
		Search for:

Expand All | Collapse All

Compliance Home

Reporting Forms

About Compliance

Program Overview

Ethics and Compliance Oversight Committee

From the Desk of the S.V.P. - Chief Ethics & Compliance Officer

Welcome Message

Code of Conduct

Code of Conduct Overview

Coordinators List

Electronic Attestation for Employees

Compliance Program Manual

Program Manual Overview

Compliance Plan

Training Overview

CME Information

Help Request Forms

Compliance Education

State of NJ Ethics Training

Ethics

Ethics Overview

Ethics Responsibilities

Ethics Forms and Documents

Federal Monitor

Plain Language Guide

Attendance at Events

General Information

State Online Course

Gifts

General Information

State Online Course

Outside Activities

General Information

State Online Course

Post Employment

General Information

State Online Course

Recusal

General Information

State Online Course

Scholarly Capacity

General Information

Attendance at Events Decision Tree

Published Works Decision Tree

Policies Overview

Excluded Individuals and Entities

Records Management

UMDNJ Policy and Project Management

University Sanctions

HIPAA

Confidentiality

Breach Notification

Policies

Accounting of Disclosures

Notice of Privacy Practices

Privacy Officers

Security

Secure Email FAQs

Secure Messaging (E-Mailing) Implementation

Confidential E-mail Messages Text

Training

Training Instructions

Records Management

How to Comply With Policy

Online Training

Records Liaisons

Retention Schedules

Offsite Record Storage

Request for New Account

Request for Archive Services

WebConnect On-line Records Inventory System

Records Disposal and Destruction

NJ Division of Archives and Records Management (DARM)

Micrographic Services

Records Liaison Manual

Audit Procedures

Custodian of Public Records

Research Information

Academic Affairs

Supplemental Research Resources

CMS Local & National Coverage Determinations

Compliance Guidance from the Office of the Inspector General, DHHS

Consultation Services

Evaluation & Management Services

Patient Privacy

Teaching Physicians Rules

Training Available from CMS

FAQ's

Compliance FAQs

Protected Health Information FAQs

Scholarly Capacity and Royalties FAQs

Resource For Staff/Faculty

RESOURCES FOR IDENTITY THEFT VICTIMS

RESOURCES FOR BUSINESS ASSOCIATES

FREQUENTLY ASKED QUESTIONS

Resources for Business Associates

HITECH Act Expands HIPAA Privacy and Security Rules: On February 17th, President Obama signed the American Recovery and Reinvestment Act of 2009 (the stimulus bill). Within the bill created the Technology for Economic and Clinical Health Act (HITECH). HITECH substantially expands the HIPAA Privacy and Security Rules and increases the penalties for violations of HIPAA.

The Act applies HIPAA privacy and security requirements directly to business associates;
Establish mandatory federal breach reporting requirements for HIPAA covered entities and their business associates; Create new privacy requirements for HIPAA covered entities and their business associates, including new accounting requirements for electronic health records, restrictions on marketing and fundraising, and other developments; and Establish new criminal and civil penalties for noncompliance and new enforcement responsibilities.

HITECH imposes certain requirements on business associates with respect to privacy, security and breach notification and contemplates that such requirements shall be implemented by regulations to be adopted by the Department of Health and Human Services ("HHS").

The provisions of HITECH that apply to business associates and are required to be incorporated by reference in a business associate agreement are hereby incorporated into the existing BAA as of the respective Applicable Effective Dates including, without limitation, 42 U.S.C. Sections 17935(b), (c), (d) & (e), and 17936(a) & (b) .

Notification of Breach. – BA shall notify UMDNJ within twenty-four (24) hours of any suspected or actual breach of security, intrusion or unauthorized use or disclosure of PHI of which BA becomes aware and/or any actual or suspected use or disclosure of data in violation of any applicable federal or state law or regulations by using the “NOTIFICATION TO THE COVERED ENTITY ABOUT A BREACH OF UNSECURED PROTECTED HEALTH INFORMATION” form.

Resources for Identity Theft Victims

Secure Messaging (E-Mailing) Implementation

Secure Email FAQ's

Confidential E-mail Messages Text