AHS HIPAA Awareness Training - Vermont Department Of Health
AHS HIPAAAwareness Training*IMPORTANT Once finished with this training, please visit completion link on lastpage to receive credit.
Introduction*IMPORTANT Once finished with this training, please visit completion link on lastpage to receive credit.This Course is intended for all members of the AHS workforce, including AHS employees, interns,volunteers, and temporary employees of: AHS Central Office (AHS CO)Vermont Department of Health (VDH)Department of Mental Health (DMH)Department of Vermont Health Access (DVHA)Department for Children and Families (DCF)Department of Disabilities, Aging and Independent Living (DAIL)Department of Corrections (DOC)This course also is intended for members of AHS’ State of Vermont Business Associates’ workforceswhose work directly supports AHS, including employees, interns, volunteers, and temporary employeesof: Agency of Digital Service (ADS)We are professionals working together to serve individuals respectfully.
Course Index IntroductionLesson 1: HIPAA BasicsLesson 2: Privacy BasicsLesson 3: Standards and GuidelinesLesson 4: Notice of Privacy PracticesLesson 5: CommunicationsLesson 6: Security BasicsLesson 7: Complaints, Investigations & SanctionsTest your HIPAA KnowledgeCourse Completion NOTE: It will take most people between 30 minutes to one hour to completethis course.
How this course worksFor this training and for general reference you may wish to open and viewfrom the AHS HIPAA Site, the following:Glossary of HIPAA TermsAcronymsHIPAA Top Tips
What is the purpose of this course?The purpose of this course is to train the AHS workforce tokeep private and secure the health information of theindividuals we serve. Because of the very nature of our work,human services, we all come across sensitive information,even if "health information" is not our focus or responsibility.This course focuses on the federal Health InsurancePortability and Accountability Act of 1996, known as "HIPAA,"and its federal regulations, known as "the HIPAA Privacy Rule"and "the HIPAA Security Rule." This course is required by law.If you work for a department that regularly handles healthinformation, this electronic course may be accompanied bymore in-depth and job-specific HIPAA training.If you have questions about how HIPAA applies to your job duties, you can talk with yoursupervisor and/or HIPAA Departmental Liaisons. You can visit the AHS HIPAA Site to find moreresources, forms and links to HIPAA related information.
Why should you be concerned about the privacy andsecurity of health information?Almost daily, there are stories in the news aboutthe mistaken disclosure of personal information bystate agencies, non-profit organizations, or privatebusinesses.The individuals we serve trust us with highlypersonal information about themselves and theirfamilies. We must be deserving of their trust andkeep their information private. This is a basic tenetthat guides our work and ensures that we worktogether to serve individuals respectfully.
Examples of mistaken disclosures ofpersonal information:November 2019October 2019November 2019The Centers for Medicare & MedicaidServices (CMS) Office of Civil Rights (OCR)imposed a 1,600,000 civil money penaltyagainst the Texas Health and HumanServices Commission (TX HHSC), forviolations of the Health Insurance Portabilityand Accountability Act of 1996 (HIPAA)Privacy and Security Rules between 2013and 2017. (ePHI) of 6,617 individuals wasviewable over the internet, including names,addresses, social security numbers, andtreatment information. The breach occurredwhen an internal application was movedfrom a private, secure server to a publicserver and a flaw in the software codeallowed access to ePHI without accesscredentials.Elite Dental Associates, Dallas (“Elite”) has agreed topay 10,000 to the Office for Civil Rights (OCR) at theU.S. Department of Health and Human Services and toadopt a corrective action plan to settle potentialviolations of the Health Insurance Portability andAccountability Act (HIPAA) Privacy Rule. Elite is aprivately-owned dental practice located in Dallas,Texas, providing general, implant, and cosmeticdentistry. OCR’s investigation found that Elite hadimpermissibly disclosed the protected healthinformation (PHI) of multiple patients in response topatient reviews on the Elite Yelp review page.Additionally, Elite did not have a policy and procedureregarding disclosures of PHI to ensure that its socialmedia interactions protect the PHI of its patients or aNotice of Privacy Practices that complied with theHIPAA Privacy Rule.In an agreement with the Office for Civil Rights (OCR)at the