SlideShare ist ein Scribd-Unternehmen logo

Confidentiality, HIPAA and HITECH

Als PPTX, PDF herunterladen
Dr. DawnElise Snipes ★AllCEUs★ Unlimited Counselor Training
Dr. DawnElise Snipes ★AllCEUs★ Unlimited Counselor Training

View the video at https://youtube.com/allceuseducation A direct link to the counseling CEU course is: A direct link to the CEU course is https://www.allceus.com/member/cart/index/product/id/682/c/ for 3 Hours or https://www.allceus.com/member/cart/index/product/id/681/c/ for 10 hours

Gesundheitswesen
1 von 45
Confidentiality, HIPAA and HITECH Brought to you by AllCEUs.com Instructor: Dr. Dawn-Elise Snipes
Objectives  Review HIPAA and HITECH regulations as they pertain to maintaining confidentiality and security of PHI  Encourage critical assessment of your work practices for compliance.  Get through the presentation with all of you staying awake 
Business Associates  A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity.  Business associate functions and activities include:  Billing, claims processing, administration, benefit management  Data analysis, processing or administration  Utilization review & quality assurance  ISPs are NOT business associates  Software vendors providing EHR systems and providers of virtual offices and email services will clearly qualify as business associates
Requirements for PHI  Risk analysis (Required) of the potential risks and vulnerabilities to the confidentiality, integrity, and availability.  Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a).  Sanction policy (Required). Apply appropriate sanctions to workforce members who fail to comply with the security policies.  Information system activity review (Required). Regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Workforce Security  Ensure that all members of its workforce have appropriate access to ePHI, and prevent those who do not from obtaining access to electronic PHI.  Implement procedures for the authorization and/or supervision of workforce members who work with ePHI or in locations where it might be accessed.  Implement procedures to determine that the access of a workforce member to ePHI is appropriate.  Implement procedures for terminating access to ePHI when the employment of, or other arrangement with, a workforce member ends or changes.
Information Access Management  Implement written policies and procedures for authorizing access to ePHI  Implement policies and procedures for granting access to ePHI, for example, through access to a workstation, transaction, program, process, or other mechanism.  Implement policies and procedures that establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process. Virtual workstations Key cards Passwords
Security Awareness and Training  Training for all members of its workforce (including management)  Periodic security updates.  Procedures for guarding against, detecting, and reporting malicious software.  Procedures for monitoring log-in attempts and reporting discrepancies.  Procedures for creating, changing, and safeguarding passwords.
Contingency Plan  Establish (and implement as needed) policies and procedures for responding to a disaster that damages systems that contain electronic PHI.  Data backup plan (Required).  Disaster recovery plan including procedures to enable continuation of critical business processes for protection of the security of ePHI while operating in emergency mode (Required).  Implement procedures for periodic testing and revision of contingency plans.
Facility Access Controls  Limit physical access to its electronic information systems and the facility or facilities in which they are housed.  Clinic  Home office  Working on laptop on unsecured wi-fi  Workstation use. Specify:  The proper functions to be performed  The manner in which those functions are to be performed  The physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic PHI
Workstation Security  Implement physical safeguards for all workstations that access electronic PHI, to restrict access to authorized users.  Includes printers and fax machines Output Memory
Device and media controls  Implement policies and procedures that govern the receipt and removal of hardware and electronic media (thumb drives, laptops) that contain ePHI into and out of a facility, and the movement of these items within the facility.  (i) Disposal (Required). Address the final disposition of electronic PHI, and/or the hardware or electronic media on which it is stored.  (ii) Media re-use (Required). Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.  (iii) Accountability (Addressable). Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
HIPAA §164.312 Technical safeguards.  Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4). (Think LinkedIn or Google)  Unique user identification (Required)  Emergency access procedure (Required) Access from remote site during natural disaster Access by staff in medical emergencies  Automatic logoff (Addressable)
§164.502 Uses and Disclosures  A covered entity is permitted to use or disclose PHI as follows:  To the individual: For treatment, payment, or health care operations, as permitted by and in compliance with §164.506; When required by the Secretary under subpart C of part 160 of this subchapter to investigate or determine the covered entity's compliance with this subchapter.
Disclosing PHI: Minimum Necessary  When using or disclosing to or requesting PHI from another covered entity or business associate, make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended.  This requirement does not apply to:  Disclosures to or requests by a health care provider for treatment  Uses or disclosures made to the individual  Uses or disclosures made pursuant to an authorization under §164.508;  Uses or disclosures that are required by law, as described by §164.512(a)  Uses or disclosures that are required for compliance with applicable requirements of this subchapter.
§164.508 Uses and disclosures for which an authorization is required.  Authorization required: General rule. Except as otherwise permitted or required by this subchapter, a covered entity may not use or disclose PHI without an authorization that is valid under this section.  Authorization required: Psychotherapy notes. Notwithstanding any provision of this subpart…a covered entity must obtain an authorization for any use or disclosure of psychotherapy notes, except:  To carry out the following treatment, payment, or health care operations:  Use by the originator of the psychotherapy notes for treatment;  Use or disclosure by the covered entity for its own training programs  Use or disclosure by the covered entity to defend itself in a legal action or other proceeding brought by the individual
Defective & Compound Authorizations  An authorization is not valid, if the document submitted has any of the following defects:  The expiration date has passed or the expiration event has occurred (i.e. discharge)  The authorization has not been filled out completely  The authorization is known by the covered entity to have been revoked  The authorization violates paragraph (b)(3) or (4) of this section, if applicable  Any information in the authorization is known to be false.  Compound authorizations. An authorization for use or disclosure of PHI may not be combined with any other document to create a compound authorization, except as follows:  An authorization for a use or disclosure of psychotherapy notes may only be combined with another authorization of psychotherapy notes.
Revocation of Authorization  An individual may revoke an authorization provided under this section at any time, provided that the revocation is in writing, except to the extent that:  The covered entity has taken action in reliance thereon  If the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself.
Core Elements of Authorizations  A valid authorization under this section must contain at least the following elements:  A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion.  The name or other specific identification of the person(s), or class of persons, authorized to make the requested use or disclosure.  The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested use or disclosure.  A description of each purpose of the requested use or disclosure. The statement "at the request of the individual" is a sufficient description of the purpose when an individual initiates the authorization  An expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure.  Signature of the individual and date. If the authorization is signed by a personal representative of the individual, a description of such representative's authority to act for the individual must also be provided.
Additional Requirements for Authorizations  Required statements. In addition to the core elements, the authorization must contain statements adequate to place the individual on notice of all of the following:  The individual's right to revoke the authorization in writing, and the exceptions to the right to revoke and a description of how the individual may revoke the authorization; or  The ability or inability to condition treatment, payment, enrollment or eligibility for benefits on the authorization, by stating either:  (A) The covered entity may not condition treatment on whether the individual signs the authorization when the prohibition on conditioning of authorizations in paragraph (b)(4) of this section applies; or  (B) The consequences to the individual of a refusal to sign the authorization when, in accordance with paragraph (b)(4) of this section, the covered entity can condition treatment on failure to obtain such authorization. (i.e. court ordered treatment)  The potential for information disclosed pursuant to the authorization to be subject to redisclosure by the recipient and no longer be protected by this subpart.
More Requirements for Authorizations  Plain language requirement. The authorization must be written in plain language.  Copy to the individual. If a covered entity seeks an authorization from an individual for a use or disclosure of PHI, the covered entity must provide the individual with a copy of the signed authorization.
Disclosures  HIPAA indicates which situations information may be disclosed under HIPAA; however, many agencies and providers are bound by other regulations such as CFR 42 part 2 as well as state regulations.  Seek guidance from a qualified legal professional regarding implementation of HIPAA and confidentiality requirements  This presentation reviews highlights from the HIPAA code and is not a comprehensive guide for confidentiality
Summary  HIPAA Requires that written and electronic PHI be maintained with reasonable security  Providers must implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights  Providers must have policies for emergency access such as in the case of a natural disaster or medical emergency.  Providers are required to develop and implement written policies and procedures that establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process.
Summary  HIPAA requires that PHI be backed up and stored in a secure location  HIPAA requires that electronic PHI be encrypted, wiped from devices before re-issuing them and maintained behind security protocols which limit access to only approved people.  A separate consent for release of information must be completed for psychotherapy notes  A valid consent for release of information must be completely filled out and contain certain very explicit information or it is invalid, and disclosure based on an invalid release is prohibited.
Confidentiality, HIPAA and HITECH
