SlideShare uma empresa Scribd logo

Hipaa training in diversido

Transferir como PPTX, PDF
D
Diversido

by Yasmina Makh

Saúde
1 de 30
HIPAA Training 1
2 Every Diversido employee/contractor must know: 1. What is HIPAA 2. What information is protected by HIPAA 3. What violations of HIPAA can be 4. What sanctions will be applied to violators 5. What document must be signed under the HIPAA
HIPAA - 3 Health Insurance Portability and Accountability Act, a federal law of USA, 1996. HIPAA Definitions
4 Purpose of HIPAA: ● to modernize the flow of healthcare information, ● to protect from fraud and theft Personally Identifiable Information maintained by the healthcare and healthcare insurance industries, ● administrative simplification for electronic health care transactions - code sets, unique health identifiers. HIPAA includes HIPAA Privacy rule and HIPAA Security rule.
HIPAA Privacy rule 5 focuses on protections for PHI (Protected Health Information) from a people standpoint using training, contracts, policies and procedures, etc.
HIPAA Security rule 6 focuses on protections specifically for ePHI (electronic protected health information). It is a federal minimum floor of information technology standards and protections (firewalls, password policies, antivirus, encryption, etc.)
7 The Security rule applies only to ePHI, while the Privacy Rule applies to PHI which may be in electronic, oral, and paper form.
Personally Identifiable Information (PII) 8 any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources (name, fingerprints, email, telephone, social security number)
Protected Health Information (PHI) 9 Individually Identifiable Health Information that is transmitted and maintained in electronic media or in any other form or medium.
Individually Identifiable Health Information (IIHI) 10 information that is a subset of health information, including demographic information
11 Individually Identifiable Health Information (1/4) ● Contains identifiers of the patient, relatives, employers, or household members such as the following: ○ Names. ○ Geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code (except for the initial 3 digits of a zip code if, according to the current publicly available data from the Bureaus of the Census all zip codes with the same 3 initial digits contains more than 20,000 people) … next slide
12 Individually Identifiable Health Information (2/4) ○ All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, date of death, all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. ○ Telephone numbers. ○ Fax numbers. ○ Email addresses. ○ Social security numbers. ○ Medical record numbers. … next slide
13 Individually Identifiable Health Information (3/4) ○ Health plan beneficiary numbers. ○ Account numbers. ○ Certificate/license numbers. ○ Vehicle identifiers and serial numbers, including license plate numbers. ○ Device identifiers and serial numbers. ○ Biometric identifiers, including finger and voice prints. ○ Full face photographic images and any comparable images. ○ Any other unique identifying number, characteristic, or code.
14 Individually Identifiable Health Information (4/4) ● Is created or received by a health care provider, health plan, employer, or health care clearinghouse. ● Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. ● That identifies the individual. ● With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
15 Business Associate Agreement legal document under HIPAA legally attest to the client providing PHI that covered entity is HIPAA compliant and agrees to abide by HIPAA. After signing the contract, covered entity is under the legal fines and penalties of HIPAA.
HIPAA - funny training video 16
17 HIPAA in Diversido ● HIPAA Privacy Policy - Diversido: http://bit.ly/37XNLw6 ● HIPAA Security Policy - Diversido: http://bit.ly/2LiX0gA ● HIPAA Sanction Policy - Diversido: http://bit.ly/382Xrp2 ● HIPAA Compliance - Audit checklist: http://bit.ly/2Rgvd4c (is applicable to a project and a company)
18 HIPAA in Diversido The main principles of work with HIPAA covered projects: 1. Role-based access to PHI 2.Increased security requirements to production 3.Responsibility to report known HIPAA risks or violations
19 HIPAA in Diversido Recommendations for employees/ contractors: 1. Don’t copy any ePHI to the personal computer. 2. Use a password protection for personal computer access. 3. Don’t share Diversido testing devices with third parties. 4. Activate Windows Defender on personal computer (for Windows users). 5. Use Bitwarden for passwords management: http://bit.ly/2qeVrZN. 6. All access information must be removed from workstations after the work on the project completion. 7. Computer hard drives and device memory are recommended to be removed without the ability to recover information before selling or transferring their used workstations for recycling.
