
 
MiHIN Direct Webinar for EHR Intelligence v10 11 12-14
MiHIN Direct Webinar for EHR Intelligence v10 11 12-14MiHIN Direct Webinar for EHR Intelligence v10 11 12-14
MiHIN Direct Webinar for EHR Intelligence v10 11 12-14
 
Panel: Achieving Interoperability Dr. John Loonsk & Janet King
Panel: Achieving Interoperability Dr. John Loonsk & Janet KingPanel: Achieving Interoperability Dr. John Loonsk & Janet King
Panel: Achieving Interoperability Dr. John Loonsk & Janet King
 
Health IT and Public Policy Issues Dr. Rich Hodge
Health IT and Public Policy Issues Dr. Rich HodgeHealth IT and Public Policy Issues Dr. Rich Hodge
Health IT and Public Policy Issues Dr. Rich Hodge
 
Dr. Charles Friedman Transcending HIE
Dr. Charles Friedman Transcending HIEDr. Charles Friedman Transcending HIE
Dr. Charles Friedman Transcending HIE
 
A Vision for Creating a Connected State Subra Sripada
A Vision for Creating a Connected State Subra SripadaA Vision for Creating a Connected State Subra Sripada
A Vision for Creating a Connected State Subra Sripada
 
MiHIN 101 Overview v4 04-08-15
MiHIN 101 Overview v4 04-08-15MiHIN 101 Overview v4 04-08-15
MiHIN 101 Overview v4 04-08-15
 
MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15
MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15
MiHIN Health Provider Directory Demo Slides with CQMRR v43 02 18-15
 
Connecting Patients, Providers and Payers John Halamka Keynote
Connecting Patients, Providers and Payers John Halamka KeynoteConnecting Patients, Providers and Payers John Halamka Keynote
Connecting Patients, Providers and Payers John Halamka Keynote
 
MiHIN Statewide Consumer Directory Overview - Direct Workgroup v4 03-09-15
MiHIN Statewide Consumer Directory Overview - Direct Workgroup v4 03-09-15MiHIN Statewide Consumer Directory Overview - Direct Workgroup v4 03-09-15
MiHIN Statewide Consumer Directory Overview - Direct Workgroup v4 03-09-15
 
A Consistent Nationwide Data Matching Strategy Donna Roach & Nancy Walker
A Consistent Nationwide Data Matching Strategy Donna Roach & Nancy WalkerA Consistent Nationwide Data Matching Strategy Donna Roach & Nancy Walker
A Consistent Nationwide Data Matching Strategy Donna Roach & Nancy Walker
 

Similar a Brian Balow HIPAA Final Rule

Business Associate Assessment, Agreement and Requirements
Business Associate Assessment, Agreement and RequirementsBusiness Associate Assessment, Agreement and Requirements
Business Associate Assessment, Agreement and Requirements
data brackets
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014
Samantha Haas
 
HIPAA Omnibus Rule: Critical Changes for Business Associates
HIPAA Omnibus Rule: Critical Changes for Business AssociatesHIPAA Omnibus Rule: Critical Changes for Business Associates
HIPAA Omnibus Rule: Critical Changes for Business Associates
Bridge Front
 
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
Tracie Thompson
 
HIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and DangersHIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and Dangers
Conference Panel
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
christinemaritza
 

Similar a Brian Balow HIPAA Final Rule (20)

Business Associate Assessment, Agreement and Requirements
Business Associate Assessment, Agreement and RequirementsBusiness Associate Assessment, Agreement and Requirements
Business Associate Assessment, Agreement and Requirements
 
HIPAA Security Rule application to Business Associates heats up
HIPAA Security Rule application to Business Associates heats upHIPAA Security Rule application to Business Associates heats up
HIPAA Security Rule application to Business Associates heats up
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014
 
HIPAA Omnibus Rule: Critical Changes for Business Associates
HIPAA Omnibus Rule: Critical Changes for Business AssociatesHIPAA Omnibus Rule: Critical Changes for Business Associates
HIPAA Omnibus Rule: Critical Changes for Business Associates
 
Hhs issues hipaa cyber attack response checklist
Hhs issues hipaa cyber attack response checklistHhs issues hipaa cyber attack response checklist
Hhs issues hipaa cyber attack response checklist
 
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
 
HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ?
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docx
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummies
 
2013 06-21 HIPPA omnibus rule
2013 06-21 HIPPA omnibus rule2013 06-21 HIPPA omnibus rule
2013 06-21 HIPPA omnibus rule
 
HIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and DangersHIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and Dangers
 
HiPAA info
HiPAA infoHiPAA info
HiPAA info
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
 