Objectives  Review HIPAA and HITECH regulations as they pertain to maintaining confidentiality and security of PHI  Encourage critical assessment of your work practices for compliance.  Get through the presentation with all of you staying awake 
Disclosures  HIPAA indicates which situations information may be disclosed under HIPAA; however, many agencies and providers are bound by other regulations such as CFR 42 part 2 as well as state regulations.  Seek guidance from a qualified legal professional regarding implementation of HIPAA and confidentiality requirements  This presentation reviews highlights from the HIPAA code and is not a comprehensive guide for confidentiality
Permitted Uses and Disclosures  A covered entity may use or disclose PHI for the public health activities and purposes described in this paragraph to:  A public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability,  A public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect;  A person subject to the jurisdiction of the Food and Drug Administration (FDA) with respect to an FDA-regulated product or activity to collect or report adverse events, or to track FDA- regulated products; and enable product recalls  A person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition, if the covered entity or public health authority is authorized by law to notify such person
Permitted Uses and Disclosures cont…  A covered entity may use or disclose PHI to:  An employer, about an individual who is a member of the workforce of the employer, if:  (A) The covered entity is a covered health care provider who provides health care to the individual at the request of the employer:  (1) To conduct an evaluation relating to medical surveillance of the workplace (injury and or illness rates, workplace safety enhancement)  (2) To evaluate whether the individual has a work-related illness or injury  (B) The PHI that is disclosed consists of findings concerning a work-related illness or injury or a workplace-related medical surveillance
Permitted Uses and Disclosures cont…  A covered entity may use or disclose PHI to:  An employer, about an individual who is a member of the workforce of the employer, if: The employer needs such findings in order to comply with its obligations, under the law; and The covered health care provider provides written notice to the individual that PHI relating to the medical surveillance of the workplace and work-related illnesses and injuries is disclosed to the employer at the time the health care is provided
Permitted Disclosures cont…  A covered entity may disclose PHI about an individual whom the covered entity reasonably believes to be a victim of abuse, neglect, or domestic violence to a government authority authorized by law to receive reports of such abuse, neglect, or domestic violence:  To the extent the disclosure is required by law and the disclosure complies with and is limited to the relevant requirements of such law  If the individual agrees to the disclosure  To the extent the disclosure is expressly authorized by statute or regulation and is believed to be necessary to prevent serious harm to the individual or potential victims
Permitted Disclosures cont…  A covered entity may disclose…  If the individual is unable to agree because of incapacity, a law enforcement or other public official authorized to receive the report represents that the information which is sought is not intended to be used against the individual (i.e. client under the influence of illicit drugs) and that an immediate enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure. (Need for Narcan; appropriate medical treatment; wellbeing check)
Informing the Individual  A covered entity that makes a disclosure permitted by paragraph (c)(1) of this section must promptly inform the individual that such a report has been or will be made, except if:  The covered entity, in the exercise of professional judgment, believes informing the individual would place the individual at risk of serious harm  Flight before EMS arrives  The covered entity would be informing a personal representative, and the covered entity reasonably believes the personal representative is responsible for the abuse, neglect, or other injury, and that informing such person would not be in the best interests of the individual.  Informing parent of child patient who is believed to be abused
Uses and disclosures for health oversight activities  A covered entity may disclose PHI to a health oversight agency for oversight activities authorized by law, including audits; civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative, or criminal proceedings or actions; or other activities necessary for appropriate oversight of:  The health care system  Government benefit programs for which health information is relevant to beneficiary eligibility  Entities subject to government regulatory programs for which health information is necessary for determining compliance with program standards  Entities subject to civil rights laws for which health information is necessary for determining compliance.
Disclosures for judicial and administrative proceedings.  A covered entity may disclose PHI in the course of any judicial or administrative proceeding:  In response to an order of a court or administrative tribunal, provided that the covered entity discloses only the PHI expressly authorized by such order  In response to a subpoena, discovery request, or other lawful process, that is not accompanied by an order of a court or administrative tribunal, if:  (A) The covered entity receives satisfactory assurance, as described in paragraph (e)(1)(iii) of this section, from the party seeking the information that reasonable efforts have been made to ensure that the individual who is the subject of the PHI has been given notice of the request; or  (B) The covered entity receives satisfactory assurance, as described in paragraph (e)(1)(iv) of this section, from the party seeking the information that reasonable efforts have been made by such party to secure a qualified protective order
Disclosures for judicial and administrative proceedings.  A covered entity receives satisfactory assurances from a party seeking PHI if the covered entity receives from such party a written statement and accompanying documentation demonstrating that:  The party requesting such information has made a good faith attempt to provide written notice to the individual  The notice included sufficient information about the [case in which PHI] is requested to permit the individual to [object]  The time for the individual to raise objections … has elapsed, and no objections were filed; or all objections filed have been resolved
More Disclosures  Crime on premises. A covered entity may disclose to a law enforcement official PHI that the covered entity believes in good faith constitutes evidence of criminal conduct that occurred on the premises of the covered entity.
Disclosures to Law Enforcement and Correctional Institutions  A covered entity may disclose to a correctional institution or a law enforcement official having lawful custody of an inmate or other individual PHI about such person, if the correctional institution or such law enforcement official represents that such PHI is necessary for:  The provision of health care to such individuals  The health and safety of such individual, other inmates or law enforcement officers on the premises  The health and safety of the officers or employees of or others at the correctional institution (This likely does not include HIV status or progress notes)  The administration and maintenance of the safety, security, and good order of the correctional institution.
Providing Client’s Access to Records  The covered entity must provide the access requested by individuals, including inspection or obtaining a copy, or both, of the PHI about them in designated record sets within 30 days  The covered entity may provide the individual with a summary of the PHI requested, in lieu of providing access to the PHI or may provide an explanation of the PHI to which access has been provided, if:  The individual agrees in advance to such a summary or explanation; and  The individual agrees in advance to the fees imposed
Client Access  The individual's request must be in writing, signed by the individual, and clearly identify the designated person and where to send the copy of PHI.  Fees. The covered entity may impose a reasonable, cost- based fee, provided that the fee includes only the cost of:  Labor for copying the PHI requested by the individual, whether in paper or electronic form;  Supplies for creating the paper copy or electronic media if the individual requests that the electronic copy be provided on portable media;  Postage, when the individual has requested the copy, or the summary or explanation, be mailed; and  Preparing an explanation or summary of the PHI, if agreed to by the individual
§164.526 Amendment of PHI  An individual has the right to have a covered entity amend PHI or a record about the individual in a designated record set for as long as the PHI is maintained.  A covered entity may deny an individual's request for amendment, if it determines that the PHI or record that is the subject of the request:  Was not created by the covered entity, unless the individual provides a reasonable basis to believe that the originator of PHI is no longer available to act on the requested amendment;  Is not part of the designated record set;  Would not be available for inspection under §164.524; or  Is accurate and complete.
§164.526 Amendment of PHI  If the covered entity grants the requested amendment, in whole or in part, it must take the action  If the covered entity denies the requested amendment, in whole or in part, it must provide the individual with a written denial.
Accounting of Disclosures  An individual has a right to receive an accounting of disclosures of PHI made by a covered entity in the six years prior to the date on which the accounting is requested, except for disclosures:  To carry out treatment, payment and health care operations  To individuals of PHI about themselves  Incident to a use or disclosure otherwise permitted or required by this statute including general operations, law enforcement, national security, part of a limited data set  Pursuant to an signed authorization • To the individual • For the purposes of continuity of care • As required by statute
Accounting of Disclosures  The accounting must include for each disclosure:  The date of the disclosure;  The name of the entity or person who received the PHI and, if known, the address of such entity or person;  A brief description of the PHI disclosed; and  A brief statement of the purpose of the disclosure that reasonably informs the individual of the basis for the disclosure or, in lieu of such statement, a copy of a written request for a disclosure under §§164.502(a)(2)(ii) or 164.512, if any.
Summary  HIPAA and HITECH impact every aspect of handling client information (verbal, written, electronic)  There are many reasons for disclosure of PHI that are exempted from requiring a written authorization including crime, incapacity (limited), court order and mandatory reporting  Information transmitted on the internet must be encrypted point to point.  If it is able to be accessed by someone other than intended, it is a violation of security.  Sitting down at an unmanned desk  Unauthorized personnel accessing records (electronic or physical)  Using an email provider or virtual office without a business associate agreement
Summary  When in doubt, refer to the guidelines and seek qualified counsel  Talking to parents of unemancipated minors  Upon law enforcement request  With regard to reporting communicable diseases  Upon receipt of a subpoena in a legal or criminal case  Ability to amend PHI  Etc…

