Health Insurance Portability and Accountability Act

Business Associate

A business that provides services to a covered entity and may come into contact with private health information (phi)

The Payment Card Industry Data Security Standard (PCI DSS)

A compliance program managed by the credit card companies.

Procedures

Are steps needed to implement rules.

Office for Civil Rights

Civil enforcement of HIPAA is administered by?

Must report breaches no later than 60 calendar days after discovery. Should send written notification to each affected individual. Must also advertise the breach in the geographic areas where most likely affected. Must include a toll free number that remains active for at least 90 days.

Covered entities are required to notify impacted individuals without unreasonable delay when there is a breach. What must it include?

U.S. Department of Justice

Criminal enforcement of HIPAA is administered by?

Must be provided to major media outlet serving the relevant state or jurisdiction. Must contain all of the information as the written notice for less than 500 people and it must not be any later than 60 calendar days. Must also notify HHS

If a breach affects more than 500 individuals, how should they report this?

Criminal Penalties

Intentional use of health information for commercial or personal gain, or for harm. Includes fines and imprisonment for up to 10 years.

The Gramm-Leach-Billey Act (GLBA)

Requires financial institutes to protect identifiable financial data, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and social security numbers

The HIPAA Security Officer

Responsible for overseeing an organization's HIPAA compliance.

Policies

Rules

The Pilot Program.

Used to determine if particular areas of HIPAA compliance need increased attention and focus based on the percentage of audited entities that were deficient or non-compliant.

Lowering healthcare administration costs, providing individuals with control of their health information, and laying the groundwork for sharing health information between providers.

What are the goals of the Health Insurance Portability and Accountability Act (HIPAA)?

It provided funding incentives to encourage adoption of Electronic Health Record system for doctors.

What did the HITECH Act modify of HIPAA?

Confidentiality, Integrity, and Availability

What does CIA stand for? Part of HIPAA

Health Insurance Portability and Accountability Act

What does HIPAA stand for?

The Health Information Technology for Economic and Clinical Health Act

What does HITECH Act stand for?

Must describe the permitted and requires used of PHI by the business associate, provide that the business associate will not use or further disclose the PHI other than as permitted or required by the contract or by law, and require the business associate to use appropriate safeguards to prevent a use or disclosure of the PHI other than as provider for by the contract.

What must Business Associate Agreements (BAA) contain?

increased civil penalties, strengthened breach notification requirements, exempted breach notifications for encrypted data, requires business associates to comply with HIPAA like covered entities, and extended civil enforcement to include the Attorney General of each state.

What were the significant changes that the HITECH Act of 2009 made to HIPAA?

1996

When was the Health Insurance Portability and Accountability Act passed?

U.S. Department of Health and Human Services

Who is HIPAA administered by?

Breach

an impermissible use or disclosure of information that comprises the security or privacy of PHI

ePHI

any identifiable patient data that is either stored or transmitted in electronic form.

Notice of Privacy Practices (NPP)

describing how the organization will use patient records. Must also describe their duty to protect the confidentiality of the information, the pateints' rights to release or withhold information, how to file a complaint, and the organization's designated HIPAA security officer.

The Sarbanes-Oxley Act (SOX)

established new requirements and standards of accountability for boards, executives, and financial officers.

Security Rule

governs the confidentiality, integrity, and availability of electronic health information. Part of HIPAA

Privacy Rule

governs the use and disclosure of private health information. Part of HIPAA.

Civil Penalties

includes fines up to $1.5 million for the loss or release of information.

Electronic PHI

what does ePHI stand for?