From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Data file.technical drs.hipaa presentation may 2011
1. Notification of Breach
Release of Information Discussion
Presented By: Janine Akers from DataFile Technologies
Technical Doctor, Inc.
Connecting Technology & Professionals
2. About DataFile Technologies
•Privately Held Kansas City Company
•Work with Major EMRs
•National Partnership with Multiple Companies
Technical Doctor, Inc.
Connecting Technology & Professionals
3. Overview
• HITECH Act Changes to HIPAA
g
Notification of Breach
• Release of Information Best Practice
Resources
• How our eROI Services can work for
You.
Technical Doctor, Inc.
Connecting Technology & Professionals
4. Notification of Breach
Do we need
to notify a
patient?
Technical Doctor, Inc.
Connecting Technology & Professionals
5. HITECH Historical View
Brief History of HITECH Act
Subtitle D—13400’s Section
August 2009
1st Set of Proposed Rules for HIPAA Privacy
Privacy,
Security and Enforcement Rules
February 2010
F b
Above proposed rules are finalized
July 2010
Above final was recalled and 2nd set of
proposed rules were published
d l bli h d
Technical Doctor, Inc.
Connecting Technology & Professionals
6. HITECH Proposed Changes
Changes Proposed in Current Comment Period
Notice of Privacy Practices
Changes to definition of medical necessity
Immunization records & deceased records
Definitions of electronic media
Breaches – Guidance for Significant Risk
Technical Doctor, Inc.
Connecting Technology & Professionals
7. What is a Breach?
How does HITECH Act define a breach?
Was the protected health information secure?
Do one of the exclusions apply?
Is there a significant risk of financial,
reputational, or other harm to the individual?
Technical Doctor, Inc.
Connecting Technology & Professionals
8. The Exclusions
What are the exclusions provided by HITECH?
Workforce use
• Unintentional acquisition, access or use of PHI by a
workforce member if the PHI is not further used or
disclosed in a manner that violates the Privacy Rule
Workforce disclosure
• Unintentional disclosure of PHI by a workforce member to
another workforce member if the PHI is not further used or
disclosed in a manner that violates the Privacy Rule
No way to retain the information
• Unauthorized di l
U th i d disclosure t which th CE or BA h a good
to hi h the has d
faith belief that the unauthorized person to whom the PHI is
disclosed would not reasonably have been able to retain
info.
Technical Doctor, Inc.
Connecting Technology & Professionals
9. Guidance for Significant Risk
What guidance is provided by HITECH?
Covered Entity to Covered Entity
• Inadvertent disclosure of PHI from one covered entity or BA
y
employee to another similarly situated covered entity or BA
employee, provided that PHI is not further used or
disclosed in any manner that violates the Privacy Rule.
Immediate steps to mitigate
• Were immediate steps taken to mitigate the harm including
return or destruction of the information and a written
confidentiality agreement ?
Types of information included
• Was the information disclosed limited to the name of the
individual
indi id al or a limited data set?
Technical Doctor, Inc.
Connecting Technology & Professionals
10. Notification Components
What are the required notification components?
A description of what happened including the
date of breach and date of discovery y
A description of the types of PHI involved
Steps the individual should take to protect
themselves
Steps taken by the provider to investigate,
mitigate and protect against further disclosure
Contact information for questions including a
toll-free telephone number, email address,
website or postal address
b it t l dd
Technical Doctor, Inc.
Connecting Technology & Professionals
12. Penalties & Reporting
What are the penalties & reporting obligations?
Defined d
D fi d and enacted b k i F b
t d back in February 2009 i in
original ARRA/HITECH Act - HIPAA Section to
apply to both the Breach and the Notification
Nature of Violation Fine Per Violation Annual
Maximum
Unknowing $100 $25,000
Reasonable Cause $1,000 $100,000
Willful Neglect $10,000
$10 000 $250,000
$250 000
Willful Neglect Not $50,000 $1,500,000
Corrected
Technical Doctor, Inc.
Connecting Technology & Professionals
13. Reporting Reference
Records
Authorized Proactive approach for preventive
Date Patient Originated Incident How mistake happened Mistake discovered Mistake rectified and Notification
Recipient measures
from Clinic
After it has been brought to our
Starting with date and
attention that there has been an Starting with date and
name of employee
oversight, mistake, or HIPAA supervisor’s name, document
initiating report and
violation (regardless of how big or Starting with date and how we will use this occurrence
Patient Description of correcting the problem,
Medical small)‐ we will document, research resource, describe in to train the entire staff regarding
Date Name & Requestor the unique describe in detail actions
Practice and come to understand what detail how this mistake our best practice procedures to
p p
DOB occurrence. taken to correct the
t k t t th
happened and describe in detail how was discovered. prevent the possibility of a
problem and how patient
this occurred. Include date and similar occurrence happening
and covered entity were
employee names involved in the again.
notified.
communication trail.
Technical Doctor, Inc.
Connecting Technology & Professionals
14. Limit Your Liability
• Staff training
• Process
improvement
• Transfer the
liability
y
Technical Doctor, Inc.
Connecting Technology & Professionals
15. Why DataFile?
Improve customer service
Improve customer service
Mitigate risk
Offer rapid response
p p
Eliminate training expenses
Take fewer calls
Technical Doctor, Inc.
Connecting Technology & Professionals
22. The Brass Tacks
What is the cost for eROI services?
• T i ll
Typically… NONE
• The variables involved in eROI
include
– Specialty
– Number of Providers
– State
• Providers can maximize service while
eliminating costs with eROI services
Technical Doctor, Inc.
Connecting Technology & Professionals
23. Questions & Thank You
Janine B. Akers, MBA
DataFile Technologies, LLC
janine.akers@datafiletechnologies.com
816‐437‐9134
Technical Doctor, Inc.
Connecting Technology & Professionals