SlideShare uma empresa Scribd logo

CAHU EXPO Grove City, OH 2014

Jason Karn
Jason Karn

HIPAA Presentation for CAHU Expo in Columbus, OH.

EducaçãoEconomia e finançasNegócios
1 de 48
Baixar para ler offline
HIPAA  Privacy  and  Security  2.0  for     Health  Insurance  Agents  and  Brokers   Jason  Karn,  Director  of  IT   Total  HIPAA  Compliance,  LLC   jason@totalhipaa.com   www.twi?er.com/TotalHIPAA   800-­‐344-­‐6381  
Topics  for  Today   •  HIPAA  2.0   – Privacy   – Security   – Breach   – PenalNes   •  Marketplace  Privacy  Rules  
Types  of  Protected  Informa@on   NPPI  PHI  PII   PHI:  health  informaNon  about  a   person  in  a  health  insurance  plan   PII:  medical,  educaNonal,   financial,  and  employment   informaNon  about  a  person  in   connecNon  with  sale  of  product   in  Marketplaces  only   NPPI:  non-­‐public  informaNon   that  an  agent  has  about  a   potenNal  or  exisNng  insured,   regardless  of  line  of  coverage  
When  Did  the  New  HIPAA   Regula@ons  Go  Into  Effect?   Requirements  for  the  updated  2013  Omnibus   Rules  went  into  effect    September  23,  2013     Non  compliance  is  potenNally  very  expensive  
HIPAA    Compliance  is  Required  for:   •  Medical   –  Medicare  Supplement   –  Drug  Coverage   •  Dental   •  Vision   •  Long  Term  Care  Insurance   Only  selling  a  liNle  bit  of  these  insurances  nor  the  size   of  your  agency  exempts  you  
HIPAA  is  Not  Required  for:   •  Short-­‐term  and  long-­‐ term  disability     •  AD&D  (Accidental   Death  and   Dismemberment)   •  Life  insurance   •  Worker's  CompensaNon     •  Auto  medical  insurance   •  Fitness-­‐for-­‐duty  exams   (DOT  or  OSHA  exams)   •  Drug  tesNng   •  Work-­‐life  benefits  (on-­‐ site  clinics;  fitness   center)   •  Family  Medical  Leave   Act  (FMLA)   •  Americans  with   DisabiliNes  Act  (ADA)    
Best  Business  Prac@ces   If  you’re  coming  in  contact  with  Protected   Health  InformaNon  (PHI),  no  ma?er  what  type   of  insurance  you  are  selling,  you  should  be   trained!     •  In  order  to  share  informaNon  in  a  mulNline   agency   •  Reduces  potenNal  liability  
Key  HIPAA  Groups  
Changes  in  HIPAA  2.0?   •  Business  Associates’  Subcontractors  and  BAs  must   meet  the  same  requirements  as  Covered  EnNNes   •  Increases  in  fines  and  penalNes  for  breaches  of   health  informaNon   •  EncrypNon  required  for  all  Protected  Health   InformaNon  (PHI)  files  and  emails   •  Implement  new  Policies  and  Procedures  for   Security  and  Privacy   •  Staff  needs  to  be  trained  on  both  the  HIPAA  rules   and  your  Policies  and  Procedures    
HIPAA  Privacy  
HIPAA  Privacy  Regula@ons   General  Rule:   Covered  EnNNes,  their  Business  Associates  and   their  Subcontractors  may  not  use  or  disclose  an   individual's  Protected  Health  InformaNon  (PHI)   without  the  authorizaNon  of  the  individual   unless  specifically  required  or  allowed  by  the   privacy  regulaNon   Protects  PHI  in  ANY  form  (oral,  wri?en,   electronic)  
Protected  Health  Informa@on  (PHI)   •  Individually  idenNfiable  health  informaNon   that  can  be  linked  to  a  parNcular  person   •  Common  idenNfiers  linking  health  informaNon   to  a  person  include  names,  social  security   numbers,  addresses,  credit  card  numbers  and   birth  dates  
Protected  Health  Informa@on  (PHI)   Specifically,  PHI  informaNon  can  relate  to:   •  An  individual's  past,  present  or  future  physical   or  mental  health  condiNon   •  The  provision  of  health  care  to  the  individual   •  The  past,  present,  or  future  payment  for  the   provision  of  health  care  to  an  individual  
PermiNed  Uses  for  PHI   •  Treatment   •  Payment   •  Health  Care  OperaNons     – AudiNng,  credenNaling,  obtaining  reinsurance,  etc   •  Certain  Public  Policy  ExcepNons   •  All  other  uses  require  an  individual’s  wri?en   or  verbal  authorizaNon  
Subcontractors   2013  RegulaNons  expand  rules  to  include   Subcontractors   Why  so  important?   •  Your  agency  could  have  direct  liability  for   subcontractor’s  mistakes   •  Could  jeopardize  not  only  your  business   relaNonships  but  also  expose  you  to  penalNes  
Subcontractors   What  must  you  do?   – Have  them  sign  a  Subcontractor  Business   Associate  Agreement   – Ensure  they  train  their  employees,  and  implement   policies  and  procedures  concerning  HIPAA  Privacy   and  Security  