U.S Department of Health and Human Services(HHS), Sentara Hospitals (Sentara) have agreed to takecorrective actions and pay 2.175 million to settlepotential violations of the Health Insurance Portabilityand Accountability Act (HIPAA) Breach Notification andPrivacy Rules. OCR’s investigation determined thatSentara mailed 577 patients’ PHI to wrong addressesthat included patient names, account numbers, anddates of services. Sentara reported this incident as abreach affecting 8 individuals, because Sentaraconcluded, incorrectly, that unless the disclosureincluded patient diagnosis, treatment information orother medical information, no reportable breach ofPHI had occurred. Sentara persisted in its refusal toproperly report the breach even after being explicitlyadvised of their duty to do so by OCR."Covered entities need to know who canaccess protected health information in theircustody at all times," said OCR DirectorRoger Severino. "No one should have toworry about their private health informationbeing discoverable through a Googlesearch."“Social media is not the place for providers to discuss apatient’s care,” said OCR Director, Roger Severino.“Doctors and dentists must think carefully aboutpatient privacy before responding to online reviews.”Recent enforcement action reported by OCR: A compliance depends on accurate and timelyself-reporting of breaches because patients and thepublic have a right to know when sensitive informationhas been exposed.” said Roger Severino, OCR Director.“When health care providers blatantly fail to reportbreaches as required by law, they should expectvigorous enforcement action by OCR.”
1HIPAA BASICSThis lesson addresses the importance of all members ofthe AHS workforce being respectful of the personal andconfidential information regarding the individuals weserve. This lesson introduces the federal law entitledHIPAA and provides an overview of other laws thatgovern privacy.
The goal of this lesson is to enable you to: Understand what HIPAA is. Understand the importance of being respectful of the personalinformation of the individuals we serve. Understand why AHS is required to comply with the HIPAA Privacy andSecurity Rules. Recognize that there are other laws, both state and federal, andagency rules that you need to review and comply with when doingyour work.
What isHIPAA?HIPAA stands for Health Insurance Portabilityand Accountability Act of 1996. It is a federallaw. The United States Congress enacted HIPAAto make sure that an individual's healthinformation is kept private and secure.All of AHS is considered a covered entity underHIPAA, which means that all members of theAHS workforce must have a basicunderstanding of this law.
What is Respectful Service?The individuals we serve trust us with highly personal information aboutthemselves and their families. As members of the AHS workforce, it is veryimportant that we keep this information confidential and that consumerstrust that we will do so.We may only share personal information when it is necessary for us toperform our jobs or in special situations which will be covered in thiscourse.
Why is AHS a “Covered Entity”under HIPAA?HIPAA covers three types of organizations:1.2.3.A health care provider such as a physician, dentist, pharmacist, orhospital when it provides health care and electronically transferspatient information.A health plan, organization or individual that pays for or authorizespayment for health care, such as Medicare and Medicaid programs,insurance companies and health management organizations.A health care clearinghouse or organization that facilitates theprocessing of health information such as transcription or billingservices.AHS is a coveredentity because AHSprovides health careand health carecoverage. Althoughnot every departmentand division providesdirect health servicesor payment for healthservices, the entireAgency is considered acovered entity.Therefore all membersof the AHS workforcemust comply withHIPAA.
What is the HIPAA Privacy Ruleand the HIPAA Security Rule?The HIPAA Privacy Rule and the HIPAA Security Rule are federal regulations that implementHIPAA. You need to understand how these rules affect your work and what you need to doto follow them.The HIPAA Privacy Rule relates to the ways we use and disclose all health information,whether the health information is in written, spoken, or electronic form. It createsminimum nationwide standards for making sure an individual's health information is keptprivate.The HIPAA Security Rule specifically applies to health information in electronic form. Itrelates to the ways we protect and control access to an individual's electronic healthinformation.