Offenses Gradation and Sanctions Application 20 According to HIPAA Sanction Policy in Diversido there are three levels of violations that require progressive sanctions to be applied. Depending on the seriousness of the violation, level 3 is the most serious.
21 Level 1: Unintentional breach caused by lack of knowledge, of judgment, human error or carelessness ● Accessing information that you do not need to know to do your job. ● Sharing PHI with another employee without authorization. ● Copying PHI without authorization. ● Changing PHI without authorization. ● Discussing confidential information in a public area or in an area where the public could overhear the conversation. ● Discussing confidential information with an unauthorized person. ● Leaving your computer unattended while you are logged into a PHI system. ● Failure to cooperate with the privacy officer. ● Misdirecting a document containing PHI (email, fax, etc).
22 Level 1: Sanctions may include, but are not limited to: ● Written and verbal reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how it impacts the said employee and said employee’s department. ● Retraining on the proper use of internal forms and HIPAA required forms.
23 Level 2: Deliberate or purposeful violation without harmful intent and effects ● The second offense of any level 1 offense (does not have to be the same offense). ● Sharing your personal access codes (username & password). ● Using another person’s personal access codes (username & password). ● Unauthorized use or disclosure of PHI to third parties. ● Failure to comply with policies and procedures already in place. ● Failure to comply with a team resolution or recommendation. ● Accessing the information of high profile people or celebrities.
24 Level 2: Sanctions may include, but are not limited to: ● Verbal and written reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how they impact the said employee/contractor and said department. ● Retraining on the proper use of internal forms and HIPAA required forms. ● Termination of employment.
25 Level 3: Deliberate unauthorized disclosure of PHI for malice or personal gain with harmful effects ● The third offense of any level 1 offense (does not have to be the same offense). ● The second offense of any level 2 offense (does not have to be the same offense). ● Obtaining PHI under false pretenses. ● Using and/or disclosing PHI for commercial advantage, personal gain or malicious harm. ● Deliberately destroying or altering records with intent of defrauding.
26 Level 3: Sanctions may include, but are not limited to: ● Termination of employment. ● A fine in the amount of monthly salary (non-payment of wages). ● Civil penalties as provided under HIPAA or other applicable. Federal/State/Local law; or, ● Criminal penalties as provided under HIPAA or other applicable Federal/State/Local law.
27 Criminal sanctions in Ukraine ● Unlawful collection, storage, use, destruction, dissemination of confidential information about a person or unlawful alteration of such information, except in cases provided by other articles of this Code, - ○ are punishable by a fine of five hundred to one thousand non-taxable minimum incomes, or correctional labor for a term up to two years, or arrest for a term up to six months, or restraint of liberty for a term up to three years. ● If the same actions are taken repeatedly, or if they caused significant harm to the rights, freedoms and interests of a person protected by law, - ○ are punishable by arrest for a term of three to six months, or restraint of liberty for a term of three to five years, or imprisonment for the same term. Note. Significant damage in this article, if it is to inflict material damages, is considered such damage, which is one hundred times more than the taxable minimum income of citizens: https://urist-ua.net/.
28 Criminal sanctions in the state of Delaware ● A person who wrongfully discloses individually identifiable health information to another person shall be subject to a fine up to $50,000 and/or imprisonment of up to 1 year. ● If the disclosure is committed under false pretenses, the penalties are increased to a fine of up to $100,000 and/or imprisonment up to 5 years. ● "If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm," a fine of up to $250,000 and/or imprisonment up to 10 years may be imposed. 42 U.S.C. § 1320d-6. Note. HIPAA's privacy provisions do not preempt Delaware state confidentiality laws; indeed, the HIPAA regulations will preempt only more lenient state privacy laws: http://www.potteranderson.com/newsroom- publications-115.html.
29 What next 1. Every new Diversido employee/ contractor will be trained for HIPAA Awareness. 2. All Diversido employees/ contractors will be retrained for HIPAA annually. 3. HIPAA covered projects must be audited for HIPAA compliance after every milestone completion.
30 Be good ;) Thank You!