Subcontractors   If  your  Subcontractors  are  NOT  compliant,  this   could  be  a  liability  issue  for  your  agency.  In   accordance  with  the  Federal  Common  law  of   Agency,  it  is  now  YOUR  responsibility  to  make   sure  that  your  Subcontractors  are  implemenNng   and  following  HIPAA.    
HIPAA  Security  
Why  a  Security  Rule?   •  Important  with  increased  use  of  technology   for  data  transmission   – Emails   – Electronic  enrollments   – Storage  of  data     Electronic  informaNon  has  different  guidelines  for   handling  and  protecNng  
Descrip@on  of  the  Security  Rule   Requires  protecNons  for  electronic  Protected   Health  InformaNon  (ePHI)  in  three  ways:   •  ConfidenNality   –  ePHI  concealed  from  people  who  do  not  have  the   right  to  see  the  informaNon   •  Integrity   –  InformaNon  not  improperly  changed  or  deleted   •  Availability   –  InformaNon  can  be  accessed  whenever  it  is  needed  
Protect  the  Business   Do  a  Risk  Assessment:   •  Analysis  of  computer  systems   •  How  do  you  protect  paper  and  electronic  files   •  How  do  you  encrypt  documents  for  storage  and   transmission  (such  as  email)?     •  Password  protecNon,  and  Nme-­‐outs  on  ALL  electronic   devices   •  Have  you  encrypted  all  hard  drives  and/or  storage   devices?   •  How  are  you  backing  up  your  computers?  
Specific  Staff  Expecta@ons   •  Manage  passwords   –  Have  staff  members  choose  and  remember   –  Change  passwords  regularly   –  NoNfy  informaNon  security  officer  if  concerned  that   password  is  being  improperly  used  by  someone  else   •  IdenNfy  and  keep  out  malicious  solware   •  Use  workstaNons  properly     •  Know  sancNon  policies   •  Learn  and  follow  agency  Privacy  and  Security  Policies   and  Procedures  
Specific  Staff  Expecta@ons  Cont’d   •  Limit  use  of  external  devices  that  might  introduce   viruses  into  the  system:  CDs,  iPods,  USB  drives,  tablet   compuNng  device,  smart  phones   •  Establish  policies  on  use  of  personal  compuNng  devices   in  the  agency’s  network  (BYOD)   •  Restrict  family  members  or  friends  using  the   computers  in  off-­‐site  locaNons  that  could  introduce   viruses  and  expose  to  inadvertent  ePHI  disclosure   •  Implement  strict  controls  on  web  surfing  for  personal   enjoyment  or  downloading  free  programs  or  music   from  the  Internet  to  office  machines  
Breach  
What  Is  a  Breach?   PHI  that  has  been  accessed,  used,  acquired  or   disclosed  to  an  unauthorized  person  
Breach   These  rules  apply  to  PHI  in  any  format     •  ePHI  (electronic  PHI)   •  Paper   •  Oral  
Breach  occurs   InformaNon   Encrypted?   Yes:     No  Breach   No:    Presumed   Breach   Breach  Process  
Presumed  Breach   Wri?en  NoNce   Calls  (if   imminent   threat)   500  or  More   Affected?   Yes:  NoNfy   Media,  HHS   immediately   No:  NoNfy  HHS   annually   NoNce  on   Website  
When  There  Is  a  Breach   Any  impermissible  use  or  disclosure  of  PHI  is   presumed  to  be  a  breach,  unless…   29 One  can  demonstrate  that  there  is  a  low   probability  that  the  PHI  has  been   compromised      
Excep@ons   •  UnintenNonal  access  by  employees     •  Inadvertent  disclosure  of  PHI  from  one  covered   enNty  or  business  associate  employee  authorized   to  access  PHI  to  a  co-­‐employee  who  is  also   authorized  to  access  PHI     •  Unauthorized  access  to  PHI  by  a  third  party  who   cannot  reasonably  use  the  informaNon  in  its   current  format,  or  be  able  to  retain  the  disclosed   informaNon    
Breach  No@fica@on   NoNce  Requirements:   •  NoNfy  without  unreasonable  delay  and  at   least  within  60-­‐day  Nmeframe   •  This  starts  the  date  one  knew,  or  reasonably   should  have  known  about  the  breach  
Penal@es  
Enforcement  Results  for  2012  
Enforcement  Results  for  2013  
Recent  HIPAA  Fines   •  Stanford  Hospital  se?led  a  state  lawsuit  for  $4  Million  (March  2014)   –  The  business  associate  is  paying  $3.3  Million  of  the  se?lement     •  Triple  S-­‐Management  recently  was  fined  $6.8  Million   –  Mishandled  medical  records  for  70k  individuals(February  2014)   •  WellPoint  Agreed  to  Pay  HHS  $1.7  Million  to  Se?le  HIPAA  Case  (July   2013)   –  On-­‐line  database  lel  the  ePHI  of  612,402  individuals  unprotected   •  Shasta  Regional  Medical  Center  Se?les  Privacy  Breach  for  $275,000   (June  2013)   –  The  CEO  sent  an  email  to  800  Employees  disclosing  the  confidenNal   details  of  diabetes  paNents   •  Blue  Cross  Blue  Shield  Tennessee  Se?led  for  $1.5  million  (March   2012)   –  57  unencrypted  computer  hard  drives  were  stolen  with  ePHI  of  over  a   million  individuals  