Do other federal and state lawsgovern privacy?In addition to HIPAA, there are a number of federal and state laws and agency rules thatgovern the way we must handle the personal information entrusted to us.Examples of these laws and rules are: AHS Consumer Information and Privacy Rule (AHS rule 08-048) establishes a basicpresumption of confidentiality of the information of those applying for and receivingservices from us. 18 VSA 1881 adopts HIPAA as the Vermont standard for confidentiality of protectedhealth information. 18 VSA 7103 regulates the disclosure of certain mental health records. 9 VSA Chapter 062 regulates the protection of personally identifiable information suchas Social Security numbers and financial information. 42 C.F.R. Part 2 applies to information about substance use disorder treatment.If you have questions regarding federal and state confidentiality laws that apply to yourwork, talk with your supervisor or an attorney for your department.
What is 42 CFR Part 2 and How Does itRelate to HIPAA?Part 2 refers to the federal law and regulation protecting the privacy of substance use disorder(SUD) treatment records. Part 2 protects records with patient-identifying information thatidentifies an individual as having sought, received, or applied for substance use disorder servicesfrom a Part 2 program.Part 2 is more protective of privacy than HIPAA in many ways, and when it is more protective,then Part 2 controls. For example, HIPAA allows sharing of health information for treatment,payment, or health care operations without the consent of the individual, but Part 2 does not andrequires consent to disclose the records. All SUD treatment records are protected by HIPAA, butthey are only covered also by Part 2 if they were created by a Part 2 program.Not every provider of SUD treatment meets the federal definition of a Part 2 program, so it maytake a specific analysis to determine whether HIPAA or Part 2 applies to the records.If you need to share, or are asked to share, SUD treatment records of someone receiving servicesfrom AHS for your work, talk with your supervisor or an attorney for your department to be sureyou know what laws apply to those records before sharing them.
What happens when other federal or statelaws are more protective of an individual'sprivacy than HIPAA?When Vermont or federal law is stricter thanHIPAA in protecting the privacy of anindividual's health information, we need tofollow the stricter law. That is to say, weneed to follow the law that affords moreprivacy protections for an individual’s healthinformation.For example, Part 2 is more protective ofprivacy for substance use disorder (SUD)treatment records than HIPAA in many ways.When working with SUD treatment records,always check the Part 2 requirements, inaddition to HIPAA.
Let’s Review Some ConceptsProtect PrivacyGovernsProtects AccessHIPAA is a federal law enacted toprotect the privacy of an individual'shealth information. Vermontadopted HIPAA as the standard forconfidentiality of protected healthinformation.The HIPAA Privacy Rule governshow we use and disclose thehealth information of theindividuals we serve.The HIPAA Security Rulegoverns how we protect andcontrol access to the electronichealth information of theindividuals we serve.ConfidentialAs members of the AHS workforcewe must keep the information aboutthe individuals we serve confidential.Other RulesThere are other federal andstate laws and rules thatprotect the privacy of protectedhealth information. If theselaws or rules protect the privacyof an individual's healthinformation even more thanHIPAA, we must follow them.When to ShareWe may share certaininformation when it isnecessary for us to perform ourjobs.
21PRIVACY BASICSThis lesson introduces the AHS HIPAA PrivacyStandards and Guidelines. The lesson examinesthe definition of "health information" underthese Standards and Guidelines.
The goal of this lesson is to enable you to: Understand the AHS HIPAA Privacy Standards and Guidelinesand how to access them. Identify what personal information of an individual we serveis "protected health information" under HIPAA.
