1 / 8

Privacy Security Tiger Team: Update on Proposed HITECH Modifications to HIPAA Privacy Security Rules

2. Proposed HITECH HIPAA Modifications. Business associates include:HIO, E-RX Gateway, or other person that provides data transmission services with respect to PHI to a CE and requires access on a routine basis to such PHIPHR vendor acting on behalf of CESubcontractor that creates, receives, mai

hollis
Download Presentation

Privacy Security Tiger Team: Update on Proposed HITECH Modifications to HIPAA Privacy Security Rules

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Privacy & Security Tiger Team: Update on Proposed HITECH Modifications to HIPAA Privacy & Security Rules July 9, 2010 Adam Greene, J.D., M.P.H. HHS, Office for Civil Rights

    2. 2 Proposed HITECH HIPAA Modifications Business associates include: HIO, E-RX Gateway, or other person that provides data transmission services with respect to PHI to a CE and requires access on a routine basis to such PHI PHR vendor acting on behalf of CE Subcontractor that creates, receives, maintains, or transmits PHI on behalf of a BA

    3. 3 Proposed HITECH HIPAA Modifications Business associates Must comply with all requirements of Security Rule Only may use or disclose PHI as permitted by BA agreement or required by law May not use or disclose in violation of Privacy Rule Must provide e-Access to covered entity, individual, or individual’s designee

    4. 4 Proposed HITECH HIPAA Modifications Business associates Must enter into BA agreements with subBAs Must take corrective action if learn of subBA noncompliance Liable for violations by subBAs who are agents acting within scope of agency.

    5. 5 Proposed HITECH HIPAA Modifications CEs/BAs Authorization required for sale of PHI (even if use/disclosure is otherwise permissible), except: Public health, treatment, payment, sale of CE, BA activities on behalf of CE, to an individual, required by law, or Remuneration is reasonable, cost-based fee to cover the cost of preparation/transmittal (includes research)

    6. 6 Proposed HITECH HIPAA Modifications CEs/BAs Must provide e-access in the electronic form and format requested if readily producible, otherwise in a readable electronic form and format as agreed to by the CE and individual Must provide e-copy to designee, if request is in writing and clearly identifies designee and where to send e-copy May charge for labor and media (if e-copy provided on physical media)

    7. 7 Proposed HITECH HIPAA Modifications CEs/BAs Must agree to request to restrict disclosures to health plan if: For payment and health care operations and not otherwise required by law; and PHI relates to service for which individual (or 3rd party other than health plan) has paid covered entity in full.

    8. 8 Proposed HITECH HIPAA Modifications Other areas of proposed rule Marketing Fundraising Compound research authorizations Student immunization records Deceased individuals Enforcement Compliance deadlines and transition periods for BA agreements

More Related