Penal@es  from  Omnibus  Ruling   Viola@on  Category   1176(a)(1)     Each  Viola@on     Maximum  fine  for  an   iden@cal  viola@on  in  a   calendar  year     (A)  Did  Not  Know   $100-­‐$50,000   $1,500,000   (B)  Reasonable  Cause   $1,000-­‐$50,000   $1,500,000   (C)(i)  Willful  Neglect-­‐ Corrected   $10,000-­‐$50,000   $1,500,000   (C)(ii)  Willful  Neglect-­‐Not   Corrected   $50,000   $1,500,000  
Criminal Penalties Viola@on Penal@es Knowingly   obtaining  or   disclosing  PHI   $50,000  +  one  year  prison Offenses   conducted   under  false   pretenses Up  to  $100,000  +  5  years Intent  to  sell,     $  gain,  harm Up  to  $250,000  +  10  years
GLB  Penal@es   •  You  will  lose  your  license  to  pracNce   •  You  can  be  fined  up  to  $100,000  per  violaNon   •  Officers  and  directors  can  be  fined  up  to  $10,000  per   violaNon   •  Fines  will  be  doubled  If  GLB  is  violated  along  with   another  Federal  Law,  or  pa?ern  of  any  illegal  acNvity   involving  more  than  $100,000  within  a  12-­‐month   period,  he  or  she  can  be  imprisoned  for  up  to  10  years   •  Criminal  PenalNes  include  imprisonment  for  up  to  5   years,  a  fine,  or  both      
Marketplace  Privacy  Rules  
Marketplace  Privacy  Rules   One  of  the  big  surprises  in  the  agent/broker   training  for  the  Federally  Facilitated   Marketplace  (FFM)   •  New  obligaNons  to  protect  Personally   Iden@fiable  Informa@on  (PII)  within  the   marketplaces  
Personally  Iden@fiable  Informa@on(PII)   Any  informaNon  about  an  individual  maintained,  used,   transmi?ed  or  store  by  an  agent/broker  related  to   Marketplace  transacNons:   Any  informa@on  that  can  be   used  to  dis@nguish  or  trace  an   individual‘s  iden@ty     Examples:  name,  social  security   number,  date  and  place  of   birth,  mother‘s  maiden  name,   or  biometric  records   Any  other  informa@on  that  is   linked  or  linkable  to  an   individual     Examples:  medical,  educaNonal,   financial,  and  employment   informaNon  
How  Did  I  Get  Here?   If  you  have  completed  training  for  the  Federally-­‐ Facilitated  Marketplaces,  and  “signed”  the   Agreements…   •  You  agreed  to  protect  PII  that  you  obtain  in   the  course  of  selling  or  supporNng  individuals   who  purchase  through  the  Marketplaces  
What  exactly  did  I  agree  to  do?   Protect  any  PII  that  is:     •  Created,  collected,  disclosed,  accessed,  maintained,   stored,  and  used  to  perform  any  of  the  various   Marketplace  funcNons  within  the  FFM  such  as:   –  AssisNng  with  applicaNons  for  QHP  eligibility   –  SupporNng  QHP  selecNon  and  enrollment     –  AssisNng  with  plan  selecNon  and  plan  comparisons   –  Transmiwng  informaNon  about  decisions  regarding  QHP   enrollment   –  FacilitaNng  payment  of  the  iniNal  premium  amount  to   appropriate  QHP  
What  Exactly  Did  I  Agree  to  Do?   Provide  a  Privacy  NoNce  to  all  prospects  and   buyers  in  the  Marketplace   •  Similar  requirements  to  the  Privacy  NoNces   under  HIPAA  and  GLB  
What  Am  I  Required  to  Do?   •  Must  do  the  following:     –  If  you  have  a  website,  prominently  and  conspicuously  display   NoNce  of  Privacy  PracNces   –  Review  and  Revise  as  necessary  but  at  least  annually   •  Meet  data  quality  and  integrity  standards  for  PII   –  IdenNcal  to  requirements  within  HIPAA  Security   •  Breach  noNficaNon   –  Broadly  similar  to  HIPAA  Breach  rules  but…   –  Must  noNfy  CMS  if  there  is  a  breach  within  one  hour  of   becoming  aware  of  it   •  Telephone  at  (410)  786-­‐2580  or  1-­‐800-­‐562-­‐1963     •  Email  noNficaNon  at  cms_it_service_desk@cms.hhs.gov    
What  Are  the  Penal@es?   For  any  violaNon  of  PII  protecNons   – $25,000  per  person  per  violaNon     •  These  are  in  addiNon  to  HIPAA  and  GLB  PenalNes   – TerminaNon  of  your  authority  to  do  business   through  the  Marketplace  
QUESTIONS  
Jason  Karn,  Director  of  IT   Total  HIPAA  Compliance,  LLC   jason@totalhipaa.com   www.twi?er.com/TotalHIPAA   800-­‐344-­‐6381  

