Upload
spencerallen
View
262
Download
3
Embed Size (px)
DESCRIPTION
HITECH Prsentation for covered entity
Citation preview
Covered Entity Requirement to Ensure Business Associates & Their Vendors
Comply with HITECH
Accurate Data Partners, LLC
Everything Has Changed
What Identity Theft is and why it matters to you individually
Why a Covered Entity must oversee their Business Associates
Compliance with HITECH
Many New Requirements in addition to Business Associate
Contract Changes
How We Can Help
What we’ll cover the next few minutes
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
People make decisions about you, your clients and your employees that are based on more than the information in a Credit Report.
It is imperative that Personally Identifiable Information andNon-Public Information be as protected and as accurate as possible.
Drivers License
Medical FinancialSocial Security
Character/ Criminal
Five Common Identity Risks
Driving and Drivers License related issues (This does not require number, may be name, address and/or date of birth only.
People needing Medical Treatment elective or otherwise who cannot afford it.
Family Members using other family members Medical and other ID’s with and without permission.
Insurance Fraud (Medicare/Medicaid/Auto Wreck/Personal Injury/Homeowners/Life Insurance/etc.)
Financial Fraud of all types (Credit card comes to mind but understand the Secret Service says there is more money here than in the world wide drug trade.)
Illegal Immigrants -Millions and Millions of people using others identities in every way that we use our own. Understand competing and conflicting interests within your own practices. Many may be using others IDs unknowingly, business interests in need/necessity for low cost labor, many industries dependant on this labor (farming/construction/restaurant/hospitality/etc) Individuals needing low cost help. Many nationalities-Latvian, Eastern European, Chinese, Middle Eastern, Hispanic, etc.) Hispanic Americans and Legal Immigrants are 50% more likely to have their identity stolen than the rest of the population.
Criminal Identity Theft. Criminals using the Identities of others to commit crimes. Any information from Names, Addresses, Date of Birth, Drivers License, and/or Social Security number.
Malicious and Unintentional Entry of errant data
Why the DemandPotential Points of Misuse with Resulting Corruption of Records
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
™
Medical Identity & The DBYYour Name
1000’s of aggregatorsAcxiom, Choice Point,
LexisNexis, etc.Insurance Companies, Agencies and Agent’s
C.L.U.E. DBS, etc...
Physician's Data Bases
Medical Information Bureau Data Base
(MIB)
Blood Bank & Various Lab Data Bases
Drug Store & Pharmacy Data Bases
Employer’s Data Bases
Your Address1000’s of DBS
Hospital’s Various Data Bases
Center for Disease and Control (CDC)
USB Keys, CD/DVDs Thumb & Jump Drives
DHEC/State Health DeptLocal, State Federal
Health DBS
Billing and Collection DBS and Credit Repository
Computers
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
™
Your Name1000’s of aggregators
Your Fingerprints and DNAFBI, State, and Local DBS
Your Insurance ClaimsC.L.U.E. DBS, etc...
Your Military RecordDOD DBS
Your Criminal HistoryNCIC DBS
Your Real Estate DeedsClerks of Court DBS
Your Legal HistoryState and Federal Court DBS
Your Credit HistoryCredit Repositories’ DBS
Your Birth CertificateChoice Point DBS, State, etc …
Your Phone Number and Tracking Info 1000’s of aggregators
Your Social Security NumberSSA DBS and any you gave to
Your Address1000’s of DBS
Your Driver’s License # and Record – DMV DBS
Your Medical RecordsMIB DBS, etc …
Your Car Registration & InfoDMV, Local Treasurer, On Star, etc … DBS
The Web of The DataBased You
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
™Where the Laws Becomes Logical
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
Once the credit systems accept bad data it can be next to impossible to clear.
USA Today June 5, 2007
Medical identity theft can impair your health and finances… and detecting this isn’t easy… and remedying the damages can be difficult. WSJ Oct 11, 2007
Because it’s so overwhelming to CORRECT the victims’ records, it’s imperative for anyone who touches Medical Info to PROTECT the data.