Empfohlen

HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
Claim Policies and Procedure Presentation
Claim Policies and Procedure PresentationClaim Policies and Procedure Presentation
Claim Policies and Procedure PresentationJamila Limosnero
 
MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016
MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016
MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016Colin Zick
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
Basic HIPAA Training by CMU
Basic HIPAA Training by CMUBasic HIPAA Training by CMU
Basic HIPAA Training by CMUAtlantic Training, LLC.
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Hipaa
HipaaHipaa
Hipaateammayco
 

Empfohlen

HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
Claim Policies and Procedure Presentation
Claim Policies and Procedure PresentationClaim Policies and Procedure Presentation
Claim Policies and Procedure PresentationJamila Limosnero
 
MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016
MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016
MaHIMA_Winter_Meeting___Compliance_Beyond_HIPAA_1_2016Colin Zick
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
Basic HIPAA Training by CMU
Basic HIPAA Training by CMUBasic HIPAA Training by CMU
Basic HIPAA Training by CMUAtlantic Training, LLC.
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Hipaa
HipaaHipaa
Hipaateammayco
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
Hippa training v2
Hippa training v2Hippa training v2
Hippa training v2Suzanne Guggenheim
 
Sample Hospital Compliance Program
Sample Hospital Compliance ProgramSample Hospital Compliance Program
Sample Hospital Compliance ProgramCraig B. Garner
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
MHS HIPPA
MHS HIPPAMHS HIPPA
MHS HIPPAteammayco
 
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardHIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardAtlantic Training, LLC.
 
