HIPAA Learning Module

Hipaa learning module l.jpg
1 / 24
1411 days ago, 444 views
PowerPoint PPT Presentation
Business Associate Agreements for HIPAA Privacy Regulations Compliance ... A Business Associate Agreement is: An understanding that the security regulations require all ...

Presentation Transcript

Slide 1

´╗┐The accompanying is an instructive Powerpoint presentation on the HIPAA guidelines and controls. Before finishing this module, you have to finish either the Basic, Health Professional or Research module. To explore through this module, utilize the bolts or snap "Slide Show" at base right, or tap on the titles in the list of chapters on the left. HIPAA Learning Module

Slide 2


Slide 3

A Business Associate (BA) is a: Person or association (merchant) that is not an individual from the University's workforce AND Performs or helps with the execution of University's operations or exercises including Protected Health Information (PHI) AND is a Vendor that agreements with the University for arrangement of administrations that are normally done by the supplier (e.g. UMHS, University Health Service) or an arrangement like MCARE Business Associates: Definition

Slide 4

A Business Associate Agreement is: An understanding that the security controls require all secured elements have with their sellers that give an administration to them including PHI Business Associate Agreements: Definition Business Associate Agreements: Definition

Slide 5

The due date to have all BA Agreements set up is: For all agreements with merchants that are BA's marked or changed after October 16 th , 2002, by April 14, 2003 All different contracts with sellers that are BA's (counting those that reestablish consequently) at the season of amendment or by April 14, 2004 (whichever is sooner) Business Associate Agreements: Deadlines

Slide 6

These are cases of merchants that are BA's : Technical merchants who have entry to PC frameworks or databases containing PHI Accreditation associations (JCAHO, NCQA, or ACGME and so forth.) Temporary organizations who put work force in zones where they may have admittance to PHI Records storerooms Lawyers, bookkeepers, advisors Other secured substances, not giving treatment Business Associates: Examples

Slide 7

Business Associate: Examples These are cases of Vendors that are not BA's : Vendors who just have accidental access to University PHI (e.g. janitorial organizations, proprietors) Other Covered Entities who get University PHI yet just for treatment purposes (different doctor's facilities, labs) Manufacturers or merchants who require PHI, yet just for FDA reporting purposes (unfavorable occasion reporting) Vendors who get just de-recognized data

Slide 8

The University must: Do fundamental due perseverance on a seller that is a BA to be sure it has important defends set up before it contracts with the merchant Provide our BA's with a duplicate of our Notice of Privacy Practice (NPP) and of our relevant arrangements and methods Have a BA Agreement that has particular terms that secures Protected Health Information (PHI) made or got by BAs on our behalf Business Associates: University Obligations

Slide 9

The University must tell the BA: If it needs to follow any assents or approval required under HIPAA Of any limitation(s) in our NPP that may influence BA's utilization or exposure of our PHI Of any change in, or repudiations of, consent by a person to utilize or unveil PHI, that we have consented to, if the progressions influence BA's utilization and revelation of PHI Of restriction(s) on the utilization or divulgence of PHI that we have consented to, in the event that they may influence the BA's utilization or exposure of PHI Business Associates: University Obligations

Slide 10

The University may ask for a BA: To just utilize or uncover PHI that is reasonable under the Privacy Rule Inform the University of any abuse of exposures of PHI infringing upon the Privacy run and to make any move important to moderate the exposure Business Associates: University Obligations, Cont'd.

Slide 11

The BA must: Report any utilization or divulgence of the PHI not permitted under the Agreement Ensure that any of the BA's specialists, subcontractors, and so forth consent to similar limitations and conditions contained in our Agreement Make accessible to Health and Human Services inside practices, books and records identifying with the utilization and exposure of PHI got from, or made or got by them for our benefit Business Associates: BA Obligations

Slide 12

The BA Must Also: Provide access to PHI in an assigned record set kept up by the BA at the University's ask for and in the time a way assigned by the University Document revelations made without an approval (e.g., for research, law authorization purposes, certain general wellbeing purposes) Provide a bookkeeping to the University or to the person, in a period and way assigned by the University to allow us to react to a demand by a person for a bookkeeping of divulgences of PHI Business Associates: BA Obligations, Cont'd.