Recomendados

PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 

Recomendados

PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Audit Reality Webinar
Audit Reality WebinarAudit Reality Webinar
Audit Reality WebinarCompliancy Group
 
Ethical privacy and security issues
Ethical privacy and security issuesEthical privacy and security issues
Ethical privacy and security issuesMarcelo Augusto A. Cosgayon
 
HSCIC IG Training - The Beginners’ Guide To Information Governance
HSCIC IG Training - The Beginners’ Guide To Information GovernanceHSCIC IG Training - The Beginners’ Guide To Information Governance
HSCIC IG Training - The Beginners’ Guide To Information GovernanceLGT_IG_Department
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureThe Pathway Group
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereKelly Savage
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15Priya Harracksingh
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Return to office post covid 19
Return to office post covid 19Return to office post covid 19
Return to office post covid 19Denise Bailey
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceTodd Merrill
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hsslearfield
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
The Intersection of Social Media, HIPAA, and the Workplace
The Intersection of Social Media, HIPAA, and the WorkplaceThe Intersection of Social Media, HIPAA, and the Workplace
The Intersection of Social Media, HIPAA, and the WorkplacePolsinelli PC
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Benjamin Ang
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
El plagio
El plagioEl plagio
El plagioalexandraquiceno22
 
pdf Muhamed Amin 2015
pdf Muhamed Amin 2015pdf Muhamed Amin 2015
pdf Muhamed Amin 2015muhamed amin mokhtar
 

Mais conteúdo relacionado

Mais procurados

HSCIC IG Training - The Beginners’ Guide To Information Governance
HSCIC IG Training - The Beginners’ Guide To Information GovernanceHSCIC IG Training - The Beginners’ Guide To Information Governance
HSCIC IG Training - The Beginners’ Guide To Information GovernanceLGT_IG_Department
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureThe Pathway Group
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereKelly Savage
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15Priya Harracksingh
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Return to office post covid 19
Return to office post covid 19Return to office post covid 19
Return to office post covid 19Denise Bailey
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceTodd Merrill
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hsslearfield
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
The Intersection of Social Media, HIPAA, and the Workplace
The Intersection of Social Media, HIPAA, and the WorkplaceThe Intersection of Social Media, HIPAA, and the Workplace
The Intersection of Social Media, HIPAA, and the WorkplacePolsinelli PC
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Benjamin Ang
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 

Mais procurados (20)

Audit Reality Webinar
Audit Reality WebinarAudit Reality Webinar
Audit Reality Webinar
 
Ethical privacy and security issues
Ethical privacy and security issuesEthical privacy and security issues
Ethical privacy and security issues
 
HSCIC IG Training - The Beginners’ Guide To Information Governance
HSCIC IG Training - The Beginners’ Guide To Information GovernanceHSCIC IG Training - The Beginners’ Guide To Information Governance
HSCIC IG Training - The Beginners’ Guide To Information Governance
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and Blogosphere
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31
 
PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Return to office post covid 19
Return to office post covid 19Return to office post covid 19
Return to office post covid 19
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA compliance
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
The Intersection of Social Media, HIPAA, and the Workplace
The Intersection of Social Media, HIPAA, and the WorkplaceThe Intersection of Social Media, HIPAA, and the Workplace
The Intersection of Social Media, HIPAA, and the Workplace
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security Webinar
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 