2013 compliance ppt
2013 compliance ppt2013 compliance ppt
2013 compliance pptscottsvilleems
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
Hipaa.uo a
Hipaa.uo aHipaa.uo a
Hipaa.uo aJohn Wible
 
Federal Benefits Developments - Audits Abound: Are You Ready?
Federal Benefits Developments - Audits Abound: Are You Ready?Federal Benefits Developments - Audits Abound: Are You Ready?
Federal Benefits Developments - Audits Abound: Are You Ready?CBIZ, Inc.
 
Hipaa
HipaaHipaa
HipaaJason Wrench
 
Hipaa
HipaaHipaa
Hipaabelziebub
 
Meeting the HIPAA Privacy Requirements
Meeting the HIPAA Privacy RequirementsMeeting the HIPAA Privacy Requirements
Meeting the HIPAA Privacy Requirementsbenefitexpress
 
HIPAA
HIPAAHIPAA
HIPAAJacob Harris
 
Compliance for Health Care Organizations
Compliance for Health Care OrganizationsCompliance for Health Care Organizations
Compliance for Health Care OrganizationsGlass Jacobson
 
Health Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCHealth Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCH2Kinfosys
 
Developing a Practice Compliance Plan
Developing a Practice Compliance PlanDeveloping a Practice Compliance Plan
Developing a Practice Compliance Planshelvan1967
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Health insurance claim | Health Care Domain
Health insurance claim | Health Care DomainHealth insurance claim | Health Care Domain
Health insurance claim | Health Care DomainH2kInfosys
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 

Weitere ähnliche Inhalte

Was ist angesagt?

HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
Sample Hospital Compliance Program
Sample Hospital Compliance ProgramSample Hospital Compliance Program
Sample Hospital Compliance ProgramCraig B. Garner
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardHIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardAtlantic Training, LLC.
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
Federal Benefits Developments - Audits Abound: Are You Ready?
Federal Benefits Developments - Audits Abound: Are You Ready?Federal Benefits Developments - Audits Abound: Are You Ready?
Federal Benefits Developments - Audits Abound: Are You Ready?CBIZ, Inc.
 
Meeting the HIPAA Privacy Requirements
Meeting the HIPAA Privacy RequirementsMeeting the HIPAA Privacy Requirements
Meeting the HIPAA Privacy Requirementsbenefitexpress
 
Compliance for Health Care Organizations
Compliance for Health Care OrganizationsCompliance for Health Care Organizations
Compliance for Health Care OrganizationsGlass Jacobson
 
Health Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCHealth Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCH2Kinfosys
 
Developing a Practice Compliance Plan
Developing a Practice Compliance PlanDeveloping a Practice Compliance Plan
Developing a Practice Compliance Planshelvan1967
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Health insurance claim | Health Care Domain
Health insurance claim | Health Care DomainHealth insurance claim | Health Care Domain
Health insurance claim | Health Care DomainH2kInfosys
 

Was ist angesagt? (20)

HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011
 
Hippa training v2
Hippa training v2Hippa training v2
Hippa training v2
 
Sample Hospital Compliance Program
Sample Hospital Compliance ProgramSample Hospital Compliance Program
Sample Hospital Compliance Program
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 
MHS HIPPA
MHS HIPPAMHS HIPPA
MHS HIPPA
 
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardHIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
 
2013 compliance ppt
2013 compliance ppt2013 compliance ppt
2013 compliance ppt
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability Act
 
Hipaa.uo a
Hipaa.uo aHipaa.uo a
Hipaa.uo a
 
Federal Benefits Developments - Audits Abound: Are You Ready?
Federal Benefits Developments - Audits Abound: Are You Ready?Federal Benefits Developments - Audits Abound: Are You Ready?
Federal Benefits Developments - Audits Abound: Are You Ready?
 
Hipaa
HipaaHipaa
Hipaa
 
Hipaa
HipaaHipaa
Hipaa
 
Meeting the HIPAA Privacy Requirements
Meeting the HIPAA Privacy RequirementsMeeting the HIPAA Privacy Requirements
Meeting the HIPAA Privacy Requirements
 
HIPAA
HIPAAHIPAA
HIPAA
 
Compliance for Health Care Organizations
Compliance for Health Care OrganizationsCompliance for Health Care Organizations
Compliance for Health Care Organizations
 
Health Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCHealth Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLC
 
Developing a Practice Compliance Plan
Developing a Practice Compliance PlanDeveloping a Practice Compliance Plan
Developing a Practice Compliance Plan
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Health insurance claim | Health Care Domain
Health insurance claim | Health Care DomainHealth insurance claim | Health Care Domain
Health insurance claim | Health Care Domain
 

Ähnlich wie Confidentiality, HIPAA and HITECH

Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hsslearfield
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act Kartheek Kein
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentationProvider Resources Group
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeWilheminaRossi174
 
HIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiHIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiAtlantic Training, LLC.
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
HIPAA Training Instructional Design Example
HIPAA Training Instructional Design Example HIPAA Training Instructional Design Example
HIPAA Training Instructional Design Example Corrie Woolcott
 
Final gygax training module_ attempt 2
Final gygax training module_ attempt 2Final gygax training module_ attempt 2
Final gygax training module_ attempt 2Elspeth Gygax
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
hitech act
hitech acthitech act
hitech actpadler01
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
Highlights from ExL Pharma's 4th Clinical Billing & Research Compliance
Highlights from ExL Pharma's 4th Clinical Billing & Research ComplianceHighlights from ExL Pharma's 4th Clinical Billing & Research Compliance
Highlights from ExL Pharma's 4th Clinical Billing & Research ComplianceExL Pharma
 