Slide 13

BA's may utilize PHI for the accompanying (with the exception of if expressed generally in the agreement): Perform capacities, exercises, or administrations for, or on our sake Report infringement of law to suitable Federal and State powers Use PHI in its ownership for its appropriate administration and organization and to satisfy any lawful duties of BA Business Associates: BA Use of PHI

Slide 14

Business Associates: BA Disclosure of PHI BA's may unveil PHI for the accompanying (aside from if expressed generally in the agreement): to an outsider with the end goal of its legitimate administration and organization to satisfy any of its lawful obligations just in the event that (i) it is required by law or (ii) before the revelation is made, the BA hosts got from the third gathering composed confirmations that: The data will be held secretly; Used or further revealed just as required by law or for the reason for which it was uncovered to the outsider; and The outsider will advise BA of any examples of which it gets to be mindful in which the classification of the data has been broken.

Slide 15

Business Associate: When the University is the BA The University can be a BA on the off chance that: We are a seller to another wellbeing arrangement or supplier We are a specialist or an outsider executive to a wellbeing arrangement or human services supplier.

Slide 16

Business Associates: Frequently Asked Questions Question: Where Can I acquire a duplicate of the Standard BA Agreement? Reply: The Purchasing site: http://www.umich.edu/%7Epurch/Forms/index.html#Purch The HIPAA Website: http://www.med.umich.edu/u/hipaa Question: How do I see whether a seller has marked a BA? Reply: Contact you're Purchasing delegate who will have the capacity to check the merchant database and/or pull the agreement to figure out whether BA language exists.

Slide 17

Business Associates: Frequently Asked Questions Question: What if my merchant declines to consent to our Standard BA Arrangement? Reply: Refer the agreement to buying or DRDA. Address: If our Standard BA Agreement changes, do I have to get the seller to sign the updated one? Reply: Possibly. Allude your question to acquiring or DRDA.

Slide 18

For data with respect to your Business Associates Central Campus Contact your acquiring operator/purchaser Health System Contact Nina Cohan, 8-9669 MCIT Contract John Ellison, 6-5677 Need Help?

Slide 19

Decision Support Tool The accompanying slides may help you in figuring out if a seller is a Business Associate with the University of Michigan.

Slide 20

Are they utilizing or unveiling PHI concerning our representatives, our patients, or our wellbeing arrangement individuals? NO: They are not a BA. Cases: Equipment sellers who don't see PHI Janitorial and comparable administrations where any contact with PHI would be coincidental. Messenger administrations YES: They might be a BA. Proceed to the following inquiry. It is safe to say that they are a BA or Not? Fundamental Questions to Ask

Slide 21

Are they a social insurance supplier, giving treatment administrations? NO: They might be a BA. Proceed to the following inquiry. YES: They are not a BA. Illustrations: Medical testing labs Hospitals to which we allude patients for particular strategies Are They a BA or Not?

Slide 22

Are they performing business administrations for us? NO : They are not a BA. Cases: Outside scientists working together on a study YES: They might be a BA. Proceed to the following inquiry. Cases: Accounting firms Software contractual workers Claims processors Survey sellers who help us in performing concentrates on utilizing our PHI Are They a BA or Not?

Slide 23

Are they a player in the University of Michigan? NO: They are most likely a BA. Check with Purchasing or DRDA no doubt and to see if they have effectively executed a BA assention. YES: They are not a BA. Be that as it may, regardless you may need to execute a Memorandum of Understanding with them. Counsel with Purchasing or DRDA. It is safe to say that they are a BA or Not?

Slide 24

Please contact hipaalegal@umich.edu in the event that you have any inquiries regarding the Privacy Rule. For more data about the Privacy Rule , please visit these sites: http://www.med.umich.edu/u/hipaa http://www.hhs.gov/ocr/hipaa and http://www.cms.hhs.gov/hipaa Questions?