Recomendados

JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009Raj Goel
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 

Recomendados

JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009JSD-RG HIPAA-EHR-BreachNotification Oct20-2009
JSD-RG HIPAA-EHR-BreachNotification Oct20-2009Raj Goel
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
Right to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideRight to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideOECD Governance
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...Charlie
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited
 
Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)sabrangsabrang
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.Nachman Phulwani Zimovcak (NPZ) Law Group, P.C.
 
Strategic roadmap
Strategic roadmapStrategic roadmap
Strategic roadmapnicfs
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13University of North Alabama - Academic Affairs
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 

Mais conteúdo relacionado

Mais procurados

Right to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideRight to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideOECD Governance
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...Charlie
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited
 
Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)sabrangsabrang
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
Strategic roadmap
Strategic roadmapStrategic roadmap
Strategic roadmapnicfs
 

Mais procurados (20)

The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
Right to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' GuideRight to Access Information in Tunisia: Citizens' Guide
Right to Access Information in Tunisia: Citizens' Guide
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31
 
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
State of Democracy and other Civil Liberties and Freedoms in Afghanistan sinc...
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperatives
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
 
Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)Nhrc petition up 27 dec2019 (CJP)
Nhrc petition up 27 dec2019 (CJP)
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.DHS Proposes Changes to the H-1B Visa Lottery Process.
DHS Proposes Changes to the H-1B Visa Lottery Process.
 
Strategic roadmap
Strategic roadmapStrategic roadmap
Strategic roadmap
 

Semelhante a Hipaa training in diversido

Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowNetwork 1 Consulting
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law TestSachiko Hurst
 
Into the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health PracticeInto the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health PracticeSpectrum Health System
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 
HIPAA presentation GAHU v7
HIPAA presentation GAHU v7HIPAA presentation GAHU v7
HIPAA presentation GAHU v7Jason Karn
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa trainingGina Ruggiero
 
Updated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy RuleUpdated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy RuleJames Pekarek
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
CHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptxCHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptxfarewelldump
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc
 

Semelhante a Hipaa training in diversido (20)

UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
 
Into the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health PracticeInto the Great Wide Open: Introduction to Telemental Health Practice
Into the Great Wide Open: Introduction to Telemental Health Practice
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility mode
 
HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ?
 
HIPAA presentation GAHU v7
HIPAA presentation GAHU v7HIPAA presentation GAHU v7
HIPAA presentation GAHU v7
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa training
 
Updated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy RuleUpdated modifications to the HIPAA Privacy Rule
Updated modifications to the HIPAA Privacy Rule
 
Patient privacy
Patient privacyPatient privacy
Patient privacy
 
Basic HIPAA Training by CMU
Basic HIPAA Training by CMUBasic HIPAA Training by CMU
Basic HIPAA Training by CMU
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
CHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptxCHINA PIP LAW ppt.pptx
CHINA PIP LAW ppt.pptx
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
 

Mais de Diversido

Introduction to material design
Introduction to material designIntroduction to material design
Introduction to material designDiversido
 
Documents and formatting
Documents and formattingDocuments and formatting
Documents and formattingDiversido
 
Essential soft skills
Essential soft skillsEssential soft skills
Essential soft skillsDiversido
 
Health and fitness frameworks
Health and fitness frameworksHealth and fitness frameworks
Health and fitness frameworksDiversido
 

Mais de Diversido (6)