Jeanette Rankins Patient Privacy Training
Jeanette Rankins Patient Privacy TrainingJeanette Rankins Patient Privacy Training
Jeanette Rankins Patient Privacy TrainingJeanetteRankins
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxVistaInfosec
 

Ähnlich wie Confidentiality, HIPAA and HITECH (20)

Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
HIPAA
HIPAAHIPAA
HIPAA
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
 
HIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiHIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of Hawaii
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
HIPAA Training Instructional Design Example
HIPAA Training Instructional Design Example HIPAA Training Instructional Design Example
HIPAA Training Instructional Design Example
 
Final gygax training module_ attempt 2
Final gygax training module_ attempt 2Final gygax training module_ attempt 2
Final gygax training module_ attempt 2
 
HIPAA2
HIPAA2HIPAA2
HIPAA2
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
 
hitech act
hitech acthitech act
hitech act
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
Highlights from ExL Pharma's 4th Clinical Billing & Research Compliance
Highlights from ExL Pharma's 4th Clinical Billing & Research ComplianceHighlights from ExL Pharma's 4th Clinical Billing & Research Compliance
Highlights from ExL Pharma's 4th Clinical Billing & Research Compliance
 
Jeanette Rankins Patient Privacy Training
Jeanette Rankins Patient Privacy TrainingJeanette Rankins Patient Privacy Training
Jeanette Rankins Patient Privacy Training
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docx
 

Mehr von Dr. DawnElise Snipes ★AllCEUs★ Unlimited Counselor Training

Mehr von Dr. DawnElise Snipes ★AllCEUs★ Unlimited Counselor Training (20)

Dementia case management
Dementia case managementDementia case management
Dementia case management
 
Anger irritation and resentment
Anger irritation and resentmentAnger irritation and resentment
Anger irritation and resentment
 
biopsychosocial impact of anxiety
biopsychosocial impact of anxiety biopsychosocial impact of anxiety
biopsychosocial impact of anxiety
 
Sexual Diversity Introduction with Dr. Dawn-Elise Snipes
Sexual Diversity Introduction with Dr. Dawn-Elise SnipesSexual Diversity Introduction with Dr. Dawn-Elise Snipes
Sexual Diversity Introduction with Dr. Dawn-Elise Snipes
 
Polyamory Introduction with Dr. Dawn-Elise Snipes
Polyamory Introduction with Dr. Dawn-Elise SnipesPolyamory Introduction with Dr. Dawn-Elise Snipes
Polyamory Introduction with Dr. Dawn-Elise Snipes
 
Kink overview with Dr. Dawn-Elise Snipes
Kink overview with Dr. Dawn-Elise SnipesKink overview with Dr. Dawn-Elise Snipes
Kink overview with Dr. Dawn-Elise Snipes
 
Addressing transition issues among high school and college students
Addressing transition issues among high school and college studentsAddressing transition issues among high school and college students
Addressing transition issues among high school and college students
 
Addressing emotional triggers with Dr. Dawn-Elise Snipes
Addressing emotional triggers with Dr. Dawn-Elise SnipesAddressing emotional triggers with Dr. Dawn-Elise Snipes
Addressing emotional triggers with Dr. Dawn-Elise Snipes
 
20 ways to nurture children's mental health by Dr. Dawn-Elise Snipes
20 ways to nurture children's mental health by Dr. Dawn-Elise Snipes20 ways to nurture children's mental health by Dr. Dawn-Elise Snipes
20 ways to nurture children's mental health by Dr. Dawn-Elise Snipes
 
10 Brief Interventions for Counselors by Dr. Dawn-Elise Snipes
10 Brief Interventions for Counselors by Dr. Dawn-Elise Snipes10 Brief Interventions for Counselors by Dr. Dawn-Elise Snipes
10 Brief Interventions for Counselors by Dr. Dawn-Elise Snipes
 
5 elements of motivational interventions & 5 principles of motivational inter...
5 elements of motivational interventions & 5 principles of motivational inter...5 elements of motivational interventions & 5 principles of motivational inter...
5 elements of motivational interventions & 5 principles of motivational inter...
 
Biopsychosocial impact of addiction on the individual
Biopsychosocial impact of addiction on the individualBiopsychosocial impact of addiction on the individual
Biopsychosocial impact of addiction on the individual
 
Biopsychosocial aspects of hpa axis dysfunction
Biopsychosocial aspects of hpa axis dysfunctionBiopsychosocial aspects of hpa axis dysfunction
Biopsychosocial aspects of hpa axis dysfunction
 
Attachment and impact on adult relationships with Dr. Dawn-Elise Snipes
Attachment and impact on adult relationships with Dr. Dawn-Elise SnipesAttachment and impact on adult relationships with Dr. Dawn-Elise Snipes
Attachment and impact on adult relationships with Dr. Dawn-Elise Snipes
 
Assessing dangerousness and abuse for the ncmhce (2 hours)
Assessing dangerousness and abuse for the ncmhce (2 hours)Assessing dangerousness and abuse for the ncmhce (2 hours)
Assessing dangerousness and abuse for the ncmhce (2 hours)
 
Anxiety case study
Anxiety case studyAnxiety case study
Anxiety case study
 
Animal assisted therapy
Animal assisted therapyAnimal assisted therapy
Animal assisted therapy
 
Adjustment disorder case study
Adjustment disorder case studyAdjustment disorder case study
Adjustment disorder case study
 
370 working with self harm
370 working with self harm370 working with self harm
370 working with self harm
 
Internal family systems theory
Internal family systems theoryInternal family systems theory
Internal family systems theory
 

Kürzlich hochgeladen

Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetChandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meetpriyashah722354
 
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋Sheetaleventcompany
 
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near MeVIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Memriyagarg453
 
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near MeVIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Memriyagarg453
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...Call Girls Noida
 
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur RajasthanJaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthanindiancallgirl4rent
 
Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...
Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...
Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...russian goa call girl and escorts service
 
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Russian Call Girls Amritsar
 
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋Sheetaleventcompany
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012Call Girls Service Gurgaon
 
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...Sheetaleventcompany
 
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service availableCall Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service availablegragmanisha42
 
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...chandigarhentertainm
 
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetraisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...gurkirankumar98700
 
Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...
Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...
Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...Sheetaleventcompany
 
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.ktanvi103
 
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Gfnyt
 

Kürzlich hochgeladen (20)

Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetChandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
 
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
 
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near MeVIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
 
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near MeVIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
 
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur RajasthanJaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
 
Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...
Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...
Call Girls Service In Goa 💋 9316020077💋 Goa Call Girls By Russian Call Girl...
 
