HIPAA for You?
Is your organization prepared for the Health Insurance Portability and Accountability Act (HIPAA) compliance? Do you understand the HIPAA Privacy laws for Ohio? We can help you with Ohio HIPAA Privacy and Compliance plans. Do you have a HIPAA compliance plan with policies and procedures? If you do, have you recently reviewed your compliance plan, policies and procedures? When you engage us to consult on your HIPAA program we will review and revise your plan to assure compliance with HIPAA Rules and best practices that apply to the state of Ohio. Moreover, if you don’t have a compliance plan we will draft a plan with policies and procedures that offers complete coverage of the privacy, security and HITECH requirements. We have helped many organizations with their plans.
HIPAA & State Law
The HIPAA Privacy Rule provides a baseline for privacy protections of a person’s individually identifiable health information when held by a covered entity or by a business associate of the covered entity. State laws that are contrary to the Privacy Rule are preempted by the federal requirements. There are specific exceptions that apply if the state law:
- relates to the privacy of individually identifiable health information and provides greater privacy protections or privacy rights with respect to such information,
- provides for the reporting of disease or injury, child abuse, birth, or death, or for public health surveillance, investigation, or intervention; or
- requires certain health plan reporting, such as for management or financial audits.
In these circumstances, a covered entity is not required to comply with a contrary provision of the Privacy Rule.
Ohio Privacy Law
There is state law in Ohio that is more protective of health information than HIPAA. This must be addressed in a HIPAA compliance plan. State law that is more protective of health information or that gives individuals greater rights over their health information is the law that is followed.
In addition, Ohio has enacted law that governs the use and disclosure of health information in a manner that is consistent with and generally not more stringent than the HIPAA privacy rule in order to eliminate barriers to the adoption and use of electronic health records and health information exchanges (HIE’s).
The law uses many of the same definitions and grants many of the same rights to individuals over their protected health information. The Ohio law must be followed for disclosures to HIE’s that are defined as “any person or governmental entity that provides in this state a technical infrastructure to connect computer systems or other electronic devices used by covered entities to facilitate the secure transmission of health information.” There are a number of requirements to meet for disclosures to HIE’s.
HIPAA Training for Ohio
Do you have questions or wonder whether your HIPAA training program is sufficient? Have you considered training or retraining your employees on the HIPAA Rules? Have they received additional information to understand the laws that affect privacy in Ohio? Are you faced with a Office for Civil Rights investigation or a breach of protected health information? We consult on these and all matters related to HIPAA. Above all, we will bring your organization into compliance expected by the Office for Civil Rights (OCR), the division of the federal Department of Health and Human Services with authority over the HIPAA Rules.
Organizations & HIPAA
It is important to point out that all covered entity organizations that handle protected health information (PHI) must follow the HIPAA Privacy Rule. Under HIPAA, PHI is individually identifiable health information that is used, maintained, stored or transmitted by a HIPAA covered entity. In other words, the entity could be a healthcare provider, health plan, health insurer or healthcare clearinghouse. It is the responsibility of these organizations to safeguard all protected health information and demonstrate this through a carefully crafted HIPAA compliance plan. Consequently, for this reason it is important for covered entities in Ohio to focus on an HIPAA Privacy and Compliance Plan that includes Ohio law.
How We Can Help
Creating a Plan
To begin with covered entities must create plans that include policies and guidelines for physical, technical, and administrative safeguards. As a result the plan will protect the conﬁdentiality, integrity, and availability of PHI and electronic (e-PHI). An entity must also perform a full Security Risk Analysis to assess the health and security of their HIPAA program.
Moreover, a HIPAA compliance plan holds providers and workforce members accountable for protecting PHI. Naturally this occurs through its policies, procedures and guidelines. In addition, the plan also outlines the consequences of a PHI breach or any violation of the policies in the compliance plan. By having a plan in place, it will help mitigate any breaches of PHI that might occur in the future. Finally, HIPAA compliance plans also ensure that all workforce members, which includes employees, physicians, volunteers and trainees are properly trained on how to handle PHI in all of its forms.
HIPAA Compliance Policies and Procedures
HIPAA compliance policies and procedures must be implemented to ensure compliance with the HIPAA Rules. Accordingly, these give individuals rights over their PHI and responsibilities to covered entities. The policies implement appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI.