Introduction to material design
Introduction to material designIntroduction to material design
Introduction to material design
 
Documents and formatting
Documents and formattingDocuments and formatting
Documents and formatting
 
How To VIM
How To VIMHow To VIM
How To VIM
 
Essential soft skills
Essential soft skillsEssential soft skills
Essential soft skills
 
Health and fitness frameworks
Health and fitness frameworksHealth and fitness frameworks
Health and fitness frameworks
 
Fiddler
FiddlerFiddler
Fiddler
 

Último

VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171Call Girls Service Gurgaon
 
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur RajasthanJaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthanindiancallgirl4rent
 
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅gragmanisha42
 
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In RaipurCall Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipurgragmanisha42
 
👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...
👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...
👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...Gfnyt
 
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetCall Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meetpriyashah722354
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...Call Girls Noida
 
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...indiancallgirl4rent
 
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetMangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Udaipur Call Girls 📲 9999965857 Call Girl in Udaipur
Udaipur Call Girls 📲 9999965857 Call Girl in UdaipurUdaipur Call Girls 📲 9999965857 Call Girl in Udaipur
Udaipur Call Girls 📲 9999965857 Call Girl in Udaipurseemahedar019
 
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...Niamh verma
 
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591adityaroy0215
 
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋Sheetaleventcompany
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012Call Girls Service Gurgaon
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591adityaroy0215
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetraisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetCall Girls Service
 
Call Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In Faridabad
Call Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In FaridabadCall Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In Faridabad
Call Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In Faridabadgragmanisha42
 
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetChandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meetpriyashah722354
 
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service availableCall Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service availablegragmanisha42
 

Último (20)

VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
 
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur RajasthanJaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
 
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅
 
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In RaipurCall Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
 
👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...
👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...
👯‍♀️@ Bangalore call girl 👯‍♀️@ Jaspreet Russian Call Girls Service in Bangal...
 
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetCall Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
 
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
(Sonam Bajaj) Call Girl in Jaipur- 09257276172 Escorts Service 50% Off with C...
 
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetMangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mangalore Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Udaipur Call Girls 📲 9999965857 Call Girl in Udaipur
Udaipur Call Girls 📲 9999965857 Call Girl in UdaipurUdaipur Call Girls 📲 9999965857 Call Girl in Udaipur
Udaipur Call Girls 📲 9999965857 Call Girl in Udaipur
 
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
Call Girls Service Chandigarh Gori WhatsApp ❤7710465962 VIP Call Girls Chandi...
 
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
 
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Kolkata Escort Service Call Girls, ₹5000 To 25K With AC💚😋
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
 
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetOzhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ozhukarai Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetraisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In Faridabad
Call Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In FaridabadCall Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In Faridabad
Call Girls Service Faridabad 📲 9999965857 ヅ10k NiGhT Call Girls In Faridabad
 
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real MeetChandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
Chandigarh Call Girls 👙 7001035870 👙 Genuine WhatsApp Number for Real Meet
 
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service availableCall Girl Raipur 📲 9999965857 whatsapp live cam sex service available
Call Girl Raipur 📲 9999965857 whatsapp live cam sex service available
 