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
 
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
 
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
Call Girl Amritsar ❤️♀️@ 8725944379 Amritsar Call Girls Near Me ❤️♀️@ Sexy Ca...
 
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service availableCall Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service available
 
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
 
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetraisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8923113531 ...
 
Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...
Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...
Punjab❤️Call girls in Mohali ☎️7435815124☎️ Call Girl service in Mohali☎️ Moh...
 
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
 
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
 

Confidentiality, HIPAA and HITECH

  • 1. Confidentiality, HIPAA and HITECH Brought to you by AllCEUs.com Instructor: Dr. Dawn-Elise Snipes
  • 2. Objectives  Review HIPAA and HITECH regulations as they pertain to maintaining confidentiality and security of PHI  Encourage critical assessment of your work practices for compliance.  Get through the presentation with all of you staying awake 
  • 3. Business Associates  A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity.  Business associate functions and activities include:  Billing, claims processing, administration, benefit management  Data analysis, processing or administration  Utilization review & quality assurance  ISPs are NOT business associates  Software vendors providing EHR systems and providers of virtual offices and email services will clearly qualify as business associates
  • 4. Requirements for PHI  Risk analysis (Required) of the potential risks and vulnerabilities to the confidentiality, integrity, and availability.  Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a).  Sanction policy (Required). Apply appropriate sanctions to workforce members who fail to comply with the security policies.  Information system activity review (Required). Regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
  • 5. Workforce Security  Ensure that all members of its workforce have appropriate access to ePHI, and prevent those who do not from obtaining access to electronic PHI.  Implement procedures for the authorization and/or supervision of workforce members who work with ePHI or in locations where it might be accessed.  Implement procedures to determine that the access of a workforce member to ePHI is appropriate.  Implement procedures for terminating access to ePHI when the employment of, or other arrangement with, a workforce member ends or changes.
  • 6. Information Access Management  Implement written policies and procedures for authorizing access to ePHI  Implement policies and procedures for granting access to ePHI, for example, through access to a workstation, transaction, program, process, or other mechanism.  Implement policies and procedures that establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process. Virtual workstations Key cards Passwords
  • 7. Security Awareness and Training  Training for all members of its workforce (including management)  Periodic security updates.  Procedures for guarding against, detecting, and reporting malicious software.  Procedures for monitoring log-in attempts and reporting discrepancies.  Procedures for creating, changing, and safeguarding passwords.
  • 8. Contingency Plan  Establish (and implement as needed) policies and procedures for responding to a disaster that damages systems that contain electronic PHI.  Data backup plan (Required).  Disaster recovery plan including procedures to enable continuation of critical business processes for protection of the security of ePHI while operating in emergency mode (Required).  Implement procedures for periodic testing and revision of contingency plans.
  • 9. Facility Access Controls  Limit physical access to its electronic information systems and the facility or facilities in which they are housed.  Clinic  Home office  Working on laptop on unsecured wi-fi  Workstation use. Specify:  The proper functions to be performed  The manner in which those functions are to be performed  The physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic PHI
  • 10. Workstation Security  Implement physical safeguards for all workstations that access electronic PHI, to restrict access to authorized users.  Includes printers and fax machines Output Memory
  • 11. Device and media controls  Implement policies and procedures that govern the receipt and removal of hardware and electronic media (thumb drives, laptops) that contain ePHI into and out of a facility, and the movement of these items within the facility.  (i) Disposal (Required). Address the final disposition of electronic PHI, and/or the hardware or electronic media on which it is stored.  (ii) Media re-use (Required). Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.  (iii) Accountability (Addressable). Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
  • 12. HIPAA §164.312 Technical safeguards.  Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4). (Think LinkedIn or Google)  Unique user identification (Required)  Emergency access procedure (Required) Access from remote site during natural disaster Access by staff in medical emergencies  Automatic logoff (Addressable)
  • 13. §164.502 Uses and Disclosures  A covered entity is permitted to use or disclose PHI as follows:  To the individual: For treatment, payment, or health care operations, as permitted by and in compliance with §164.506; When required by the Secretary under subpart C of part 160 of this subchapter to investigate or determine the covered entity's compliance with this subchapter.
  • 14. Disclosing PHI: Minimum Necessary  When using or disclosing to or requesting PHI from another covered entity or business associate, make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended.  This requirement does not apply to:  Disclosures to or requests by a health care provider for treatment  Uses or disclosures made to the individual  Uses or disclosures made pursuant to an authorization under §164.508;  Uses or disclosures that are required by law, as described by §164.512(a)  Uses or disclosures that are required for compliance with applicable requirements of this subchapter.
  • 15. §164.508 Uses and disclosures for which an authorization is required.  Authorization required: General rule. Except as otherwise permitted or required by this subchapter, a covered entity may not use or disclose PHI without an authorization that is valid under this section.  Authorization required: Psychotherapy notes. Notwithstanding any provision of this subpart…a covered entity must obtain an authorization for any use or disclosure of psychotherapy notes, except:  To carry out the following treatment, payment, or health care operations:  Use by the originator of the psychotherapy notes for treatment;  Use or disclosure by the covered entity for its own training programs  Use or disclosure by the covered entity to defend itself in a legal action or other proceeding brought by the individual
  • 16. Defective & Compound Authorizations  An authorization is not valid, if the document submitted has any of the following defects:  The expiration date has passed or the expiration event has occurred (i.e. discharge)  The authorization has not been filled out completely  The authorization is known by the covered entity to have been revoked  The authorization violates paragraph (b)(3) or (4) of this section, if applicable  Any information in the authorization is known to be false.  Compound authorizations. An authorization for use or disclosure of PHI may not be combined with any other document to create a compound authorization, except as follows:  An authorization for a use or disclosure of psychotherapy notes may only be combined with another authorization of psychotherapy notes.
