SlideShare ist ein Scribd-Unternehmen logo

HIPAA Omnibus Rule: Key Business Associate Implications

•
•
HIPAA Continuity Plannaers
HIPAA Continuity Plannaers

Description of the changes to HIPAA and HITECH made by the new Omnibus Rules as it affects Business Associates.

Gesundheit & Medizin
1 von 11
Humongous Insurance HIPAA New Final Omnibus Rule: “Key Business Associate Implications for Your Organization”
Your Presenter A.J. (Andy) Weitzberg President of HIPAA Continuity Planners President of the Association of Contingency Planners Long Island Chapter © HIPAA Continuity Planners 2013
History • Health Insurance Portability and Accountability Act (HIPAA)of 1996 • The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 • Omnibus Rule of 2013 © HIPAA Continuity Planners 2013
Omnibus Rule conforms HIPAA regulations to HITECH Act changes: – Before HITECH, BAs regulated through business associate contracts or agreements ("BAAs") – After HITECH, BAs and subcontractors are now regulated directly under HIPAA, therefore they: Must comply with Security Rules Must comply with some of Privacy Rule and provisions of BAA © HIPAA Continuity Planners 2013
By the Numbers from August 2009 through December 2012* • 538 breaches of protected health information (PHI) • 21,408,505 patient health records affected • 21.5% increase in # of large breaches in 2012 over 2011 • but… a 77% decrease in # of patient records impacted • 67% of all breaches have been the result of theft or loss • 57% of all patient records breached involved a business associate • 5X historically, breaches at business associates have impacted 5 times as many patient records as those at a covered entity • 38% of incidents were as a result of an unencrypted laptop or other portable electronic device • 63.9% percent of total records breached in 2012 resulted from the 5 largest incidents • 780,000 number of records breached in the single largest incident of 2012 *These numbers include breaches that affected >500 individuals and were © HIPAA Continuity reported to HHS from August 2009 to January 17, 2013. Planners 2013
Expanded definition of “Business Associates” "Business associate" ” means one who, on behalf of a covered entity creates, receives, maintains or transmits PHI* now also means "subcontractor of business associate“ who creates, receives, maintains or transmits PHI* on behalf of a business associate Status as BA based upon role and responsibilities, not upon who are the parties to the contract Contract between the covered entity's BA and that BA's subcontractor must satisfy the BA agreement requirements *Personal Health Information © HIPAA Continuity Planners 2013
Business Associate - Consequences Secretary (HHS) authorized to receive and investigate complaints against BAs (including subcontractors), and to take action regarding complaints and noncompliance BAs (incl. subs) required to maintain records and submit compliance reports to Secretary, cooperate in complaint investigations and compliance reviews, give Secretary access to information BAs (incl. subs) forbidden to intimidate, discriminate against, etc. those who make complaints, cooperate with regulators or oppose unlawful actions BAs (incl. subcontractors) subject to civil money penalties for HIPAA violations BA/Subs remain liable under contract to Covered Entity and BA © HIPAA Continuity Planners 2013
How do these updates affect your Business As a “Business Associate” you have HIPAA/HITECH Compliance Requirements: 1. A Written Risk Analysis 2. A Written Continuity Plan 3. A Documented Security Practices and Procedures 4. An Incident Response Plan (Breach Response) 5. Termination Procedures 6. A Record Disposal Procedure for Electronic Media xxxxx and Paper Records 7. Employee Training Program 8. Documentation and Logs © HIPAA Continuity Planners 2013
Penalties for Your non-Compliance CATEGORIES OF VIOLATIONS AND RESPECTIVE PENALTY AMOUNTS AVAILABLE Violation Category Each Violation All such violations Section 1176(a)(1) of an identical provision in a calendar year (A) Did Not Know $100 to Max $1,500,000 $50,000 (B) Reasonable $1,000 to Max $1,500,000 Cause $50,000 (C)(i) Willful $10,000 to Max $1,500,000 Neglect-Corrected $50,000 (C)(ii) Willful $50,000 $1,500,000 Neglect-Not Corrected © HIPAA Continuity Planners 2013
Are you a “Business Associate”? Illustration of the types of firms that are now considered “Business Associates” • IT Support and Software Vendors • IT Equipment Vendors • Leasing firms • Telephone CPE Vendors • Shredding Vendors • Data Centers • Cloud Computing Providers • Answering Services for Medical Offices • Medical Billing Services • Medical Transcriptions Services • Medical Collection Agencies • Temporary Employment Agencies © HIPAA Continuity Planners 2013
Questions A.J. (Andy) Weitzberg President HIPAA Continuity Planners Email: AJ@HIPAACP.COM 1.800.654.2041 Toll Free 1.631.654.4001 Office 1.516.641.4001 Mobile © HIPAA Continuity Planners 2013