What are the AHS Standards andGuidelines?The HIPAA Privacy Rule requires AHS to implement policies and procedures tosafeguard the privacy of the health information entrusted to us. AHS callsthese policies and procedures the "AHS HIPAA Privacy Standards andGuidelines." As members of the AHS workforce, we must know how theStandards and Guidelines apply to our work and how to follow them.Lesson 3 explains these Standards and Guidelines.Show me the AHS HIPAA Privacy Standards and Guidelines
What is health information?HIPAA defines “individually identifiable health information” as: Any information, whether oral or recorded in any form, that relates to the past,present or future physical or mental health or condition of an individual, theprovision of health care to an individual, or payment for the provision of healthcare to an individual; and is created or received by a health care provider, health plan, employer orhealth care clearinghouse; and that identifies the individual; or there is a reasonable basis to believe the information can be used to identifythe individual.The term “PHI,” stands for “protected health information.” PHI is individuallyidentifiable health information that is maintained or transmitted in electronic orany other form or medium.
Let’s Review Some ConceptsPolicies & ProceduresThe HIPAA Privacy Rule requires that AHSadopt policies and procedures to carryout the Privacy Rule. AHS calls thesepolicies and procedures the AHS HIPAAPrivacy Standards and Guidelines.Disclosing Health InformationThe Standards and Guidelines define "healthinformation" and dictate how AHS may use anddisclose health information of the individualswe serve.You are ResponsibleQuestions?As a member of the AHS workforce youare responsible for being familiar withthe Standards and Guidelines andfollowing them when you perform yourwork.If you do not understand how the Standardsand Guidelines apply to your work, it is yourresponsibility to talk with your supervisor.
31STANDARDS &GUIDELINESThis lesson focuses on four of the Standards andGuidelines that members of the AHS workforcewho use and disclose health information willencounter on a regular basis: MinimumNecessary, Authorization, Breach Reporting, andBusiness Associates.
The goal of this lesson is to enable you to: Understand how the Minimum Necessary Rule guides our use anddisclosure of health information. Understand when an authorization is necessary prior to disclosureof protected health information. Understand how to report a possible or actual violation of HIPAA. Understand the term Business Associate.
What is Minimum Necessary?The Minimum Necessary Rule requires that members ofthe AHS workforce make reasonable efforts to use,disclose or request only the minimum amount of healthinformation that is necessary to accomplish the purposeof the use, disclosure, or request. This rule does not applywhen the disclosure is to a health care provider for thepurpose of providing treatment, or when the use ordisclosure is authorized in writing by the individual.You should only use, disclose, or request healthinformation that you need to perform your job duties.
What is Authorization?An Authorization is a form that, in most instances, must be signed by an individualbefore AHS may disclose PHI about that individual.Authorization is required for sharing PHI with individuals and entities outside of AHS.Authorization may even be required, in certain circumstances, to share PHI withemployees in other departments and divisions within AHS.Ask your supervisor or HIPAA liaison where you can find authorization forms for yourprogram.Generally, authorizations are not required for AHS to use and disclose an individual'shealth information for purposes of treatment, payment, or health care operations;however, authorizations are required for use and disclosure if the information is SUDtreatment records under Part 2.
What is Breach Reporting?A breach occurs when a member of the AHS workforce improperlyaccesses, uses or discloses PHI. If you think you or a co-worker has notcomplied with HIPAA, then you must complete and submit aPrivacy/Security Event Report form as soon as possible. If you have anyquestions, you should talk with your supervisor or your division’s HIPAALiaison.If it is an emergency situation involving the disclosure of electronicprotected health information and/or the security of AHS computersystems, you must contact the AHS Security Officer immediately.The Privacy/Security Event Report Form is posted on the AHS internetpage here.
What is a Business Associate?A Business Associate is an individual or organization that performs a servicefor or on behalf of AHS which involves disclosure or use of protected healthinformation. Examples of services Business Associates provide for AHS areclaims processing, data analysis, and call center services. The Agency of DigitalServices is a Business Associate for the services they provide for AHS.An individual or organization that provides treatment services on behalf ofAHS is not a Business Associate.AHS must have a written agreement, called a Business Associate Agreement,with its Business Associates. By signing the Business Associate Agreement theindividual or organization agrees to comply with the terms of the HIPAAPrivacy and Security Rule when performing the services on behalf of AHS.