  • 17. Revocation of Authorization  An individual may revoke an authorization provided under this section at any time, provided that the revocation is in writing, except to the extent that:  The covered entity has taken action in reliance thereon  If the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself.
  • 18. Core Elements of Authorizations  A valid authorization under this section must contain at least the following elements:  A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion.  The name or other specific identification of the person(s), or class of persons, authorized to make the requested use or disclosure.  The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested use or disclosure.  A description of each purpose of the requested use or disclosure. The statement "at the request of the individual" is a sufficient description of the purpose when an individual initiates the authorization  An expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure.  Signature of the individual and date. If the authorization is signed by a personal representative of the individual, a description of such representative's authority to act for the individual must also be provided.
  • 19. Additional Requirements for Authorizations  Required statements. In addition to the core elements, the authorization must contain statements adequate to place the individual on notice of all of the following:  The individual's right to revoke the authorization in writing, and the exceptions to the right to revoke and a description of how the individual may revoke the authorization; or  The ability or inability to condition treatment, payment, enrollment or eligibility for benefits on the authorization, by stating either:  (A) The covered entity may not condition treatment on whether the individual signs the authorization when the prohibition on conditioning of authorizations in paragraph (b)(4) of this section applies; or  (B) The consequences to the individual of a refusal to sign the authorization when, in accordance with paragraph (b)(4) of this section, the covered entity can condition treatment on failure to obtain such authorization. (i.e. court ordered treatment)  The potential for information disclosed pursuant to the authorization to be subject to redisclosure by the recipient and no longer be protected by this subpart.
  • 20. More Requirements for Authorizations  Plain language requirement. The authorization must be written in plain language.  Copy to the individual. If a covered entity seeks an authorization from an individual for a use or disclosure of PHI, the covered entity must provide the individual with a copy of the signed authorization.
  • 21. Disclosures  HIPAA indicates which situations information may be disclosed under HIPAA; however, many agencies and providers are bound by other regulations such as CFR 42 part 2 as well as state regulations.  Seek guidance from a qualified legal professional regarding implementation of HIPAA and confidentiality requirements  This presentation reviews highlights from the HIPAA code and is not a comprehensive guide for confidentiality
  • 22. Summary  HIPAA Requires that written and electronic PHI be maintained with reasonable security  Providers must implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights  Providers must have policies for emergency access such as in the case of a natural disaster or medical emergency.  Providers are required to develop and implement written policies and procedures that establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process.
  • 23. Summary  HIPAA requires that PHI be backed up and stored in a secure location  HIPAA requires that electronic PHI be encrypted, wiped from devices before re-issuing them and maintained behind security protocols which limit access to only approved people.  A separate consent for release of information must be completed for psychotherapy notes  A valid consent for release of information must be completely filled out and contain certain very explicit information or it is invalid, and disclosure based on an invalid release is prohibited.
  • 25. Objectives  Review HIPAA and HITECH regulations as they pertain to maintaining confidentiality and security of PHI  Encourage critical assessment of your work practices for compliance.  Get through the presentation with all of you staying awake 
  • 26. Disclosures  HIPAA indicates which situations information may be disclosed under HIPAA; however, many agencies and providers are bound by other regulations such as CFR 42 part 2 as well as state regulations.  Seek guidance from a qualified legal professional regarding implementation of HIPAA and confidentiality requirements  This presentation reviews highlights from the HIPAA code and is not a comprehensive guide for confidentiality
  • 27. Permitted Uses and Disclosures  A covered entity may use or disclose PHI for the public health activities and purposes described in this paragraph to:  A public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability,  A public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect;  A person subject to the jurisdiction of the Food and Drug Administration (FDA) with respect to an FDA-regulated product or activity to collect or report adverse events, or to track FDA- regulated products; and enable product recalls  A person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition, if the covered entity or public health authority is authorized by law to notify such person
  • 28. Permitted Uses and Disclosures cont…  A covered entity may use or disclose PHI to:  An employer, about an individual who is a member of the workforce of the employer, if:  (A) The covered entity is a covered health care provider who provides health care to the individual at the request of the employer:  (1) To conduct an evaluation relating to medical surveillance of the workplace (injury and or illness rates, workplace safety enhancement)  (2) To evaluate whether the individual has a work-related illness or injury  (B) The PHI that is disclosed consists of findings concerning a work-related illness or injury or a workplace-related medical surveillance
  • 29. Permitted Uses and Disclosures cont…  A covered entity may use or disclose PHI to:  An employer, about an individual who is a member of the workforce of the employer, if: The employer needs such findings in order to comply with its obligations, under the law; and The covered health care provider provides written notice to the individual that PHI relating to the medical surveillance of the workplace and work-related illnesses and injuries is disclosed to the employer at the time the health care is provided
  • 30. Permitted Disclosures cont…  A covered entity may disclose PHI about an individual whom the covered entity reasonably believes to be a victim of abuse, neglect, or domestic violence to a government authority authorized by law to receive reports of such abuse, neglect, or domestic violence:  To the extent the disclosure is required by law and the disclosure complies with and is limited to the relevant requirements of such law  If the individual agrees to the disclosure  To the extent the disclosure is expressly authorized by statute or regulation and is believed to be necessary to prevent serious harm to the individual or potential victims
  • 31. Permitted Disclosures cont…  A covered entity may disclose…  If the individual is unable to agree because of incapacity, a law enforcement or other public official authorized to receive the report represents that the information which is sought is not intended to be used against the individual (i.e. client under the influence of illicit drugs) and that an immediate enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure. (Need for Narcan; appropriate medical treatment; wellbeing check)