HIPAA Associates Can Help
Foremost our professionals are prepared to assist you with all of these important policies and procedures. HIPAA Associates develops and consults on HIPAA compliance plans that include HIPAA privacy and security, policies and procedures and breach reporting requirements in compliance with the HIPAA Rules. Of great importance, HIPAA Associates is always available to assist you when questions arise regarding the HIPAA Rule. HIPAA consulting is the main focus of our organization. We would be happy to discuss with you how we can help with your program.
HIPAA Training Plan
The program must implement a HIPAA compliance training plan that trains workforce members on the requirements and policies that apply to them in their individual roles. The training program must train all workforce members upon employment on HIPAA and policies and procedures and on a regular basis thereafter.
Privacy and Security Ofﬁcers must be appointed to oversee the HIPAA program. They are responsible for oversight of the program and for tracking, investigating, resolving and documenting all privacy and security complaints and investigative steps taken. They ensure there is no retaliation against any workforce member or other individual for reporting a PHI breach or filing a HIPAA complaint.
HIPAA requires that you have Business Associate Agreements with business partners that you contract with to provide non-treatment services if they access, use or disclose protected health information (PHI) on your behalf. For example, accounting, billing, legal, risk management and IT services. Accordingly, we will help you identify business associates and provide business associate agreements.
The covered entity must ensure they use appropriate safeguards to protect the PHI in the same manner that the covered entity must. It is recommended that business associates receive HIPAA for Business Associates training.
HIPAA Compliance Plans Available
Most important of all, we have compliance plans that are ready for purchase by your organization. These are easily modifiable for immediate use. In addition, we specialize in fully customized plans created specifically for your organization. We consider all of the key features of your covered entity and its specific requirements and create your HIPAA compliance plan in close consultation with your Privacy and Security Officer.
HIPAA Privacy Policies
Our standard compliance plans are ready for purchase by the organization. These are easily modifiable for immediate use. They cover all the key features of the Privacy & HITECH Regulations.
Ready Made Privacy Policies – $500
HIPAA Security Policies
We offer Security Policies that will help you prepare for Security Rule compliance. These are ready for you to implement with your organization.
Ready Made Security Policies – $500
We consult and advise on individual issues related to HIPAA privacy, security and breach notification. Above all, HIPAA Associates has the knowledge and breadth of experience to assess your unique situation and needs to craft the plan that you need for ultimate protection for PHI and the organization. Consequently, we can help protect your organization from issues that may otherwise bring involvement by the Office for Civil Rights. Most important of all, HIPAA consulting is the key focus of our company.
Privacy Complaint Response
We will assist with response to HIPAA privacy complaints and investigate any privacy or security matter on your behalf whether from a patient, another individual or the Office for Civil Rights. Most importantly, we are experienced in responding to Office for Civil Rights investigative letters and working with them to resolve complaints.
HIPAA Associates works with clients on the breach analysis to determine if they have had a breach of unsecured PHI. For incidents that are reportable breaches there are steps and deadlines to follow for breach reporting to the individual and to the Office for Civil Rights. Furthermore, we will assist you throughout the process from start to finish on all aspects including mitigation of damages, creating a corrective action plan, drafting notice letters and reporting to the Office for Civil Rights.
Breach Analysis and Notification begins at $200
Above all it is important to follow all necessary steps to report a breach successfully. Breaches vary depending on the facts and circumstances. Normally we draft the mandatory notice to the individual and the reports to the OCR on a case-by-case basis and there may be different reporting deadlines. We have the experience to know what information to include in a breach notification letter and in the report to the OCR. Additionally, we will guide you through the additional steps that must take place for large breaches that affect 500 or more individuals. HIPAA Associates manages breach analysis, notification to the individual(s) affected, mitigation of damages, retraining and reporting to the Office for Civil Rights.
The Ohio Privacy Law varies from the Federal guidelines. There is state law in Ohio that is more protective of health information than in HIPAA, consequently this is the law that must be followed. In addition, there are many requirements that must be observed when interacting with health information exchanges. It is in your organization ‘s best interest to get the help of a professional organization that understands Ohio Privacy law.