Your Insurance ClaimsC.L.U.E. DBS, etc...
Your Social Security NumberSSA DBS and any you gave to Your Name
1000’s of aggregators
Your Address1000’s of DBS
Your Fingerprints and DNAFBI, State, and Local DBS
Your Driver’s License # and Record – DMV DBS
Your Military RecordDOD DBS
Your Criminal HistoryNCIC DBS
Your Real Estate DeedsClerks of Court DBS
Your Medical RecordsMIB DBS, etc …
Your Phone Number and Tracking Info 1000’s of aggregators
Your Car Registration & Info
Your Legal HistoryState and Federal Court DBS
Your Credit HistoryCredit Repositories’ DBS
Your Birth CertificateChoice Point DBS, State, etc
…
1The Secure Data Based You
– The Complete ApproachPatient/Employee
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
Protecting potential victims, your patients, and
yourself
Client
Data Security Laws,HIPAA, GLB & SC ID
Theft Law
Privacy Laws, HIPAA, HITECH; GLB & State Laws
HITECH, RFR, HIPAA, other State
& Federal Laws
Red Flags Rule (RFR) State Immigration Acts
FACTA – Document Destruction Rule – State Laws
1
Requires Businesses to Protect Personally Identifiable information
Reduces threat of thief gaining access to information which can be used to corrupt an
individuals records
Securing The Data Based You
Requires Businesses to Authenticate the Identity of Their Patients/Employees – Helps reduce the risk of
perpetuation of a crime against an innocent victim
Requires Businesses to Limit Access to and Keep Private Personally Identifiable Information -
Reduces access to information & protects individual’s privacy; Only allows permissible
access with permissible uses
Businesses must Destroy/Shred All Documents or Digital Media Containing PII or NPI upon Disposal - Reduces threat from loss & resulting misuse of PII or NPI which can be
used to steal someone’s identity
Businesses must Insure that they Share ,Sell, Give, Information with /to ONLY Those Vendors and Business Associates with these same measures in place. Reduces risk of individual becoming a victim througha 3rd Party Vendor with which the victim has no direct relationship
A Legal Safety Net for Identities
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied, sold or used in any form except for the business that has purchased the document for its own use.
These issues, although separated by the legislative process, are not so cleanly separated in our day to day practices.
Imagine someone stealing your patients or employees information from one of your Business Associates, their Subcontractors, Vendors or Agents and you must notify Victims and Government Agencies. What can you show
to prove you acted reasonably in overseeing and requiring compliance by those you entrusted with
Patient information
The Potential Cost to Covered Entity
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
Have your Business Associates employees even executed Confidentiality Docs and acknowledged training?Do Business Associates even have required written policies?Do you think a change in your Business Associate Contract accomplished what is required?
Covered Entities & Business Assoc. Developments
Covered Entities Must Ensure Compliance with HIPAA by Business Assoc., their Subcontractors & others
New Breach Notification requirements and enforcement HITECH & State Laws requiring Oversight not just
change in Business Contracts New Documentation required in multiple areas by Bus
Assoc. and their Subcontractors, Vendors & Agents New Training in Privacy and Security areas essential Encryption does not equal compliance and total solution Third party liability of Covered Entities for actions of
Business Associates & their AgentsCopyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
“you only need to worry about privacy and security laws and rules if you have customers or employees.” - Privacy & Security Law Report
Comprehensive approach
Online training for Business Associates
Online training for all employees of Business Associates,
Documentation package with templates for ISO, Breach
Notification Plan, RFR Policy (if desired), Sensitive Info Policy,
Data Transfer Tracking form and many other docs Bus. Assoc
and their Vendors will need to protect Covered Entity
Guidance on how to customize program
Competitive price model
Accurate Data Partners
Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.
THANK YOUFor additional information please contact:
www.accuratedatapartners.com