Hipaa training in diversido

  • 2. 2 Every Diversido employee/contractor must know: 1. What is HIPAA 2. What information is protected by HIPAA 3. What violations of HIPAA can be 4. What sanctions will be applied to violators 5. What document must be signed under the HIPAA
  • 3. HIPAA - 3 Health Insurance Portability and Accountability Act, a federal law of USA, 1996. HIPAA Definitions
  • 4. 4 Purpose of HIPAA: ● to modernize the flow of healthcare information, ● to protect from fraud and theft Personally Identifiable Information maintained by the healthcare and healthcare insurance industries, ● administrative simplification for electronic health care transactions - code sets, unique health identifiers. HIPAA includes HIPAA Privacy rule and HIPAA Security rule.
  • 5. HIPAA Privacy rule 5 focuses on protections for PHI (Protected Health Information) from a people standpoint using training, contracts, policies and procedures, etc.
  • 6. HIPAA Security rule 6 focuses on protections specifically for ePHI (electronic protected health information). It is a federal minimum floor of information technology standards and protections (firewalls, password policies, antivirus, encryption, etc.)
  • 7. 7 The Security rule applies only to ePHI, while the Privacy Rule applies to PHI which may be in electronic, oral, and paper form.
  • 8. Personally Identifiable Information (PII) 8 any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources (name, fingerprints, email, telephone, social security number)
  • 9. Protected Health Information (PHI) 9 Individually Identifiable Health Information that is transmitted and maintained in electronic media or in any other form or medium.
  • 10. Individually Identifiable Health Information (IIHI) 10 information that is a subset of health information, including demographic information
  • 11. 11 Individually Identifiable Health Information (1/4) ● Contains identifiers of the patient, relatives, employers, or household members such as the following: ○ Names. ○ Geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code (except for the initial 3 digits of a zip code if, according to the current publicly available data from the Bureaus of the Census all zip codes with the same 3 initial digits contains more than 20,000 people) … next slide
  • 12. 12 Individually Identifiable Health Information (2/4) ○ All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, date of death, all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. ○ Telephone numbers. ○ Fax numbers. ○ Email addresses. ○ Social security numbers. ○ Medical record numbers. … next slide
  • 13. 13 Individually Identifiable Health Information (3/4) ○ Health plan beneficiary numbers. ○ Account numbers. ○ Certificate/license numbers. ○ Vehicle identifiers and serial numbers, including license plate numbers. ○ Device identifiers and serial numbers. ○ Biometric identifiers, including finger and voice prints. ○ Full face photographic images and any comparable images. ○ Any other unique identifying number, characteristic, or code.
  • 14. 14 Individually Identifiable Health Information (4/4) ● Is created or received by a health care provider, health plan, employer, or health care clearinghouse. ● Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. ● That identifies the individual. ● With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
  • 15. 15 Business Associate Agreement legal document under HIPAA legally attest to the client providing PHI that covered entity is HIPAA compliant and agrees to abide by HIPAA. After signing the contract, covered entity is under the legal fines and penalties of HIPAA.
  • 16. HIPAA - funny training video 16
  • 17. 17 HIPAA in Diversido ● HIPAA Privacy Policy - Diversido: http://bit.ly/37XNLw6 ● HIPAA Security Policy - Diversido: http://bit.ly/2LiX0gA ● HIPAA Sanction Policy - Diversido: http://bit.ly/382Xrp2 ● HIPAA Compliance - Audit checklist: http://bit.ly/2Rgvd4c (is applicable to a project and a company)
  • 18. 18 HIPAA in Diversido The main principles of work with HIPAA covered projects: 1. Role-based access to PHI 2.Increased security requirements to production 3.Responsibility to report known HIPAA risks or violations
  • 19. 19 HIPAA in Diversido Recommendations for employees/ contractors: 1. Don’t copy any ePHI to the personal computer. 2. Use a password protection for personal computer access. 3. Don’t share Diversido testing devices with third parties. 4. Activate Windows Defender on personal computer (for Windows users). 5. Use Bitwarden for passwords management: http://bit.ly/2qeVrZN. 6. All access information must be removed from workstations after the work on the project completion. 7. Computer hard drives and device memory are recommended to be removed without the ability to recover information before selling or transferring their used workstations for recycling.
