Covered Entity Requirement to Ensure Business Associates & Their Vendors

Comply with HITECH

Accurate Data Partners, LLC

Everything Has Changed

What Identity Theft is and why it matters to you individually

Why a Covered Entity must oversee their Business Associates

Compliance with HITECH

Many New Requirements in addition to Business Associate

Contract Changes

How We Can Help

What we’ll cover the next few minutes

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

People make decisions about you, your clients and your employees that are based on more than the information in a Credit Report.

It is imperative that Personally Identifiable Information andNon-Public Information be as protected and as accurate as possible.

Drivers License

Medical FinancialSocial Security

Character/ Criminal

Five Common Identity Risks

Driving and Drivers License related issues (This does not require number, may be name, address and/or date of birth only.

People needing Medical Treatment elective or otherwise who cannot afford it.

Family Members using other family members Medical and other ID’s with and without permission.

Insurance Fraud (Medicare/Medicaid/Auto Wreck/Personal Injury/Homeowners/Life Insurance/etc.)

Financial Fraud of all types (Credit card comes to mind but understand the Secret Service says there is more money here than in the world wide drug trade.)

Illegal Immigrants -Millions and Millions of people using others identities in every way that we use our own. Understand competing and conflicting interests within your own practices. Many may be using others IDs unknowingly, business interests in need/necessity for low cost labor, many industries dependant on this labor (farming/construction/restaurant/hospitality/etc) Individuals needing low cost help. Many nationalities-Latvian, Eastern European, Chinese, Middle Eastern, Hispanic, etc.) Hispanic Americans and Legal Immigrants are 50% more likely to have their identity stolen than the rest of the population.

Criminal Identity Theft. Criminals using the Identities of others to commit crimes. Any information from Names, Addresses, Date of Birth, Drivers License, and/or Social Security number.

Malicious and Unintentional Entry of errant data

Why the DemandPotential Points of Misuse with Resulting Corruption of Records

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

™

Medical Identity & The DBYYour Name

1000’s of aggregatorsAcxiom, Choice Point,

LexisNexis, etc.Insurance Companies, Agencies and Agent’s

C.L.U.E. DBS, etc...

Physician's Data Bases

Medical Information Bureau Data Base

(MIB)

Blood Bank & Various Lab Data Bases

Drug Store & Pharmacy Data Bases

Employer’s Data Bases

Your Address1000’s of DBS

Hospital’s Various Data Bases

Center for Disease and Control (CDC)

USB Keys, CD/DVDs Thumb & Jump Drives

DHEC/State Health DeptLocal, State Federal

Health DBS

Billing and Collection DBS and Credit Repository

Computers

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

™

Your Name1000’s of aggregators

Your Fingerprints and DNAFBI, State, and Local DBS

Your Insurance ClaimsC.L.U.E. DBS, etc...

Your Military RecordDOD DBS

Your Criminal HistoryNCIC DBS

Your Real Estate DeedsClerks of Court DBS

Your Legal HistoryState and Federal Court DBS

Your Credit HistoryCredit Repositories’ DBS

Your Birth CertificateChoice Point DBS, State, etc …

Your Phone Number and Tracking Info 1000’s of aggregators

Your Social Security NumberSSA DBS and any you gave to

Your Address1000’s of DBS

Your Driver’s License # and Record – DMV DBS

Your Medical RecordsMIB DBS, etc …

Your Car Registration & InfoDMV, Local Treasurer, On Star, etc … DBS

The Web of The DataBased You

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

™Where the Laws Becomes Logical

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

Once the credit systems accept bad data it can be next to impossible to clear.

USA Today June 5, 2007

Medical identity theft can impair your health and finances… and detecting this isn’t easy… and remedying the damages can be difficult. WSJ Oct 11, 2007

Because it’s so overwhelming to CORRECT the victims’ records, it’s imperative for anyone who touches Medical Info to PROTECT the data.

Your Insurance ClaimsC.L.U.E. DBS, etc...