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
Confidentiality Issues Arising Under the ADA, FMLA, HIPAAConfidentiality Issues Arising Under the ADA, FMLA, HIPAA
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
 
Who Is A HIPAA Business Associate ?
Who Is A HIPAA Business Associate ?Who Is A HIPAA Business Associate ?
Who Is A HIPAA Business Associate ?
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HIPAA Rules and Action Steps for Compliance April 2013
HIPAA Rules and Action Steps for Compliance April 2013HIPAA Rules and Action Steps for Compliance April 2013
HIPAA Rules and Action Steps for Compliance April 2013
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations
 

Más de mihinpr

MiHIN Brief Overview
MiHIN Brief OverviewMiHIN Brief Overview
MiHIN Brief Overview
mihinpr
 
MIHIN HIE Presentation UPHIE
MIHIN HIE Presentation UPHIEMIHIN HIE Presentation UPHIE
MIHIN HIE Presentation UPHIE
mihinpr
 
SEMHIE Overview for MIHIN Sub-State HIE Panel
SEMHIE Overview for MIHIN Sub-State HIE PanelSEMHIE Overview for MIHIN Sub-State HIE Panel
SEMHIE Overview for MIHIN Sub-State HIE Panel
mihinpr
 

Más de mihinpr (12)

MiHIN ADT ONC Presentation v10 02-02-15
MiHIN ADT ONC Presentation v10 02-02-15MiHIN ADT ONC Presentation v10 02-02-15
MiHIN ADT ONC Presentation v10 02-02-15
 
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
 
Panel: Understanding Michigan's HIE Landscape
Panel: Understanding Michigan's HIE LandscapePanel: Understanding Michigan's HIE Landscape
Panel: Understanding Michigan's HIE Landscape
 
Panel Interstate and Other State HIE HIT
Panel Interstate and Other State HIE HITPanel Interstate and Other State HIE HIT
Panel Interstate and Other State HIE HIT
 
Panel: Transitions of Care and ADT (without Rachel Sherman)
Panel: Transitions of Care and ADT (without Rachel Sherman)Panel: Transitions of Care and ADT (without Rachel Sherman)
Panel: Transitions of Care and ADT (without Rachel Sherman)
 
State of Michigan HIE Update (without Tina Scott)
State of Michigan HIE Update (without Tina Scott)State of Michigan HIE Update (without Tina Scott)
State of Michigan HIE Update (without Tina Scott)
 
Jennifer Horowitz EHR Adoption in Michigan & Nationwide
Jennifer Horowitz EHR Adoption in Michigan & NationwideJennifer Horowitz EHR Adoption in Michigan & Nationwide
Jennifer Horowitz EHR Adoption in Michigan & Nationwide
 
Carrie Waggoner Cyber Security Panel
Carrie Waggoner Cyber Security PanelCarrie Waggoner Cyber Security Panel
Carrie Waggoner Cyber Security Panel
 
Andrea walrath mu stage 2 and beyond
Andrea walrath mu stage 2 and beyondAndrea walrath mu stage 2 and beyond
Andrea walrath mu stage 2 and beyond
 
MiHIN Brief Overview
MiHIN Brief OverviewMiHIN Brief Overview
MiHIN Brief Overview
 
MIHIN HIE Presentation UPHIE
MIHIN HIE Presentation UPHIEMIHIN HIE Presentation UPHIE
MIHIN HIE Presentation UPHIE
 
SEMHIE Overview for MIHIN Sub-State HIE Panel
SEMHIE Overview for MIHIN Sub-State HIE PanelSEMHIE Overview for MIHIN Sub-State HIE Panel
SEMHIE Overview for MIHIN Sub-State HIE Panel
 

Último

Call Girls Kochi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Kochi Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Kochi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Kochi Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...
(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...
(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...
Taniya Sharma
 
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
hotbabesbook
 
Call Girls Siliguri Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Siliguri Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Siliguri Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Siliguri Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
Arohi Goyal
 
Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...
Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...
Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...
Dipal Arora
 
Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...
Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...
Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...
astropune
 
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
jennyeacort
 
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Dipal Arora
 
Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...
Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...
Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...
narwatsonia7
 
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Sheetaleventcompany
 
Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...
Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...
Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...
Call Girls in Nagpur High Profile
 
Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...
Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...
Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...
narwatsonia7
 
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
parulsinha
 
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
parulsinha
 
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
chandars293
 

Último (20)

Call Girls Kochi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Kochi Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Kochi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Kochi Just Call 8250077686 Top Class Call Girl Service Available
 
(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...
(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...
(👑VVIP ISHAAN ) Russian Call Girls Service Navi Mumbai🖕9920874524🖕Independent...
 