  • 20. Offenses Gradation and Sanctions Application 20 According to HIPAA Sanction Policy in Diversido there are three levels of violations that require progressive sanctions to be applied. Depending on the seriousness of the violation, level 3 is the most serious.
  • 21. 21 Level 1: Unintentional breach caused by lack of knowledge, of judgment, human error or carelessness ● Accessing information that you do not need to know to do your job. ● Sharing PHI with another employee without authorization. ● Copying PHI without authorization. ● Changing PHI without authorization. ● Discussing confidential information in a public area or in an area where the public could overhear the conversation. ● Discussing confidential information with an unauthorized person. ● Leaving your computer unattended while you are logged into a PHI system. ● Failure to cooperate with the privacy officer. ● Misdirecting a document containing PHI (email, fax, etc).
  • 22. 22 Level 1: Sanctions may include, but are not limited to: ● Written and verbal reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how it impacts the said employee and said employee’s department. ● Retraining on the proper use of internal forms and HIPAA required forms.
  • 23. 23 Level 2: Deliberate or purposeful violation without harmful intent and effects ● The second offense of any level 1 offense (does not have to be the same offense). ● Sharing your personal access codes (username & password). ● Using another person’s personal access codes (username & password). ● Unauthorized use or disclosure of PHI to third parties. ● Failure to comply with policies and procedures already in place. ● Failure to comply with a team resolution or recommendation. ● Accessing the information of high profile people or celebrities.
  • 24. 24 Level 2: Sanctions may include, but are not limited to: ● Verbal and written reprimand. ● Retraining on HIPAA Awareness. ● Retraining on Diversido HIPAA Privacy and Security Policies and how they impact the said employee/contractor and said department. ● Retraining on the proper use of internal forms and HIPAA required forms. ● Termination of employment.
  • 25. 25 Level 3: Deliberate unauthorized disclosure of PHI for malice or personal gain with harmful effects ● The third offense of any level 1 offense (does not have to be the same offense). ● The second offense of any level 2 offense (does not have to be the same offense). ● Obtaining PHI under false pretenses. ● Using and/or disclosing PHI for commercial advantage, personal gain or malicious harm. ● Deliberately destroying or altering records with intent of defrauding.
  • 26. 26 Level 3: Sanctions may include, but are not limited to: ● Termination of employment. ● A fine in the amount of monthly salary (non-payment of wages). ● Civil penalties as provided under HIPAA or other applicable. Federal/State/Local law; or, ● Criminal penalties as provided under HIPAA or other applicable Federal/State/Local law.
  • 27. 27 Criminal sanctions in Ukraine ● Unlawful collection, storage, use, destruction, dissemination of confidential information about a person or unlawful alteration of such information, except in cases provided by other articles of this Code, - ○ are punishable by a fine of five hundred to one thousand non-taxable minimum incomes, or correctional labor for a term up to two years, or arrest for a term up to six months, or restraint of liberty for a term up to three years. ● If the same actions are taken repeatedly, or if they caused significant harm to the rights, freedoms and interests of a person protected by law, - ○ are punishable by arrest for a term of three to six months, or restraint of liberty for a term of three to five years, or imprisonment for the same term. Note. Significant damage in this article, if it is to inflict material damages, is considered such damage, which is one hundred times more than the taxable minimum income of citizens: https://urist-ua.net/.
  • 28. 28 Criminal sanctions in the state of Delaware ● A person who wrongfully discloses individually identifiable health information to another person shall be subject to a fine up to $50,000 and/or imprisonment of up to 1 year. ● If the disclosure is committed under false pretenses, the penalties are increased to a fine of up to $100,000 and/or imprisonment up to 5 years. ● "If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm," a fine of up to $250,000 and/or imprisonment up to 10 years may be imposed. 42 U.S.C. § 1320d-6. Note. HIPAA's privacy provisions do not preempt Delaware state confidentiality laws; indeed, the HIPAA regulations will preempt only more lenient state privacy laws: http://www.potteranderson.com/newsroom- publications-115.html.
  • 29. 29 What next 1. Every new Diversido employee/ contractor will be trained for HIPAA Awareness. 2. All Diversido employees/ contractors will be retrained for HIPAA annually. 3. HIPAA covered projects must be audited for HIPAA compliance after every milestone completion.