HIPAA_Omnibus_2013_Final (.ppt)

Report
SCHIE Mission
To improve the quality and efficiency of health care for all stakeholders
in the Santa Cruz community.
To deliver technology assistance, guidance and information on best
practices to providers with the goal of creating a healthcare delivery
system that offers a seamless, integrated experience for patients
and providers.
Provide services and tools to participating healthcare providers to
become meaningful users of EHRs connected to the Santa Cruz
Health Information Exchange.
These are foundational for Accountable Care, Clinical Integration,
Medical Home and surviving payment reform.
HIPAA Update Including the Omnibus 2013 Rule2013 Rule
Bill Beighe, CIO
August 29, 2013
This is not intended to
be legal advice
I am not a lawyer. You should consider having your lawyer
review any material related to HIPAA and California State
Health Laws.
HIPAA Omnibus 2013







Third Major Change to HIPAA
Part of the 2009 HITECH Act
Affects all Covered Entities and Business
Associates
Law published in 2011
Final in January 2013
Compliance due (in most cases) September 23,
2013
Tools and Links to Resources
HIPAA Training & Resources

HIPAA Training for Staff (Medscape / HHS)


HIPAA Training for Providers (Medscape / HHS)







http://www.medscape.org/viewarticle/781892
http://www.medscape.org/viewarticle/763251
HIPAA Checklist (SCHIE / PMG)
Security & Risk Assessment (CalOHII / CHHS)


http://www.medscape.org/viewarticle/762170?src=ocr
http://www.ohii.ca.gov/calohi/PrivacySecurity/ToolstoHelpYou/HIPAASec
urityToolkit.aspx
Business Associate Agreement (HHS / SCHIE)
Notice of Privacy Practices (HHS / CHHS / SCHIE)
Information Security Policy Template (NLC)
HHS Privacy Resource (HHS)

http://www.hhs.gov/ocr/privacy/index.html
Breach Notification Rule
HHS Resource Site
 http://www.hhs.gov/ocr/privacy/hipaa/administr
ative/breachnotificationrule/index.html
The links below can be found on the site above.
HIPAA Training for Providers
MEDSCAPE EDUCATION
TRACKER
http://www.medscape.org/multispecialty
Action Items For Privacy & Security
Officers

Start new place to store HIPAA 2013
Paper File, 3 Ring Binder, Computer folder, you decide.
 KEEP your old HIPAA Binder / documentation





Start (and complete) a new HIPAA 2013 Checklist
Perform a HIPAA Security & Risk Assessment
Verify Up-to-date policies and procedures
Training for everyone in your organization,
including physicians and other management staff
Checklist – 1-15 of 30 Questions
Presentation
Checklist Overview
Download the HIPAA 2013 Checklist, the HIPAA
2013 Business Associate Agreement and (by
9/1) the HIPAA 2013 Notice of Privacy Practices
from the SCHIE website at:
www.santacruzhie.org
Presentation slides are also available on the
website.
Coming up next
Meaningful Use Stage 2
Patient Engagement – Personal Health Record (PHR)

similar documents