Empfohlen

HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus PresentationCompliancy Group
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Samantha Haas
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 

Empfohlen

HIPAA Omnibus Presentation
HIPAA Omnibus PresentationHIPAA Omnibus Presentation
HIPAA Omnibus PresentationCompliancy Group
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Samantha Haas
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesJose Ivan Delgado, Ph.D.
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1GuardEra Access Solutions, Inc.
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHostway|HOSTING
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibuswardell henley
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideWirehead Technology
 
Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2complianceonline123
 
Red7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRed7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRobert Grupe, CSSLP CISSP PE PMP
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunellesjbusnpa
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Data kualitatif
Data kualitatifData kualitatif
Data kualitatifZarra Sofia
 
Socials 9 jan 5th
Socials 9 jan 5thSocials 9 jan 5th
Socials 9 jan 5thHSS_Socials_9
 

Weitere ähnliche Inhalte

Was ist angesagt?

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesJose Ivan Delgado, Ph.D.
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHostway|HOSTING
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideWirehead Technology
 
Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2complianceonline123
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunellesjbusnpa
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 

Was ist angesagt? (20)

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business Associates
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare Guide
 
Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2
 
Red7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRed7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data Protection
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunelle
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 

Andere mochten auch

Data kualitatif
Data kualitatifData kualitatif
Data kualitatifZarra Sofia
 
Socials 9 jan 5th
Socials 9 jan 5thSocials 9 jan 5th
Socials 9 jan 5thHSS_Socials_9
 
Socials 9 dec 15th
Socials 9 dec 15thSocials 9 dec 15th
Socials 9 dec 15thHSS_Socials_9
 
Socials 9 chpt 2
Socials 9 chpt 2Socials 9 chpt 2
Socials 9 chpt 2HSS_Socials_9
 
Mobile Transitions in Healthcare
Mobile Transitions in HealthcareMobile Transitions in Healthcare
Mobile Transitions in HealthcareTracey Mc
 
Comp survey wireless_body_networks
Comp survey wireless_body_networksComp survey wireless_body_networks
Comp survey wireless_body_networksTracey Mc
 

Andere mochten auch (6)

Data kualitatif
Data kualitatifData kualitatif
Data kualitatif
 
Socials 9 jan 5th
Socials 9 jan 5thSocials 9 jan 5th
Socials 9 jan 5th
 
Socials 9 dec 15th
Socials 9 dec 15thSocials 9 dec 15th
Socials 9 dec 15th
 
Socials 9 chpt 2
Socials 9 chpt 2Socials 9 chpt 2
Socials 9 chpt 2
 
Mobile Transitions in Healthcare
Mobile Transitions in HealthcareMobile Transitions in Healthcare
Mobile Transitions in Healthcare
 
Comp survey wireless_body_networks
Comp survey wireless_body_networksComp survey wireless_body_networks
Comp survey wireless_body_networks
 

Ă„hnlich wie HIPAA Omnibus Rule: Key Business Associate Implications

Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceTrueVault
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantCarbonite
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfHIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfSuccessiveDigital
 
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!Shelly Megan
 
An Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfAn Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfSeasiaInfotech2
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Hipaa random audit
Hipaa random auditHipaa random audit
Hipaa random auditsupportc2go
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complySangeetha Parandhaman
 
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...Colin Zick
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare softwareConcetto Labs
 
Privacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxPrivacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxMohammadBashir26
 
HIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdfHIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdfphilipthomas428223
 
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfUnderstanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfOmniMD Healthcare
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Traininghimalya sharma
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and trainingLaDavia Day, MHA, BS
 

Ă„hnlich wie HIPAA Omnibus Rule: Key Business Associate Implications (20)

Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfHIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
 
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
 
An Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfAn Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdf
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Hipaa random audit
Hipaa random auditHipaa random audit
Hipaa random audit
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to comply
 
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
Privacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxPrivacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptx
 
HIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdfHIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdf
 
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfUnderstanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and training
 

