SlideShare ist ein Scribd-Unternehmen logo

HIPAA Omnibus Presentation

Compliancy Group
Compliancy Group
BildungBusinessTechnologie
1 von 15
855.85HIPAA   www.compliancygroup.com   Industry  leading  Education   Certified  Partner  Program     •  Please  ask  questions   •  Todays  slides  are  available     http://compliancy-­‐group.com/slides023/     •  Past  webinars  and  recordings   http://compliancy-­‐group.com/webinar/    
HIPAA New Final Omnibus Rule: “Key Business Associate Implications for Your Organization”  
Your Presenter © HIPAA Continuity Planners 2013 A.J. (Andy) Weitzberg President of HIPAA Continuity Planners President of the Association of Contingency Planners Long Island Chapter
© HIPAA Continuity Planners 2013 History •  Health Insurance Portability and Accountability Act (HIPAA)of 1996 •  The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 •  Omnibus Rule of 2013
© HIPAA Continuity Planners 2013 Omnibus Rule conforms HIPAA regulations to HITECH Act changes: – Before HITECH, BAs regulated through business associate contracts or agreements ("BAAs") – After HITECH, BAs and subcontractors are now regulated directly under HIPAA, therefore they: Must comply with Security Rules Must comply with some of Privacy Rule and provisions of BAA
By the Numbers 2009 through 2012* •  538 breaches of protected health information (PHI) –  21,408,505 patient health records affected •  21.5% increase in # of large breaches in 2012 over 2011 –  77% decrease in # of patient records impacted •  67% of all breaches have been the result of theft or loss •  57% of all patient records breached involved a business associate •  Business associates have impacted 5 X times as many patient records as those at a covered entity •  38% of incidents were as a result of an unencrypted laptop or other portable electronic device •  63.9% percent of total records breached in 2012 resulted from the 5 largest incidents •  780,000 number of records breached in the single largest incident of 2012 *These numbers include breaches that affected >500 individuals and were reported to HHS from August 2009 to January 17, 2013. © HIPAA Continuity Planners 2013
© HIPAA Continuity Planners 2013 "Business associate”: one who, on behalf of a covered entity creates, receives, maintains or transmits PHI* •  Status as BA based upon role and responsibilities, not upon who are the parties to the contract •  Contract between the covered entity's BA and that BA's subcontractor must satisfy the BA agreement requirements Subcontractor of business associate: one who creates, receives, maintains or transmits PHI* on behalf of a business associate *Personal Health Information Expanded definition of “Business Associates”
© HIPAA Continuity Planners 2013 Business Associate - Consequences Secretary (HHS) authorized to receive and investigate complaints against BAs (including subcontractors), and to take action regarding complaints and noncompliance BAs (incl. subs) required to maintain records and submit compliance reports to Secretary, cooperate in complaint investigations and compliance reviews, give Secretary access to information BAs (incl. subs) forbidden to intimidate, discriminate against, etc. those who make complaints, cooperate with regulators or oppose unlawful actions BAs (incl. subcontractors) subject to civil money penalties for HIPAA violations BA/Subs remain liable under contract to Covered Entity and BA
How do these updates affect your Business As a “Business Associate” you have HIPAA/ HITECH Compliance Requirements: 1. A Written Risk Analysis 2. A Written Continuity Plan 3. A Documented Security Practices and Procedures 4. An Incident Response Plan (Breach Response) 5. A Record Disposal Procedure for Electronic Media and Paper Records 6. Employee Training Program 7. Termination Procedures 8. Documentation and Logs © HIPAA Continuity Planners 2013
Definition of a Breach The final rule also changes the risk analysis requirements for determining when a breach has occurred. Previously, a risk of harm threshold was considered in determining whether a breach had occurred. The Office of Civil Rights (OCR) changes in the final rule create almost a presumption of a “breach,” which will seemingly make it more likely that a business will be required to notify those individuals whose personal health information has been affected, HHS and possibly the media. © HIPAA Continuity Planners 2013
© HIPAA Continuity Planners 2013 Penalties for Your non-Compliance CATEGORIES OF VIOLATIONS AND RESPECTIVE PENALTY AMOUNTS AVAILABLE Violation Category Section 1176(a)(1) Each Violation All such violations of an identical provision in a calendar year (A) Did Not Know $100 to Max $50,000 $1,500,000 (B) Reasonable Cause $1,000 to Max $50,000 $1,500,000 (C)(i) Willful Neglect-Corrected $10,000 to Max $50,000 $1,500,000 (C)(ii) Willful Neglect-Not Corrected $50,000 $1,500,000
HITRUST* now has several of its members that will require business associates to follow the framework and document compliance with it. © HIPAA Continuity Planners 2013 *The Health Information Trust Alliance, or HITRUST, in collaboration with healthcare, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. The most widely adopted security control framework in the U.S. healthcare industry, the CSF includes a prescriptive set of controls and supporting requirements that clearly define how organizations meet the objectives of the framework
Are you a “Business Associate”? Illustration of the types of firms that are now considered “Business Associates” •  IT Support and Software Vendors •  IT Equipment Vendors •  Leasing firms •  Telephone CPE Vendors •  Shredding Vendors •  Data Centers •  Cloud Computing Providers •  Answering Services for Medical Offices •  Medical Billing Services •  Medical Transcriptions Services •  Medical Collection Agencies •  Temporary Employment Agencies © HIPAA Continuity Planners 2013
© HIPAA Continuity Planners 2013 Questions A.J. (Andy) Weitzberg President HIPAA Continuity Planners Email: AJ@HIPAACP.COM 1.800.654.2041 Toll Free 1.631.654.4001 Office 1.516.641.4001 Mobile
Free  Demo  and  60  Day  Evaluation   www.compliancy-­‐group.com     HIPAA  Hotline       855.85HIPAA   855.854.4722     HIPAA  Compliance     HITECH  Attestation     Omnibus  Rule  Ready     Meaningful  Use  core  measure  15  