Destaque

Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21sparky916
 
Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21sparky916
 
Smartboard presentation 4 activities final
Smartboard presentation 4 activities finalSmartboard presentation 4 activities final
Smartboard presentation 4 activities finalsparky916
 

Destaque (6)

El plagio
El plagioEl plagio
El plagio
 
pdf Muhamed Amin 2015
pdf Muhamed Amin 2015pdf Muhamed Amin 2015
pdf Muhamed Amin 2015
 
Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21
 
Acc
AccAcc
Acc
 
Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21Smartboard presentation 4 activities final21
Smartboard presentation 4 activities final21
 
Smartboard presentation 4 activities final
Smartboard presentation 4 activities finalSmartboard presentation 4 activities final
Smartboard presentation 4 activities final
 

Semelhante a CAHU EXPO Grove City, OH 2014

Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
MHA690 confidentiality training
MHA690 confidentiality trainingMHA690 confidentiality training
MHA690 confidentiality trainingsdavis49
 
Hipaa.ppt3
Hipaa.ppt3Hipaa.ppt3
Hipaa.ppt3akwei2
 
Hipaa.ppt5
Hipaa.ppt5Hipaa.ppt5
Hipaa.ppt5akwei2
 
Hipaa.ppt4
Hipaa.ppt4Hipaa.ppt4
Hipaa.ppt4akwei2
 
Hipaa.ppt6
Hipaa.ppt6Hipaa.ppt6
Hipaa.ppt6akwei2
 
Hipaa.ppt1
Hipaa.ppt1Hipaa.ppt1
Hipaa.ppt1akwei2
 
Hipaa.ppt2
Hipaa.ppt2Hipaa.ppt2
Hipaa.ppt2akwei2
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power pointchwiso8418
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitychwiso8418
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power pointchwiso8418
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?TriageLogic
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.comHcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.comejazmazhar
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa trainingGina Ruggiero
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.pptchwiso8418
 

Semelhante a CAHU EXPO Grove City, OH 2014 (20)

Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
HNI U: HIPAA Essentials
HNI U: HIPAA EssentialsHNI U: HIPAA Essentials
HNI U: HIPAA Essentials
 
MHA690 confidentiality training
MHA690 confidentiality trainingMHA690 confidentiality training
MHA690 confidentiality training
 
Hipaa.ppt3
Hipaa.ppt3Hipaa.ppt3
Hipaa.ppt3
 
Hipaa.ppt5
Hipaa.ppt5Hipaa.ppt5
Hipaa.ppt5
 
Hipaa.ppt4
Hipaa.ppt4Hipaa.ppt4
Hipaa.ppt4
 
Hipaa.ppt6
Hipaa.ppt6Hipaa.ppt6
Hipaa.ppt6
 
Hipaa.ppt1
Hipaa.ppt1Hipaa.ppt1
Hipaa.ppt1
 
Hipaa.ppt2
Hipaa.ppt2Hipaa.ppt2
Hipaa.ppt2
 
5 hipaa training
5 hipaa training5 hipaa training
5 hipaa training
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power point
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power point
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
5 hipaa training
5 hipaa training5 hipaa training
5 hipaa training
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility mode
 
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.comHcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa training
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.ppt
 

Último

Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 

Último (20)

Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 

CAHU EXPO Grove City, OH 2014

  • 1. HIPAA  Privacy  and  Security  2.0  for     Health  Insurance  Agents  and  Brokers   Jason  Karn,  Director  of  IT   Total  HIPAA  Compliance,  LLC   jason@totalhipaa.com   www.twi?er.com/TotalHIPAA   800-­‐344-­‐6381  
  • 2. Topics  for  Today   •  HIPAA  2.0   – Privacy   – Security   – Breach   – PenalNes   •  Marketplace  Privacy  Rules  
  • 3. Types  of  Protected  Informa@on   NPPI  PHI  PII   PHI:  health  informaNon  about  a   person  in  a  health  insurance  plan   PII:  medical,  educaNonal,   financial,  and  employment   informaNon  about  a  person  in   connecNon  with  sale  of  product   in  Marketplaces  only   NPPI:  non-­‐public  informaNon   that  an  agent  has  about  a   potenNal  or  exisNng  insured,   regardless  of  line  of  coverage  
  • 4. When  Did  the  New  HIPAA   Regula@ons  Go  Into  Effect?   Requirements  for  the  updated  2013  Omnibus   Rules  went  into  effect    September  23,  2013     Non  compliance  is  potenNally  very  expensive  
  • 5. HIPAA    Compliance  is  Required  for:   •  Medical   –  Medicare  Supplement   –  Drug  Coverage   •  Dental   •  Vision   •  Long  Term  Care  Insurance   Only  selling  a  liNle  bit  of  these  insurances  nor  the  size   of  your  agency  exempts  you  
  • 6. HIPAA  is  Not  Required  for:   •  Short-­‐term  and  long-­‐ term  disability     •  AD&D  (Accidental   Death  and   Dismemberment)   •  Life  insurance   •  Worker's  CompensaNon     •  Auto  medical  insurance   •  Fitness-­‐for-­‐duty  exams   (DOT  or  OSHA  exams)   •  Drug  tesNng   •  Work-­‐life  benefits  (on-­‐ site  clinics;  fitness   center)   •  Family  Medical  Leave   Act  (FMLA)   •  Americans  with   DisabiliNes  Act  (ADA)    
  • 7. Best  Business  Prac@ces   If  you’re  coming  in  contact  with  Protected   Health  InformaNon  (PHI),  no  ma?er  what  type   of  insurance  you  are  selling,  you  should  be   trained!     •  In  order  to  share  informaNon  in  a  mulNline   agency   •  Reduces  potenNal  liability  
  • 9. Changes  in  HIPAA  2.0?   •  Business  Associates’  Subcontractors  and  BAs  must   meet  the  same  requirements  as  Covered  EnNNes   •  Increases  in  fines  and  penalNes  for  breaches  of   health  informaNon   •  EncrypNon  required  for  all  Protected  Health   InformaNon  (PHI)  files  and  emails   •  Implement  new  Policies  and  Procedures  for   Security  and  Privacy   •  Staff  needs  to  be  trained  on  both  the  HIPAA  rules   and  your  Policies  and  Procedures    
  • 11. HIPAA  Privacy  Regula@ons   General  Rule:   Covered  EnNNes,  their  Business  Associates  and   their  Subcontractors  may  not  use  or  disclose  an   individual's  Protected  Health  InformaNon  (PHI)   without  the  authorizaNon  of  the  individual   unless  specifically  required  or  allowed  by  the   privacy  regulaNon   Protects  PHI  in  ANY  form  (oral,  wri?en,   electronic)  
  • 12. Protected  Health  Informa@on  (PHI)   •  Individually  idenNfiable  health  informaNon   that  can  be  linked  to  a  parNcular  person   •  Common  idenNfiers  linking  health  informaNon   to  a  person  include  names,  social  security   numbers,  addresses,  credit  card  numbers  and   birth  dates  
  • 13. Protected  Health  Informa@on  (PHI)   Specifically,  PHI  informaNon  can  relate  to:   •  An  individual's  past,  present  or  future  physical   or  mental  health  condiNon   •  The  provision  of  health  care  to  the  individual   •  The  past,  present,  or  future  payment  for  the   provision  of  health  care  to  an  individual  
  • 14. PermiNed  Uses  for  PHI   •  Treatment   •  Payment   •  Health  Care  OperaNons     – AudiNng,  credenNaling,  obtaining  reinsurance,  etc   •  Certain  Public  Policy  ExcepNons   •  All  other  uses  require  an  individual’s  wri?en   or  verbal  authorizaNon  
  • 15. Subcontractors   2013  RegulaNons  expand  rules  to  include   Subcontractors   Why  so  important?   •  Your  agency  could  have  direct  liability  for   subcontractor’s  mistakes   •  Could  jeopardize  not  only  your  business   relaNonships  but  also  expose  you  to  penalNes  
  • 16. Subcontractors   What  must  you  do?   – Have  them  sign  a  Subcontractor  Business   Associate  Agreement   – Ensure  they  train  their  employees,  and  implement   policies  and  procedures  concerning  HIPAA  Privacy   and  Security  