  • 32. Informing the Individual  A covered entity that makes a disclosure permitted by paragraph (c)(1) of this section must promptly inform the individual that such a report has been or will be made, except if:  The covered entity, in the exercise of professional judgment, believes informing the individual would place the individual at risk of serious harm  Flight before EMS arrives  The covered entity would be informing a personal representative, and the covered entity reasonably believes the personal representative is responsible for the abuse, neglect, or other injury, and that informing such person would not be in the best interests of the individual.  Informing parent of child patient who is believed to be abused
  • 33. Uses and disclosures for health oversight activities  A covered entity may disclose PHI to a health oversight agency for oversight activities authorized by law, including audits; civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative, or criminal proceedings or actions; or other activities necessary for appropriate oversight of:  The health care system  Government benefit programs for which health information is relevant to beneficiary eligibility  Entities subject to government regulatory programs for which health information is necessary for determining compliance with program standards  Entities subject to civil rights laws for which health information is necessary for determining compliance.
  • 34. Disclosures for judicial and administrative proceedings.  A covered entity may disclose PHI in the course of any judicial or administrative proceeding:  In response to an order of a court or administrative tribunal, provided that the covered entity discloses only the PHI expressly authorized by such order  In response to a subpoena, discovery request, or other lawful process, that is not accompanied by an order of a court or administrative tribunal, if:  (A) The covered entity receives satisfactory assurance, as described in paragraph (e)(1)(iii) of this section, from the party seeking the information that reasonable efforts have been made to ensure that the individual who is the subject of the PHI has been given notice of the request; or  (B) The covered entity receives satisfactory assurance, as described in paragraph (e)(1)(iv) of this section, from the party seeking the information that reasonable efforts have been made by such party to secure a qualified protective order
  • 35. Disclosures for judicial and administrative proceedings.  A covered entity receives satisfactory assurances from a party seeking PHI if the covered entity receives from such party a written statement and accompanying documentation demonstrating that:  The party requesting such information has made a good faith attempt to provide written notice to the individual  The notice included sufficient information about the [case in which PHI] is requested to permit the individual to [object]  The time for the individual to raise objections … has elapsed, and no objections were filed; or all objections filed have been resolved
  • 36. More Disclosures  Crime on premises. A covered entity may disclose to a law enforcement official PHI that the covered entity believes in good faith constitutes evidence of criminal conduct that occurred on the premises of the covered entity.
  • 37. Disclosures to Law Enforcement and Correctional Institutions  A covered entity may disclose to a correctional institution or a law enforcement official having lawful custody of an inmate or other individual PHI about such person, if the correctional institution or such law enforcement official represents that such PHI is necessary for:  The provision of health care to such individuals  The health and safety of such individual, other inmates or law enforcement officers on the premises  The health and safety of the officers or employees of or others at the correctional institution (This likely does not include HIV status or progress notes)  The administration and maintenance of the safety, security, and good order of the correctional institution.
  • 38. Providing Client’s Access to Records  The covered entity must provide the access requested by individuals, including inspection or obtaining a copy, or both, of the PHI about them in designated record sets within 30 days  The covered entity may provide the individual with a summary of the PHI requested, in lieu of providing access to the PHI or may provide an explanation of the PHI to which access has been provided, if:  The individual agrees in advance to such a summary or explanation; and  The individual agrees in advance to the fees imposed
  • 39. Client Access  The individual's request must be in writing, signed by the individual, and clearly identify the designated person and where to send the copy of PHI.  Fees. The covered entity may impose a reasonable, cost- based fee, provided that the fee includes only the cost of:  Labor for copying the PHI requested by the individual, whether in paper or electronic form;  Supplies for creating the paper copy or electronic media if the individual requests that the electronic copy be provided on portable media;  Postage, when the individual has requested the copy, or the summary or explanation, be mailed; and  Preparing an explanation or summary of the PHI, if agreed to by the individual
  • 40. §164.526 Amendment of PHI  An individual has the right to have a covered entity amend PHI or a record about the individual in a designated record set for as long as the PHI is maintained.  A covered entity may deny an individual's request for amendment, if it determines that the PHI or record that is the subject of the request:  Was not created by the covered entity, unless the individual provides a reasonable basis to believe that the originator of PHI is no longer available to act on the requested amendment;  Is not part of the designated record set;  Would not be available for inspection under §164.524; or  Is accurate and complete.
  • 41. §164.526 Amendment of PHI  If the covered entity grants the requested amendment, in whole or in part, it must take the action  If the covered entity denies the requested amendment, in whole or in part, it must provide the individual with a written denial.
  • 42. Accounting of Disclosures  An individual has a right to receive an accounting of disclosures of PHI made by a covered entity in the six years prior to the date on which the accounting is requested, except for disclosures:  To carry out treatment, payment and health care operations  To individuals of PHI about themselves  Incident to a use or disclosure otherwise permitted or required by this statute including general operations, law enforcement, national security, part of a limited data set  Pursuant to an signed authorization • To the individual • For the purposes of continuity of care • As required by statute
  • 43. Accounting of Disclosures  The accounting must include for each disclosure:  The date of the disclosure;  The name of the entity or person who received the PHI and, if known, the address of such entity or person;  A brief description of the PHI disclosed; and  A brief statement of the purpose of the disclosure that reasonably informs the individual of the basis for the disclosure or, in lieu of such statement, a copy of a written request for a disclosure under §§164.502(a)(2)(ii) or 164.512, if any.
  • 44. Summary  HIPAA and HITECH impact every aspect of handling client information (verbal, written, electronic)  There are many reasons for disclosure of PHI that are exempted from requiring a written authorization including crime, incapacity (limited), court order and mandatory reporting  Information transmitted on the internet must be encrypted point to point.  If it is able to be accessed by someone other than intended, it is a violation of security.  Sitting down at an unmanned desk  Unauthorized personnel accessing records (electronic or physical)  Using an email provider or virtual office without a business associate agreement
  • 45. Summary  When in doubt, refer to the guidelines and seek qualified counsel  Talking to parents of unemancipated minors  Upon law enforcement request  With regard to reporting communicable diseases  Upon receipt of a subpoena in a legal or criminal case  Ability to amend PHI  Etc…