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
 
Call Girls Siliguri Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Siliguri Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Siliguri Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Siliguri Just Call 8250077686 Top Class Call Girl Service Available
 
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
 
Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...
Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...
Call Girls Visakhapatnam Just Call 8250077686 Top Class Call Girl Service Ava...
 
Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...
Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...
Best Rate (Hyderabad) Call Girls Jahanuma ⟟ 8250192130 ⟟ High Class Call Girl...
 
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
 
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
 
O898O367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
O898O367676 Call Girls In Ahmedabad Escort Service Available 24×7 In AhmedabadO898O367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
O898O367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
 
Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...
Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...
Top Rated Bangalore Call Girls Richmond Circle ⟟ 9332606886 ⟟ Call Me For Ge...
 
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
 
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
 
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
Call Girls in Gagan Vihar (delhi) call me [🔝 9953056974 🔝] escort service 24X7
 
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
Call Girls Service Jaipur {9521753030} ❤️VVIP RIDDHI Call Girl in Jaipur Raja...
 
Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...
Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...
Book Paid Powai Call Girls Mumbai 𖠋 9930245274 𖠋Low Budget Full Independent H...
 
Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...
Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...
Top Rated Bangalore Call Girls Ramamurthy Nagar ⟟ 9332606886 ⟟ Call Me For G...
 
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
 
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
 
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
 

Brian Balow HIPAA Final Rule

  • 1. No More Excuses: HHS Releases Tough Final HIPAA Privacy and Security Rules Brian R. Balow Dickinson Wright PLLC June 6, 2013
  • 2. Overview  Released January 17, 2013  Effective March 26, 2013  Covered entities and business associates have 180 days beyond the effective date to come into compliance with most of the Final Rule’s provisions (September 23, 2013)
  • 3. Rules to be Discussed  Privacy Rule  Security Rule  Breach Notification Rule  Enforcement Rule
  • 4. Some General Matters  Patient Safety Organizations are now business associates  HIOs, E-Prescribing Gateways, and others that facilitate ePHI transmission can be business associates (if “access to PHI on routine basis” and not merely a conduit)  PHR vendors can be business associates if the PHR is offered on behalf of a covered entity
  • 5. Some General Matters  Subcontractors to a covered entity can be business associates “to the extent that they require access to PHI.” Thus, covered entity must gain satisfactory assurances of compliance required by the Rules from its business associates, and business associates must obtain same from subcontractors  PHI “stored, whether intentionally or not, in photocopier, facsimile, and other devices is subject to the Privacy and Security Rules” Copyright 2013 Michigan Health Information Network 5
  • 6. Privacy Rule  Uses and disclosures of patient information: • Genetic information (health plans as defined in HIPAA) • Sale of PHI • To health plan if services paid by patient • Marketing activities • Fundraising activities • Deceased persons • Immunization records to schools Copyright 2013 Michigan Health Information Network 6
  • 7. Privacy Rule  Confirms a business associate’s direct liability for specific provisions of the Privacy Rule  Business associates not directly liable for other Privacy Rule provisions (e.g., providing a NPP) unless delegated to BA under a BAA  BA may use PHI for “proper management and administration of the BA and to provide data aggregation services to a covered entity”
  • 8. Privacy Rule  A BA must enter into a BAA-style agreement with a subcontractor prior to disclosing PHI  Covered entities need no longer report uncured breach by a BA of its obligations under a BAA  A BA must attempt to cure a subcontractor’s breach of “satisfactory assurance” type obligations (parallel to a CE’s obligations vis-à-vis a BA) Copyright 2013 Michigan Health Information Network 8
  • 9. Privacy Rule  Required changes to BAAs: • BA must comply where applicable with Security Rule re ePHI • BA must report breaches of unsecured PHI to CE • BA must flow down satisfactory assurance provisions to subcontractors • If Privacy Rule requirement delegated to BA, BA liable to CE if BA breaches pertinent Privacy Rule requirement (does not create direct BA liability, however)
  • 10. Privacy Rule  BAA Amendments IF • Existing BAA in place prior to January 25, 2013, and is compliant with Privacy Rule as then in effect, and • Existing BAA is not renewed or modified between March 26 and September 23, 2013, THEN that BAA is deemed compliant until earlier of • Date on which BAA is renewed or modified after September 23, 2013, or • September 24, 2014 Copyright 2013 Michigan Health Information Network 10
  • 11. Security Rule  Security Rule’s administrative, physical, and technical safeguard requirements, as well as the Rule’s policies and procedures and documentation requirements, apply to business associates in the same manner as they apply to covered entities, and BAs will be civilly and criminally liable for violations  It is the BA’s, and not the CE’s, obligation to obtain satisfactory assurances from a subcontractor regarding protection of ePHI  Allows that formerly required but duplicative BAA provisions are no longer required (i.e., those required under each of the Privacy Rule and the Security Rule)