  • 17. Subcontractors   If  your  Subcontractors  are  NOT  compliant,  this   could  be  a  liability  issue  for  your  agency.  In   accordance  with  the  Federal  Common  law  of   Agency,  it  is  now  YOUR  responsibility  to  make   sure  that  your  Subcontractors  are  implemenNng   and  following  HIPAA.    
  • 19. Why  a  Security  Rule?   •  Important  with  increased  use  of  technology   for  data  transmission   – Emails   – Electronic  enrollments   – Storage  of  data     Electronic  informaNon  has  different  guidelines  for   handling  and  protecNng  
  • 20. Descrip@on  of  the  Security  Rule   Requires  protecNons  for  electronic  Protected   Health  InformaNon  (ePHI)  in  three  ways:   •  ConfidenNality   –  ePHI  concealed  from  people  who  do  not  have  the   right  to  see  the  informaNon   •  Integrity   –  InformaNon  not  improperly  changed  or  deleted   •  Availability   –  InformaNon  can  be  accessed  whenever  it  is  needed  
  • 21. Protect  the  Business   Do  a  Risk  Assessment:   •  Analysis  of  computer  systems   •  How  do  you  protect  paper  and  electronic  files   •  How  do  you  encrypt  documents  for  storage  and   transmission  (such  as  email)?     •  Password  protecNon,  and  Nme-­‐outs  on  ALL  electronic   devices   •  Have  you  encrypted  all  hard  drives  and/or  storage   devices?   •  How  are  you  backing  up  your  computers?  
  • 22. Specific  Staff  Expecta@ons   •  Manage  passwords   –  Have  staff  members  choose  and  remember   –  Change  passwords  regularly   –  NoNfy  informaNon  security  officer  if  concerned  that   password  is  being  improperly  used  by  someone  else   •  IdenNfy  and  keep  out  malicious  solware   •  Use  workstaNons  properly     •  Know  sancNon  policies   •  Learn  and  follow  agency  Privacy  and  Security  Policies   and  Procedures  
  • 23. Specific  Staff  Expecta@ons  Cont’d   •  Limit  use  of  external  devices  that  might  introduce   viruses  into  the  system:  CDs,  iPods,  USB  drives,  tablet   compuNng  device,  smart  phones   •  Establish  policies  on  use  of  personal  compuNng  devices   in  the  agency’s  network  (BYOD)   •  Restrict  family  members  or  friends  using  the   computers  in  off-­‐site  locaNons  that  could  introduce   viruses  and  expose  to  inadvertent  ePHI  disclosure   •  Implement  strict  controls  on  web  surfing  for  personal   enjoyment  or  downloading  free  programs  or  music   from  the  Internet  to  office  machines  
  • 25. What  Is  a  Breach?   PHI  that  has  been  accessed,  used,  acquired  or   disclosed  to  an  unauthorized  person  
  • 26. Breach   These  rules  apply  to  PHI  in  any  format     •  ePHI  (electronic  PHI)   •  Paper   •  Oral  
  • 27. Breach  occurs   InformaNon   Encrypted?   Yes:     No  Breach   No:    Presumed   Breach   Breach  Process  
  • 28. Presumed  Breach   Wri?en  NoNce   Calls  (if   imminent   threat)   500  or  More   Affected?   Yes:  NoNfy   Media,  HHS   immediately   No:  NoNfy  HHS   annually   NoNce  on   Website  
  • 29. When  There  Is  a  Breach   Any  impermissible  use  or  disclosure  of  PHI  is   presumed  to  be  a  breach,  unless…   29 One  can  demonstrate  that  there  is  a  low   probability  that  the  PHI  has  been   compromised      
  • 30. Excep@ons   •  UnintenNonal  access  by  employees     •  Inadvertent  disclosure  of  PHI  from  one  covered   enNty  or  business  associate  employee  authorized   to  access  PHI  to  a  co-­‐employee  who  is  also   authorized  to  access  PHI     •  Unauthorized  access  to  PHI  by  a  third  party  who   cannot  reasonably  use  the  informaNon  in  its   current  format,  or  be  able  to  retain  the  disclosed   informaNon    
  • 31. Breach  No@fica@on   NoNce  Requirements:   •  NoNfy  without  unreasonable  delay  and  at   least  within  60-­‐day  Nmeframe   •  This  starts  the  date  one  knew,  or  reasonably   should  have  known  about  the  breach  
  • 35. Recent  HIPAA  Fines   •  Stanford  Hospital  se?led  a  state  lawsuit  for  $4  Million  (March  2014)   –  The  business  associate  is  paying  $3.3  Million  of  the  se?lement     •  Triple  S-­‐Management  recently  was  fined  $6.8  Million   –  Mishandled  medical  records  for  70k  individuals(February  2014)   •  WellPoint  Agreed  to  Pay  HHS  $1.7  Million  to  Se?le  HIPAA  Case  (July   2013)   –  On-­‐line  database  lel  the  ePHI  of  612,402  individuals  unprotected   •  Shasta  Regional  Medical  Center  Se?les  Privacy  Breach  for  $275,000   (June  2013)   –  The  CEO  sent  an  email  to  800  Employees  disclosing  the  confidenNal   details  of  diabetes  paNents   •  Blue  Cross  Blue  Shield  Tennessee  Se?led  for  $1.5  million  (March   2012)   –  57  unencrypted  computer  hard  drives  were  stolen  with  ePHI  of  over  a   million  individuals  