Empfohlen

Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinarHipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
HIPAA Continuity Plannaers
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines
Aegify Inc.
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
GuardEra Access Solutions, Inc.
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2
complianceonline123
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014
Samantha Haas
 
HIPAA Program Administration
HIPAA Program AdministrationHIPAA Program Administration
HIPAA Program Administration
AudioEducator
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare Guide
Wirehead Technology
 

Empfohlen

Hipaa omnibus presentation webinar
Hipaa omnibus presentation webinarHipaa omnibus presentation webinar
Hipaa omnibus presentation webinar
HIPAA Continuity Plannaers
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines
Aegify Inc.
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
GuardEra Access Solutions, Inc.
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
Compliance planning for hipaa 2
Compliance planning for hipaa 2Compliance planning for hipaa 2
Compliance planning for hipaa 2
complianceonline123
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014
Samantha Haas
 
HIPAA Program Administration
HIPAA Program AdministrationHIPAA Program Administration
HIPAA Program Administration
AudioEducator
 
HIPAA Basic Healthcare Guide
HIPAA Basic Healthcare GuideHIPAA Basic Healthcare Guide
HIPAA Basic Healthcare Guide
Wirehead Technology
 
HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_Draft
Kevin Jenkins
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
Carbonite
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunelle
sjbusnpa
 
Cyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector PlanCyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector Plan
sarahb171
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
wardell henley
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rule
mihinpr
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0
profit10
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
Lorianne Sainsbury-Wong
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
Prince George
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
resourceone
 
Hipaa
HipaaHipaa
Hipaa
complianceonline123
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
SecurityMetrics
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
Compliancy Group
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
Redspin, Inc.
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
JNicholson
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
gppcpa
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus Demystified
Aegify Inc.
 
HIPAA Training (2017)
HIPAA Training (2017) HIPAA Training (2017)
HIPAA Training (2017)
Arete-Zoe, LLC
 
HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business Associates
Jose Ivan Delgado, Ph.D.
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
Manas Deep
 
HuntShire
HuntShire HuntShire
HuntShire
Shankar Ganapathy
 
Health Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of PrivacyHealth Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of Privacy
Compliancy Group
 

Weitere ähnliche Inhalte

Was ist angesagt?

HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_Draft
Kevin Jenkins
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunelle
sjbusnpa
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0
profit10
 

Was ist angesagt? (20)

HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_Draft
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunelle
 
Cyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector PlanCyber Liability Coverage - Optometric Protector Plan
Cyber Liability Coverage - Optometric Protector Plan
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rule
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Hipaa
HipaaHipaa
Hipaa
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus Demystified
 
HIPAA Training (2017)
HIPAA Training (2017) HIPAA Training (2017)
HIPAA Training (2017)
 
HIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business AssociatesHIPAA Omnibus Rule for Business Associates
HIPAA Omnibus Rule for Business Associates
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 

Andere mochten auch

Building & Maintaining HIPAA-Compliant Applications in AWS
Building & Maintaining HIPAA-Compliant Applications in AWSBuilding & Maintaining HIPAA-Compliant Applications in AWS
Building & Maintaining HIPAA-Compliant Applications in AWS
Control Group
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy
Amazon Web Services
 