  • 12. Breach Notification Rule  Unsecured PHI • Secured PHI = Compliance with valid encryption processes for data at rest consistent with NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices, and with valid encryption processes for data in motion consistent with NIST Special Publications 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations; 800-77, Guide to IPsec VPNs; or 800-113, Guide to SSL VPNs, or others which are Federal Information Processing Standards (FIPS) 140-2 validated Copyright 2013 Michigan Health Information Network 12
  • 13. Breach Notification Rule, Cont’d “Breach” 1. Impermissible use or disclosure of PHI is presumed to be a breach unless CE or BA can demonstrate “low probability” that PHI was “compromised” (move away from “risk of harm” standard) 2. CE or BA must conduct a risk assessment to determine if PHI was compromised
  • 14. Breach Notification Rule, Cont’d Risk Assessment: 1. Nature and extent of PHI involved (including identifiers/likelihood of re-identification) 2. Consider the recipient (e.g., already under HIPAA obligation?) 3. Was PHI actually acquired or viewed 4. Extent to which risk has been mitigated
  • 15. Breach Notification Rule, Cont’d Notification to Individuals  “Discovery”: When CE knew or by exercising reasonable diligence would have been known to any person other than the person committing the breach, who is a workforce member or agent of CE  Timeliness: w/o unreasonable delay, not more than 60 days post-discovery (law enforcement delay exception remains)  Content: • What happened, when, and when discovered • Description of compromised PHI • Steps individuals should take to mitigate effects • Steps CE is taking, plus contact information
  • 16. Breach Notification Rule, Cont’d Notification to Media:  Unsecured PHI  500+ affected individuals of any one State  Within 60 days of discovery, max  “Prominent media outlet” (depends on the market)  Press release on a CE website does not meet this requirement
  • 17. Breach Notification Rule, Cont’d  Notification to Secretary:  500+ affected individuals (anywhere): “immediate” (meaning at time individual notices are sent)  Less than 500, maintain log and report on HHS website annually, within 60 days of end of year  Notification by a Business Associate:  BA’s knowledge of breach is imputed to CE if the BA is an agent of the CE (meaning CE’s clock starts ticking when BA “discovers”  Otherwise, CE’s clock begins upon notice from BA
  • 18. Enforcement Rule  Four civil money penalty tiers based on culpability:
  • 19. Enforcement Rule, Cont’d  “Reasonable cause” (second tier) defined as “an act or omission in which a covered entity or business associate knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the covered entity or business associate did not act with willful neglect.”  Covered entities and business associates are now liable as principals for the acts of business associates (for CEs) or subcontractors (for BAs) acting as agents under Federal common law principles Copyright 2013 Michigan Health Information Network 19
  • 20. Enforcement Rule, Cont’d  Bases for Penalty Determinations: 1. Nature and extent of violation 2. Nature and extent of harm 3. History of prior compliance 4. Financial condition of the CE or BA 5. Other matters “as justice requires”
  • 21. To-Do List: All 1.Print pp. 491 – 562 of the Final Rule and put them in a binder 2.Read them in conjunction with existing HIPAA regulations (which should likewise be in a binder)
  • 22. To Do List: Covered Entities 1. Update privacy policies (uses and disclosures of PHI) 2. Update compliance plan consistent with Breach Notification Rule changes 3. Examine BA relationships in light of agency liability issues 4. BAA review and revision (including amendments to existing BAAs) 5. Update notice of privacy practices and patient authorization form 6. (Seriously) consider encryption of ePHI if not already done 7. Conduct training 8. Use OCR resources
  • 23. To Do List: Business Associates 1. Determine if you are a “business associate” (and if not be prepared to defend your case) 2. Evaluate your current operations for compliance with applicable Privacy Rule, Security Rule, and Breach Notification provisions 3. Ensure you have appropriate subcontracts in place and with proper content 4. Conduct training 5. Use OCR resources
  • 24. Disclaimer This presentation is informational only. It does not constitute legal or professional advice. You are encouraged to consult with an attorney if you have specific questions relating to any of the topics covered in this presentation
  • 25. Contact Information Brian R. Balow 248-433-7536 bbalow@dickinsonwright.com Thank you

Notas del editor

  1. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  2. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  3. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  4. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  5. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  6. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  7. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  8. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  9. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  10. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  11. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  12. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  13. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  14. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  15. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  16. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  17. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  18. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted
  19. Copyright 2013 Michigan Health Information Network. All rights reserved. MiHIN Confidential--Proprietary--Restricted