KĂĽrzlich hochgeladen

SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptxSYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptxdrashraf369
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxSasikiranMarri
 
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurMETHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurNavdeep Kaur
 
Glomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptxGlomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptxDr.Nusrat Tariq
 
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara RajendranMusic Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara RajendranTara Rajendran
 
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...saminamagar
 
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...Wessex Health Partners
 
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Report Back from SGO: What’s New in Uterine Cancer?.pptx
Report Back from SGO: What’s New in Uterine Cancer?.pptxReport Back from SGO: What’s New in Uterine Cancer?.pptx
Report Back from SGO: What’s New in Uterine Cancer?.pptxbkling
 
Case Report Peripartum Cardiomyopathy.pptx
Case Report Peripartum Cardiomyopathy.pptxCase Report Peripartum Cardiomyopathy.pptx
Case Report Peripartum Cardiomyopathy.pptxNiranjan Chavan
 
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
SWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.pptSWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.pptMumux Mirani
 
PERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptx
PERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptxPERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptx
PERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptxdrashraf369
 
PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...
PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...
PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...Badalona Serveis Assistencials
 
History and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfHistory and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfSasikiranMarri
 
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfPNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfDolisha Warbi
 
Measurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxMeasurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxDr. Dheeraj Kumar
 
LUNG TUMORS AND ITS CLASSIFICATIONS.pdf
LUNG TUMORS AND ITS CLASSIFICATIONS.pdfLUNG TUMORS AND ITS CLASSIFICATIONS.pdf
LUNG TUMORS AND ITS CLASSIFICATIONS.pdfDolisha Warbi
 
Introduction to Sports Injuries by- Dr. Anjali Rai
Introduction to Sports Injuries by- Dr. Anjali RaiIntroduction to Sports Injuries by- Dr. Anjali Rai
Introduction to Sports Injuries by- Dr. Anjali RaiGoogle
 

KĂĽrzlich hochgeladen (20)

SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptxSYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptx
 
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurMETHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
 
Glomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptxGlomerular Filtration and determinants of glomerular filtration .pptx
Glomerular Filtration and determinants of glomerular filtration .pptx
 
Epilepsy
EpilepsyEpilepsy
Epilepsy
 
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara RajendranMusic Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
 
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
call girls in Dwarka Sector 21 Metro DELHI 🔝 >༒9540349809 🔝 genuine Escort Se...
 
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
Wessex Health Partners Wessex Integrated Care, Population Health, Research & ...
 
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Report Back from SGO: What’s New in Uterine Cancer?.pptx
Report Back from SGO: What’s New in Uterine Cancer?.pptxReport Back from SGO: What’s New in Uterine Cancer?.pptx
Report Back from SGO: What’s New in Uterine Cancer?.pptx
 
Case Report Peripartum Cardiomyopathy.pptx
Case Report Peripartum Cardiomyopathy.pptxCase Report Peripartum Cardiomyopathy.pptx
Case Report Peripartum Cardiomyopathy.pptx
 
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in aerocity DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
SWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.pptSWD (Short wave diathermy)- Physiotherapy.ppt
SWD (Short wave diathermy)- Physiotherapy.ppt
 
PERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptx
PERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptxPERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptx
PERFECT BUT PAINFUL TKR -ROLE OF SYNOVECTOMY.pptx
 
PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...
PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...
PresentaciĂł "Real-Life VR Integration for Mild Cognitive Impairment Rehabilit...
 
History and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfHistory and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdf
 
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfPNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
 
Measurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxMeasurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptx
 
LUNG TUMORS AND ITS CLASSIFICATIONS.pdf
LUNG TUMORS AND ITS CLASSIFICATIONS.pdfLUNG TUMORS AND ITS CLASSIFICATIONS.pdf
LUNG TUMORS AND ITS CLASSIFICATIONS.pdf
 
Introduction to Sports Injuries by- Dr. Anjali Rai
Introduction to Sports Injuries by- Dr. Anjali RaiIntroduction to Sports Injuries by- Dr. Anjali Rai
Introduction to Sports Injuries by- Dr. Anjali Rai
 