Andere mochten auch (6)

HuntShire
HuntShire HuntShire
HuntShire
 
Health Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of PrivacyHealth Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of Privacy
 
Building & Maintaining HIPAA-Compliant Applications in AWS
Building & Maintaining HIPAA-Compliant Applications in AWSBuilding & Maintaining HIPAA-Compliant Applications in AWS
Building & Maintaining HIPAA-Compliant Applications in AWS
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy
 
Locating Unmanaged but Regulated Data on System z: CA Data Content Discovery
Locating Unmanaged but Regulated Data on System z: CA Data Content DiscoveryLocating Unmanaged but Regulated Data on System z: CA Data Content Discovery
Locating Unmanaged but Regulated Data on System z: CA Data Content Discovery
 

Ähnlich wie HIPAA Omnibus Presentation

HIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and DangersHIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and Dangers
Conference Panel
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
Colin Zick
 

Ähnlich wie HIPAA Omnibus Presentation (20)

HIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and DangersHIPAA Business Associate Compliance and Dangers
HIPAA Business Associate Compliance and Dangers
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
HiPAA info
HiPAA infoHiPAA info
HiPAA info
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and training
 
Who Is A HIPAA Business Associate ?
Who Is A HIPAA Business Associate ?Who Is A HIPAA Business Associate ?
Who Is A HIPAA Business Associate ?
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
 
PanoMed HIPAA Omnibus Compendium
PanoMed HIPAA Omnibus CompendiumPanoMed HIPAA Omnibus Compendium
PanoMed HIPAA Omnibus Compendium
 
On ramp hipaa-omnibus-presentation
On ramp hipaa-omnibus-presentationOn ramp hipaa-omnibus-presentation
On ramp hipaa-omnibus-presentation
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
HNI U: HIPAA Essentials
HNI U: HIPAA EssentialsHNI U: HIPAA Essentials
HNI U: HIPAA Essentials
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 
Privacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxPrivacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptx
 
An Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfAn Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdf
 
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matte...
 

Mehr von Compliancy Group

HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
Compliancy Group
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...
Compliancy Group
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
Compliancy Group
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
Compliancy Group
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA Audit
Compliancy Group
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
Compliancy Group
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperability
Compliancy Group
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for Auditing
Compliancy Group
 

Mehr von Compliancy Group (20)

HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 audits
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practice
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA Audit
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
 
Meaningful Use vs HIPAA
Meaningful Use vs HIPAAMeaningful Use vs HIPAA
Meaningful Use vs HIPAA
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperability
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for Auditing
 
Business Associate and HIPAA Comliance Infographic
Business Associate and HIPAA Comliance InfographicBusiness Associate and HIPAA Comliance Infographic
Business Associate and HIPAA Comliance Infographic
 
Surving a HIPAA Audit Infographic
Surving a HIPAA Audit InfographicSurving a HIPAA Audit Infographic
Surving a HIPAA Audit Infographic
 
Cyber & Privacy Risk Infographic
Cyber & Privacy Risk InfographicCyber & Privacy Risk Infographic
Cyber & Privacy Risk Infographic
 

