HIPAA - PowerPoint PPT Presentation

1 / 15
About This Presentation



What should you be concerned with? HIPAA Breaches Breaches are classified as Low Risk Medium Risk High Risk Risk is defined as potential litigation, ... – PowerPoint PPT presentation

Number of Views:217
Avg rating:3.0/5.0
Slides: 16
Provided by: KimMo4
Tags: hipaa | hipaa


Transcript and Presenter's Notes

Title: HIPAA

  • Whats New?
  • 2010

  • Health Insurance Portability and Accountability
    Act of 1996
  • Administrative Simplification Subtitle
  • Privacy Rules
  • Electronic Data Sets
  • Security Rules
  • National Provider Identifiers
  • HI Tech Security Standards (ARRA Regulation)

Are we covered?
  • HHS is a Covered Entity
  • A Covered Entity is an organization
  • Provider
  • Health Plan
  • Clearing House
  • HHS providers are Business Associates
  • A business associate is an organization that
    provides any health related services

What Is ARRA?
  • American Recovery and Reinvestment Act of 2009
  • Required for Electronic Health Record Movement
  • Required for Healthcare Reform
  • Holds Business Associates to the complete set of
    HIPAA Regulations

HITECH Security Standards
  • Requires Business Associates to
  • Notify Covered Entity of Security Breaches
  • Latest HI Tech Security Survey shows
  • 50 percent organizations have experienced at
    least one data breach this year
  • 57 percent of the organizations reported that
    they now have a greater level of awareness of
    data breaches and breach risk and
  • 90 percent of the organizations plan to change
    policies and procedures to prevent and detect
    data breaches.

HITECH Security Standards
  • Breach Notification
  • Defines a breach
  • Sets Standard Timeframes for notification
  • 60 calendar days after discovery
  • Notification to individuals when their PHI is
  • Media Notification more than 500 patient records
  • Notice to Department Health and Human Services
  • Notice Letters to all involved

HITECH Security Standards
  • Expanded Restrictions on Accounting and
  • Business Associates are required to provide an
    individual upon request with an accounting of
    disclosures of the information in her electronic
    health record (EHR) over the last three years
  • Any organization bringing up an EMR/EHR in 2009
    will be required to be compliant by 2011

HITECH Security Standards
  • Prohibits sale of Patient Names without
  • Restricts marketing practices to
  • Free marketing if to communicate services within
    a program the individual is participating in OR
  • To describe healthcare options

HITECH Security Standards
  • Minimum Data Set
  • Limits the sharing of information to data sets
    that are de-identified
  • Requires the removal of Name, Address, Social
    Security Number and other key identifiers
  • This is in addition to the HIPAA Privacy Rule
    Minimum Necessary
  • Share only the minimum necessary amount of
    information so the next person can complete their
    work responsibilities

HITECH Security Standards
  • History of HIPAA Enforcement
  • 48,000 complaints received by Department of
    Health Human Services (HHS)
  • Vast majority resolved through voluntary
    compliance or corrective action
  • Handful of criminal prosecutions

Sanctions and Penalties
  • The original HIPAA regulations held Covered
    Entities to potential sanctions and criminal
    penalties for breaches
  • HITECH holds Business Associates to the same
    level of requirements as Covered Entities

Case Study Weve Lost Our Clients Data!
  • A business associate discovers a computer
    belonging to its employee is missing. The last
    time they remember seeing it was three months
  • Where do you start?
  • What should you be concerned with?

HIPAA Breaches
  • Breaches are classified as
  • Low Risk
  • Medium Risk
  • High Risk
  • Risk is defined as potential litigation,
    confidentiality breach or compliance liability to
    the organization

Breach Notification
  • Business Associates are required to notify HHS of
    any breaches for HHS program participants being
    managed by the provider along with what has been
    done to mitigate the risk.
  • HIPAA issues can be sent to the HIPAA Privacy
    Officer at CQI_at_hhshealthoptions.org or faxed to

  • Contact HHS via email CQI_at_hhshealthoptions.org or
  • call 616-954-1576
Write a Comment
User Comments (0)
About PowerShow.com