Individual AuthorizationLet’s Review Some ConceptsMinimum Necessary RuleThe Minimum Necessary Rule requires thatyou only use, disclose, or request healthinformation that you need to perform yourjob duties. In some cases, the MinimumNecessary Rule does not apply. Forexample, the rule does not apply when thedisclosure is to a health care provider forthe purpose of providing treatment to theindividual or when the use or disclosure isauthorized in writing by the individual.Generally, an individual’s Authorization is notrequired for treatment, payment of health careoperations but is required before an AHSemployee may disclose that individual’s PHI tosomeone else.Business Associate AgreementsAHS must have Business Associate Agreementswith those that perform services on its behalfwhich involve protected health information. Inthe agreement the individual or organizationwho will perform the service agrees to complywith the terms of the HIPAA Privacy andSecurity Rule.Reporting the BreachWhen you improperly access, use, or disclosean individual’s PHI, either intentionally orinadvertently, you must promptly report theBreach.
41NOTICE OF PRIVACYPRACTICESThis lesson examines the AHS Notice of PrivacyPractices (NPP).
The goal of this lesson is to enable, you to: Understand the NPP. Know when an individual we serve should receive a NPP.
What is the Notice of PrivacyPractices?HIPAA requires all covered entities to have a NPP that tells theindividuals they serve what will happen to health information theyshare with the covered entity.The AHS NPP tells the individuals we serve: How AHS or a specific program of AHS may use or disclose theirhealth information, What rights they have regarding their health information, and How they can complain if they believe AHS or a specific program ofAHS has violated those rights.
What disclosure of health information doesthe Notice of Privacy Practices allow?The NPP provides that AHS may use and disclose health information without anindividual's written permission regarding: Treatment, Payment for treatment, Health care operations, and Specific circumstances, allowed by HIPAA, including reports of child abuse,certain law enforcement purposes, and health oversight activities.
Example of disclosure for:Treatment Purposes:Payment Purposes:AHS discloses an individual'shealth information to theindividual's doctors to helpdetermine a course of care forthe individual.AHS receives health informationfrom the individual's doctor sothat it can pay the doctor fortheir services.Health Care Operations:AHS shares an individual'shealth information with acontractor who evaluates thecare and services that anindividual receives to ensurethat quality care wasprovided.
What rights do individuals haveregarding health information underNPP?The notice informs individuals of their rights with respect to their healthinformation such as: Reviewing their health information,Obtaining an accounting of disclosures of their health informationby AHS, andWritten notification in the event of a breach of their healthinformation.
Does the NPP include a process for filing a complaint if anindividual believes AHS has violated his/her rights?The NPP explains the process forfiling a complaint with the Agency ofHealth and Human Services, Office ofCivil Rights (OCR) if an individualbelieves AHS has violated his/herrights.
Who receives a Notice of Privacy Practices?1.2.Individuals who enroll for health planbenefits, such as Medicaid, Dr.Dynasaur, and WIC.Individuals who receive direct healthservices from AHS, such as childrenserved by the Children with SpecialHealth Needs program, patients at theVermont Psychiatric Care Hospital, andindividuals receiving chronic care casemanagement services.
AHS must give the Notice of Privacy Practices toindividuals at the time of enrollment in a healthplan, or at the time they receive direct healthservices.Show me The Notice of Privacy PracticesIn accordance with the AHS Standards for Translation of Vital Documents for Persons with Limited English Proficiency, theNPP has been translated into the following languages: Bosnian, Burmese, French, Nepali, Somali, Spanish, and Swahili
Let’s Review Some ConceptsAHS Notice of Privacy Practices(NPP)A NPP is a document that outlines how AHS,and its programs, may use or disclose anindividual’s health information, what rightsthe individual has regarding their healthinformation, and how the individual can filea complaint if he/she believes AHS, or itsprograms, violated the individual’s rights setforth in the AHS HIPAA Privacy Standardsand Guidelines.When do Individuals Receive NPPIndividuals receive an AHS NPP when:o An individual is enrolled in an AHS healthplan.o An individual is receiving direct health carefrom an AHS program.