Your Social Security NumberSSA DBS and any you gave to Your Name

1000’s of aggregators

Your Address1000’s of DBS

Your Fingerprints and DNAFBI, State, and Local DBS

Your Driver’s License # and Record – DMV DBS

Your Military RecordDOD DBS

Your Criminal HistoryNCIC DBS

Your Real Estate DeedsClerks of Court DBS

Your Medical RecordsMIB DBS, etc …

Your Phone Number and Tracking Info 1000’s of aggregators

Your Car Registration & Info

Your Legal HistoryState and Federal Court DBS

Your Credit HistoryCredit Repositories’ DBS

Your Birth CertificateChoice Point DBS, State, etc

…

1The Secure Data Based You

– The Complete ApproachPatient/Employee

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

Protecting potential victims, your patients, and

yourself

Client

Data Security Laws,HIPAA, GLB & SC ID

Theft Law

Privacy Laws, HIPAA, HITECH; GLB & State Laws

HITECH, RFR, HIPAA, other State

& Federal Laws

Red Flags Rule (RFR) State Immigration Acts

FACTA – Document Destruction Rule – State Laws

1

Requires Businesses to Protect Personally Identifiable information

Reduces threat of thief gaining access to information which can be used to corrupt an

individuals records

Securing The Data Based You

Requires Businesses to Authenticate the Identity of Their Patients/Employees – Helps reduce the risk of

perpetuation of a crime against an innocent victim

Requires Businesses to Limit Access to and Keep Private Personally Identifiable Information -

Reduces access to information & protects individual’s privacy; Only allows permissible

access with permissible uses

Businesses must Destroy/Shred All Documents or Digital Media Containing PII or NPI upon Disposal - Reduces threat from loss & resulting misuse of PII or NPI which can be

used to steal someone’s identity

Businesses must Insure that they Share ,Sell, Give, Information with /to ONLY Those Vendors and Business Associates with these same measures in place. Reduces risk of individual becoming a victim througha 3rd Party Vendor with which the victim has no direct relationship

A Legal Safety Net for Identities

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied, sold or used in any form except for the business that has purchased the document for its own use.

These issues, although separated by the legislative process, are not so cleanly separated in our day to day practices.

Imagine someone stealing your patients or employees information from one of your Business Associates, their Subcontractors, Vendors or Agents and you must notify Victims and Government Agencies. What can you show

to prove you acted reasonably in overseeing and requiring compliance by those you entrusted with

Patient information

The Potential Cost to Covered Entity

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

Have your Business Associates employees even executed Confidentiality Docs and acknowledged training?Do Business Associates even have required written policies?Do you think a change in your Business Associate Contract accomplished what is required?

Covered Entities & Business Assoc. Developments

Covered Entities Must Ensure Compliance with HIPAA by Business Assoc., their Subcontractors & others

New Breach Notification requirements and enforcement HITECH & State Laws requiring Oversight not just

change in Business Contracts New Documentation required in multiple areas by Bus

Assoc. and their Subcontractors, Vendors & Agents New Training in Privacy and Security areas essential Encryption does not equal compliance and total solution Third party liability of Covered Entities for actions of

Business Associates & their AgentsCopyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

“you only need to worry about privacy and security laws and rules if you have customers or employees.” - Privacy & Security Law Report

Comprehensive approach

Online training for Business Associates

Online training for all employees of Business Associates,

Documentation package with templates for ISO, Breach

Notification Plan, RFR Policy (if desired), Sensitive Info Policy,

Data Transfer Tracking form and many other docs Bus. Assoc

and their Vendors will need to protect Covered Entity

Guidance on how to customize program

Competitive price model

Accurate Data Partners

Copyright Accurate Data Partners, LLC. All rights reserved. This document may not be shared, transferred, copied or sold in any form except for the business that has purchased the document for its own use.

THANK YOUFor additional information please contact:

www.accuratedatapartners.com