Kürzlich hochgeladen

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 

HIPAA Omnibus Presentation

  • 1. 855.85HIPAA   www.compliancygroup.com   Industry  leading  Education   Certified  Partner  Program     •  Please  ask  questions   •  Todays  slides  are  available     http://compliancy-­‐group.com/slides023/     •  Past  webinars  and  recordings   http://compliancy-­‐group.com/webinar/    
  • 2. HIPAA New Final Omnibus Rule: “Key Business Associate Implications for Your Organization”  
  • 3. Your Presenter © HIPAA Continuity Planners 2013 A.J. (Andy) Weitzberg President of HIPAA Continuity Planners President of the Association of Contingency Planners Long Island Chapter
  • 4. © HIPAA Continuity Planners 2013 History •  Health Insurance Portability and Accountability Act (HIPAA)of 1996 •  The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 •  Omnibus Rule of 2013
  • 5. © HIPAA Continuity Planners 2013 Omnibus Rule conforms HIPAA regulations to HITECH Act changes: – Before HITECH, BAs regulated through business associate contracts or agreements ("BAAs") – After HITECH, BAs and subcontractors are now regulated directly under HIPAA, therefore they: Must comply with Security Rules Must comply with some of Privacy Rule and provisions of BAA
  • 6. By the Numbers 2009 through 2012* •  538 breaches of protected health information (PHI) –  21,408,505 patient health records affected •  21.5% increase in # of large breaches in 2012 over 2011 –  77% decrease in # of patient records impacted •  67% of all breaches have been the result of theft or loss •  57% of all patient records breached involved a business associate •  Business associates have impacted 5 X times as many patient records as those at a covered entity •  38% of incidents were as a result of an unencrypted laptop or other portable electronic device •  63.9% percent of total records breached in 2012 resulted from the 5 largest incidents •  780,000 number of records breached in the single largest incident of 2012 *These numbers include breaches that affected >500 individuals and were reported to HHS from August 2009 to January 17, 2013. © HIPAA Continuity Planners 2013
  • 7. © HIPAA Continuity Planners 2013 "Business associate”: one who, on behalf of a covered entity creates, receives, maintains or transmits PHI* •  Status as BA based upon role and responsibilities, not upon who are the parties to the contract •  Contract between the covered entity's BA and that BA's subcontractor must satisfy the BA agreement requirements Subcontractor of business associate: one who creates, receives, maintains or transmits PHI* on behalf of a business associate *Personal Health Information Expanded definition of “Business Associates”
  • 8. © HIPAA Continuity Planners 2013 Business Associate - Consequences Secretary (HHS) authorized to receive and investigate complaints against BAs (including subcontractors), and to take action regarding complaints and noncompliance BAs (incl. subs) required to maintain records and submit compliance reports to Secretary, cooperate in complaint investigations and compliance reviews, give Secretary access to information BAs (incl. subs) forbidden to intimidate, discriminate against, etc. those who make complaints, cooperate with regulators or oppose unlawful actions BAs (incl. subcontractors) subject to civil money penalties for HIPAA violations BA/Subs remain liable under contract to Covered Entity and BA
  • 9. How do these updates affect your Business As a “Business Associate” you have HIPAA/ HITECH Compliance Requirements: 1. A Written Risk Analysis 2. A Written Continuity Plan 3. A Documented Security Practices and Procedures 4. An Incident Response Plan (Breach Response) 5. A Record Disposal Procedure for Electronic Media and Paper Records 6. Employee Training Program 7. Termination Procedures 8. Documentation and Logs © HIPAA Continuity Planners 2013
  • 10. Definition of a Breach The final rule also changes the risk analysis requirements for determining when a breach has occurred. Previously, a risk of harm threshold was considered in determining whether a breach had occurred. The Office of Civil Rights (OCR) changes in the final rule create almost a presumption of a “breach,” which will seemingly make it more likely that a business will be required to notify those individuals whose personal health information has been affected, HHS and possibly the media. © HIPAA Continuity Planners 2013
  • 11. © HIPAA Continuity Planners 2013 Penalties for Your non-Compliance CATEGORIES OF VIOLATIONS AND RESPECTIVE PENALTY AMOUNTS AVAILABLE Violation Category Section 1176(a)(1) Each Violation All such violations of an identical provision in a calendar year (A) Did Not Know $100 to Max $50,000 $1,500,000 (B) Reasonable Cause $1,000 to Max $50,000 $1,500,000 (C)(i) Willful Neglect-Corrected $10,000 to Max $50,000 $1,500,000 (C)(ii) Willful Neglect-Not Corrected $50,000 $1,500,000
  • 12. HITRUST* now has several of its members that will require business associates to follow the framework and document compliance with it. © HIPAA Continuity Planners 2013 *The Health Information Trust Alliance, or HITRUST, in collaboration with healthcare, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. The most widely adopted security control framework in the U.S. healthcare industry, the CSF includes a prescriptive set of controls and supporting requirements that clearly define how organizations meet the objectives of the framework
  • 13. Are you a “Business Associate”? Illustration of the types of firms that are now considered “Business Associates” •  IT Support and Software Vendors •  IT Equipment Vendors •  Leasing firms •  Telephone CPE Vendors •  Shredding Vendors •  Data Centers •  Cloud Computing Providers •  Answering Services for Medical Offices •  Medical Billing Services •  Medical Transcriptions Services •  Medical Collection Agencies •  Temporary Employment Agencies © HIPAA Continuity Planners 2013
  • 14. © HIPAA Continuity Planners 2013 Questions A.J. (Andy) Weitzberg President HIPAA Continuity Planners Email: AJ@HIPAACP.COM 1.800.654.2041 Toll Free 1.631.654.4001 Office 1.516.641.4001 Mobile
  • 15. Free  Demo  and  60  Day  Evaluation   www.compliancy-­‐group.com     HIPAA  Hotline       855.85HIPAA   855.854.4722     HIPAA  Compliance     HITECH  Attestation     Omnibus  Rule  Ready     Meaningful  Use  core  measure  15