  • 36. Penal@es  from  Omnibus  Ruling   Viola@on  Category   1176(a)(1)     Each  Viola@on     Maximum  fine  for  an   iden@cal  viola@on  in  a   calendar  year     (A)  Did  Not  Know   $100-­‐$50,000   $1,500,000   (B)  Reasonable  Cause   $1,000-­‐$50,000   $1,500,000   (C)(i)  Willful  Neglect-­‐ Corrected   $10,000-­‐$50,000   $1,500,000   (C)(ii)  Willful  Neglect-­‐Not   Corrected   $50,000   $1,500,000  
  • 37. Criminal Penalties Viola@on Penal@es Knowingly   obtaining  or   disclosing  PHI   $50,000  +  one  year  prison Offenses   conducted   under  false   pretenses Up  to  $100,000  +  5  years Intent  to  sell,     $  gain,  harm Up  to  $250,000  +  10  years
  • 38. GLB  Penal@es   •  You  will  lose  your  license  to  pracNce   •  You  can  be  fined  up  to  $100,000  per  violaNon   •  Officers  and  directors  can  be  fined  up  to  $10,000  per   violaNon   •  Fines  will  be  doubled  If  GLB  is  violated  along  with   another  Federal  Law,  or  pa?ern  of  any  illegal  acNvity   involving  more  than  $100,000  within  a  12-­‐month   period,  he  or  she  can  be  imprisoned  for  up  to  10  years   •  Criminal  PenalNes  include  imprisonment  for  up  to  5   years,  a  fine,  or  both      
  • 40. Marketplace  Privacy  Rules   One  of  the  big  surprises  in  the  agent/broker   training  for  the  Federally  Facilitated   Marketplace  (FFM)   •  New  obligaNons  to  protect  Personally   Iden@fiable  Informa@on  (PII)  within  the   marketplaces  
  • 41. Personally  Iden@fiable  Informa@on(PII)   Any  informaNon  about  an  individual  maintained,  used,   transmi?ed  or  store  by  an  agent/broker  related  to   Marketplace  transacNons:   Any  informa@on  that  can  be   used  to  dis@nguish  or  trace  an   individual‘s  iden@ty     Examples:  name,  social  security   number,  date  and  place  of   birth,  mother‘s  maiden  name,   or  biometric  records   Any  other  informa@on  that  is   linked  or  linkable  to  an   individual     Examples:  medical,  educaNonal,   financial,  and  employment   informaNon  
  • 42. How  Did  I  Get  Here?   If  you  have  completed  training  for  the  Federally-­‐ Facilitated  Marketplaces,  and  “signed”  the   Agreements…   •  You  agreed  to  protect  PII  that  you  obtain  in   the  course  of  selling  or  supporNng  individuals   who  purchase  through  the  Marketplaces  
  • 43. What  exactly  did  I  agree  to  do?   Protect  any  PII  that  is:     •  Created,  collected,  disclosed,  accessed,  maintained,   stored,  and  used  to  perform  any  of  the  various   Marketplace  funcNons  within  the  FFM  such  as:   –  AssisNng  with  applicaNons  for  QHP  eligibility   –  SupporNng  QHP  selecNon  and  enrollment     –  AssisNng  with  plan  selecNon  and  plan  comparisons   –  Transmiwng  informaNon  about  decisions  regarding  QHP   enrollment   –  FacilitaNng  payment  of  the  iniNal  premium  amount  to   appropriate  QHP  
  • 44. What  Exactly  Did  I  Agree  to  Do?   Provide  a  Privacy  NoNce  to  all  prospects  and   buyers  in  the  Marketplace   •  Similar  requirements  to  the  Privacy  NoNces   under  HIPAA  and  GLB  
  • 45. What  Am  I  Required  to  Do?   •  Must  do  the  following:     –  If  you  have  a  website,  prominently  and  conspicuously  display   NoNce  of  Privacy  PracNces   –  Review  and  Revise  as  necessary  but  at  least  annually   •  Meet  data  quality  and  integrity  standards  for  PII   –  IdenNcal  to  requirements  within  HIPAA  Security   •  Breach  noNficaNon   –  Broadly  similar  to  HIPAA  Breach  rules  but…   –  Must  noNfy  CMS  if  there  is  a  breach  within  one  hour  of   becoming  aware  of  it   •  Telephone  at  (410)  786-­‐2580  or  1-­‐800-­‐562-­‐1963     •  Email  noNficaNon  at  cms_it_service_desk@cms.hhs.gov    
  • 46. What  Are  the  Penal@es?   For  any  violaNon  of  PII  protecNons   – $25,000  per  person  per  violaNon     •  These  are  in  addiNon  to  HIPAA  and  GLB  PenalNes   – TerminaNon  of  your  authority  to  do  business   through  the  Marketplace  
  • 48. Jason  Karn,  Director  of  IT   Total  HIPAA  Compliance,  LLC   jason@totalhipaa.com   www.twi?er.com/TotalHIPAA   800-­‐344-­‐6381