51COMMUNICATIONSThis lesson explains the manner and methodsfor properly communicating protected healthinformation.
The Goal Of This Lesson is to Enable You To : Talk with your co-workers and external entities about healthinformation of the individuals we serve. Recognize how to properly use the phone, fax, and email tocommunicate this information.
May I talk about healthinformation with my co-workers?YesYes, when you need to talk about an individual's health information with coworkers, in most instances you may.When you need to discuss the PHI of an individual you must: Limit the discussion to the minimum amount of health information necessaryto do your job; Only discuss the health information in a private place; and. Never discuss health information in public places where it can be easilyoverheard by others, such as in the hallway or the cafeteria.
May I Communicate PHI ByPhone, Fax, Or Email?YesYou may communicate PHI by phone , fax or email AFTER confirming the privacy protectionand security of the communication method you plan to use to communicate the minimumamount of health information necessary to do your job. When you need to talk on the phone about an individual's health information in order toperform your job duties, you may. When you need to fax an individual's health information in order to perform your jobduties, you may. When you need to send an individual's health information by email in order to performyour job duties, you may.
May I Communicate PHI By TextMessaging?NoCurrently text messaging is not a secure means to comminate protected health information. Ifyou have questions about how to remotely communicate protected health information aspart of your job function contact your department’s IT staff.
How to Communicate PHIPhoneSpeak quietly and in as private a space as possible. Before communicating protected healthinformation, you must first verify the identity of the person you are talking with and his/herauthority to have access to the protected health information.FaxBefore you fax protected health information, you must verify the fax number of the person orentity to whom you are faxing. You must also confirm that you entered the recipient’s faxnumber correctly. If you do not know if the receiving fax is in a secure location, you must callthe intended recipient to notify them you are sending a fax.EmailProceed with extreme caution when doing so. Whenever you are sending protected healthinformation by email you must confirm that the addressee is the intended recipient. You mustalso confirm that you have not unintentionally selected the wrong recipient from the emailautocomplete function.
What Should I Do If I Have An AccidentalDisclosure?Accidental disclosures of protectedhealth information can occur whenyou use the phone, fax, or email.If you believe you have accidentallydisclosed protected healthinformation, you must contact yourDepartment’s HIPAA liaison andcomplete a HIPAA Privacy/SecurityEvent Report Form found on the AHSwebsite.
Let’s Review Some ConceptsWhen to Discuss PHIUse CautionYou may discuss protected health information withyour co-workers only when necessary to fulfill yourjob responsibilities. You must be careful about howand where you talk about this information.Use of email requires extreme caution due to theease with which mistakes can be made.How to Communicate PHIYou may communicate protected health informationby phone, fax and email. When you do communicateby these methods, you must ensure that theinformation is only communicated to the intendedrecipient and cannot be heard or seen by others.Text MessagingDo not communicate protected healthinformation via text message.
61SECURITY BASICSThis lesson examines the safety measures youmust take to keep electronic protected healthinformation secure.
The goal of this lesson is to enable you to: Maintain a safe computer workstation. Keep state electronic equipment safe and secure. Take precautions to protect against phishing, virusesand other malicious software. Protect your passwords. Securely send email. Protect documents that you print.
What safety measures should I take toprotect my computer workstation?We all must do our part toensure the confidentiality ofprotected electronic healthinformation. Our computerworkstations are access points toprotected electronic healthinformation.
If you have a computer workstation (or share a workstation with others), youmust follow these safety measures to protect your workstation:1. Do not store protected electronic health information on the harddrive (usually called the "C" drive) of your workstation unless youare authorized to do so.2. Do not download protected electronic health information ontounauthorized electronic storage devices.3. Position your computer screen so others cannot casually view it.4. Never allow someone else to use your username or password andnever use someone else's username or password.5. Lock or logoff from your workstation when you leave it unattended.