HIPAA Omnibus Rule: Key Business Associate Implications

  • 1. Humongous Insurance HIPAA New Final Omnibus Rule: “Key Business Associate Implications for Your Organization”
  • 2. Your Presenter A.J. (Andy) Weitzberg President of HIPAA Continuity Planners President of the Association of Contingency Planners Long Island Chapter © HIPAA Continuity Planners 2013
  • 3. History • Health Insurance Portability and Accountability Act (HIPAA)of 1996 • The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 • Omnibus Rule of 2013 © HIPAA Continuity Planners 2013
  • 4. Omnibus Rule conforms HIPAA regulations to HITECH Act changes: – Before HITECH, BAs regulated through business associate contracts or agreements ("BAAs") – After HITECH, BAs and subcontractors are now regulated directly under HIPAA, therefore they: Must comply with Security Rules Must comply with some of Privacy Rule and provisions of BAA © HIPAA Continuity Planners 2013
  • 5. By the Numbers from August 2009 through December 2012* • 538 breaches of protected health information (PHI) • 21,408,505 patient health records affected • 21.5% increase in # of large breaches in 2012 over 2011 • but… a 77% decrease in # of patient records impacted • 67% of all breaches have been the result of theft or loss • 57% of all patient records breached involved a business associate • 5X historically, breaches at business associates have impacted 5 times as many patient records as those at a covered entity • 38% of incidents were as a result of an unencrypted laptop or other portable electronic device • 63.9% percent of total records breached in 2012 resulted from the 5 largest incidents • 780,000 number of records breached in the single largest incident of 2012 *These numbers include breaches that affected >500 individuals and were © HIPAA Continuity reported to HHS from August 2009 to January 17, 2013. Planners 2013
  • 6. Expanded definition of “Business Associates” "Business associate" ” means one who, on behalf of a covered entity creates, receives, maintains or transmits PHI* now also means "subcontractor of business associate“ who creates, receives, maintains or transmits PHI* on behalf of a business associate Status as BA based upon role and responsibilities, not upon who are the parties to the contract Contract between the covered entity's BA and that BA's subcontractor must satisfy the BA agreement requirements *Personal Health Information © HIPAA Continuity Planners 2013
  • 7. Business Associate - Consequences Secretary (HHS) authorized to receive and investigate complaints against BAs (including subcontractors), and to take action regarding complaints and noncompliance BAs (incl. subs) required to maintain records and submit compliance reports to Secretary, cooperate in complaint investigations and compliance reviews, give Secretary access to information BAs (incl. subs) forbidden to intimidate, discriminate against, etc. those who make complaints, cooperate with regulators or oppose unlawful actions BAs (incl. subcontractors) subject to civil money penalties for HIPAA violations BA/Subs remain liable under contract to Covered Entity and BA © HIPAA Continuity Planners 2013
  • 8. How do these updates affect your Business As a “Business Associate” you have HIPAA/HITECH Compliance Requirements: 1. A Written Risk Analysis 2. A Written Continuity Plan 3. A Documented Security Practices and Procedures 4. An Incident Response Plan (Breach Response) 5. Termination Procedures 6. A Record Disposal Procedure for Electronic Media xxxxx and Paper Records 7. Employee Training Program 8. Documentation and Logs © HIPAA Continuity Planners 2013
  • 9. Penalties for Your non-Compliance CATEGORIES OF VIOLATIONS AND RESPECTIVE PENALTY AMOUNTS AVAILABLE Violation Category Each Violation All such violations Section 1176(a)(1) of an identical provision in a calendar year (A) Did Not Know $100 to Max $1,500,000 $50,000 (B) Reasonable $1,000 to Max $1,500,000 Cause $50,000 (C)(i) Willful $10,000 to Max $1,500,000 Neglect-Corrected $50,000 (C)(ii) Willful $50,000 $1,500,000 Neglect-Not Corrected © HIPAA Continuity Planners 2013
  • 10. Are you a “Business Associate”? Illustration of the types of firms that are now considered “Business Associates” • IT Support and Software Vendors • IT Equipment Vendors • Leasing firms • Telephone CPE Vendors • Shredding Vendors • Data Centers • Cloud Computing Providers • Answering Services for Medical Offices • Medical Billing Services • Medical Transcriptions Services • Medical Collection Agencies • Temporary Employment Agencies © HIPAA Continuity Planners 2013
  • 11. Questions A.J. (Andy) Weitzberg President HIPAA Continuity Planners Email: AJ@HIPAACP.COM 1.800.654.2041 Toll Free 1.631.654.4001 Office 1.516.641.4001 Mobile © HIPAA Continuity Planners 2013