How do I keep state electronicequipment safe and secure?State issued electronic equipment may include laptops, tablets,and phones. It is very important to protect them from loss andtheft. When not using them, keep electronic devices locked upand out of sight. This is especially important when you areworking remotely and traveling. Do not allow anyone else,including coworkers, to use your electronic devices.If your state-issued electronic equipment is lost or stolenimmediately contact your supervisor or the AHS Privacy Officer atAHS.PrivacyAndSecurity@Vermont.gov
What precautions must I take to protect againstviruses and other malicious software?Malicious software or "malware" is usedas a catch-all term to refer to anysoftware that causes damage to a singlecomputer, server, or computer network.Malware might expose or alterconfidential information; delete orremove important files; disable your andother AHS network computers; emaileveryone in your email address book;and/or spread quickly to other machines.
You must take these precautions to protectagainst malware: Always follow AHS, and sta
HIPAA? HIPAA stands for . Health Insurance Portability and Accountability Act of 1996. It is a federal law. The United States Congress enacted HIPAA to make sure that an individual's health information is kept private and secure. All of AHS is considered a covered entity under HIPAA, which means that all members of the AHS workforce must have a .
Overview of HIPAA How Does HIPAA Impact EMS? HIPAA regulations affect how EMS person-nel use and transfer patient information HIPAA requires EMS agencies to appoint a “Compliance Officer” and create HIPAA policy for the organization to follow HIPAA mandates training for EMS personnel and administrative support staffFile Size: 229KB
Tel: 515-865-4591 email: Bob@training-hipaa.net HIPAA Compliance Template Suites Covered Entity HIPAA Compliance Tool (Less than 50 employees) . HIPAA SECURITY CONTINGENCY PLAN TEMPLATE SUITE Documents in HIPAA Contingency Plan Template Suite: . Business Impact Analysis Policy includes following sub document (12 pages) Business .
Tel: 515-865-4591 email: Bob@training-hipaa.net HIPAA Compliance Template Suites Covered Entity HIPAA Compliance Tool (Less than 50 employees) . HIPAA SECURITY CONTINGENCY PLAN TEMPLATE SUITE Documents in HIPAA Contingency Plan Template Suite: . Business Impact Analysis Policy includes following sub document (12 pages) Business Impact .
Chapter 1 - HIPAA Basics A-1: Discussing HIPAA fundamentals 1 Who's impacted by HIPAA? HIPAA impacts health plans, health care clearinghouses, and health care providers that send or receive, directly or indirectly, HIPAA-covered transactions. These entities have to meet the requirements of HIPAA.
What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996. HIPAA is a Federal Law. HIPAA is a response, by Congress, to healthcare reform. HIPAA affects the health care industry. HIPAA is mandatory.
Basics of HIPAA and HITECH 4 What exactly is HIPAA? 4 Covered entities v. business associates 5 The HIPAA Omnibus Rule 6 7 H C E T I H HIPAA Compliance Simplified 8 Five security-thought-leader tips for HIPAA Compliance 8 Three specific HIPAA tips you need to know post-omnibus 11 Checklist: How to Make Sure You're Compliant 13
Football 1st – AHS FR White vs Clear Brook / HOME – 4:30 pm 1st – AHS JV White @ Clear Brook / AWAY – 4:30 pm 1st – AHS FR Orange vs Clear Brook / HOME – 6:30 pm 1st – AHS JV Orange @ Clear Brook / AWAY – 6:30 2nd – AHS Varsity vs Clear Brook / HOME – 7:00 pm **** Senior
the risks of adventure travel. Adventure travel is supposed to be challenging. But regardless of your age, destination or chosen activity, your safety should be of paramount importance. BS 8848 sets standards to minimize the risks of adventure travel. Knowledge of the standard is important to anyone organizing, or taking part in, an overseas venture. 2 Hundreds of thousands of people take part .
