Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and.

Published byJob Cole Modified over 7 years ago

Similar presentations

Presentation on theme: "April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and."— Presentation transcript:

1 April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and training Presented by: Steven S. Lazarus, PhD, FHIMSS Boundary Information Group, President Train for Compliance, Inc., Vice Chair Workgroup for Electronic Data Interchange (WEDI), Past Chair

2 Copyright © Boundary Information Group 2003 2 Boundary Information Group  Virtual consortium of health care information systems consulting firms founded in 1995  Company website: www.boundary.net  BIG HIPAA Resources: www.hipaainfo.net  Senior Consultants with HIPAA leadership experience since 1992; administrative and clinical system experience  Services include: –Strategic planning –Systems selection and implementation management –Workflow improvement –EMR, clinical and financial IS selection and operating improvement –HIPAA policies, procedures, and forms –Expert witness

3 Copyright © Boundary Information Group 2003 3  Nonprofit Trade Association, founded 1991  190 organizational members –Consumers, Government, Mixed Payer/Providers, Payers, Providers, Standards Organizations, Vendors  Named in 1996 HIPAA Legislation as an Advisor to the Secretary of DHHS  Website: www.wedi.org  Strategic National Implementation Process (SNIP) – snip.wedi.org  WEDI Foundation formed in 2001  Steven Lazarus, WEDI Past Chair and Foundation Trustee Workgroup on Electronic Data Interchange

4 Copyright © Boundary Information Group 2003 4 Where Should we be Today on our Privacy Policies and Procedures?  Before April 14, 2003, Privacy policies and procedures should: –Be drafted –Take into account state pre-emption –Approved/revised for operational reasonableness –Approved by all administrative and governance steps required in your organization –Have a legal review for HIPAA and other Federal and State Laws –Be published and accessible to all members of the workforce

5 Copyright © Boundary Information Group 2003 5 Policies and Procedures  Privacy Administration  §164.530(i) and 164.520(b)  Process for developing, adopting and amending of privacy policies and procedures, making any necessary changes to the Notice of Privacy Practices, and retaining copies

6 Copyright © Boundary Information Group 2003 6 Policies and Procedures  Including overriding principles (policy)  Detail practices –Identify responsible individual or department –Define specific operational processes –Require enough detail so that the workforce knows what to do –Develop to fit the clinical and business operations of the covered entity  Must not just repeat or summarize the Regulations  Privacy policies and procedures must reflect state laws that are more restrictive

7 Copyright © Boundary Information Group 2003 7 Privacy Policies and Procedures  Must address every aspect of HIPAA Privacy  Must be consistent with the Notice of Privacy Practice  Must replace previous policies and procedures which were in conflict, incomplete, or unclear

8 Copyright © Boundary Information Group 2003 8 Privacy Policies and Procedures  Common Shortcomings –The procedures must be operational – the workforce must know what to do –PHI must be safeguarded – Security –Incidental disclosures are not incidental if they are routine for you –Private patient action in State court may be more damaging than OCR’s penalties – consider how the patient views your policies and procedures –Too little “training” for effectiveness

9 Copyright © Boundary Information Group 2003 9 Training for Privacy: General  Must be on your policies and procedures  Must be completed by the entire workforce  Must be documented  Must include safeguards for PHI - Security

10 Copyright © Boundary Information Group 2003 10 Training Issues and Options  Media –Videotape –Workbooks –Classroom with live instructor –E-learning – Internet or Intranet –May utilize multiple media approaches

11 Copyright © Boundary Information Group 2003 11 Training Goals  Compliance – No OCR actions  Effective –Workforce knows what to do –Receive few patient complaints –All OCR or private actions resolved without penalties or court action –Gaps are routinely identified and addressed  Privacy incidents are categorized and reported in the “internal” annual HIPAA compliance report

12 Copyright © Boundary Information Group 2003 12 Training Issues and Options  Define workforce categories –Few workforce categories Easy to administer –Assign workforce to courses Less customization to create and maintain –Many workforce categories May be difficult to administer –Complex management of workforce to training content choices Potential to highly customize content to workforce categories

13 Copyright © Boundary Information Group 2003 13 Training Issues and Options –Practical Issues Identify source of workforce lists, identifications and passwords Include employees, physicians, volunteers, long-term contract renewal (e.g., Medical Director in a health plan) Use Human Resource application if capable –Names –Job categories –Identifications and passwords from another source Keep passwords and identifications secure

14 Copyright © Boundary Information Group 2003 14 Training Issues and Options  Tests –Use to document learning for compliance –Set passing score  Consider Continuing Education credits (can not change content significantly and maintain credits)

15 Copyright © Boundary Information Group 2003 15 Achieving Effective Privacy  Need good Security to achieve Privacy  Privacy Regulation requires Security  Reminders, periodic training, and “incident monitoring” reporting and management will be needed to achieve effective Privacy

16 Copyright © Boundary Information Group 2003 16 Recommended Actions if not Fully Ready on April 14, 2003  Complete compliance readiness ASAP -- 30 to 60 days  Redo Privacy policies and procedures, and training, for operations effectiveness (if needed)  Revise Privacy polices and procedures, and training, in light of Security final rule  Measure and report training completeness –Set goal at 100% –Make executives, department heads and supervisors accountable –Include a training administration system in your training management resources

17 Copyright © Boundary Information Group 2003 17 HIPAA READINESS Steve Lazarus sslazarus@aol.com 303-488-9911 Company website: www.boundary.net HIPAA website: www.hipaainfo.net HIPAA training: www.trainforhipaa.com HIPAA Regulations and Policies and Procedures: www.hipaahelper.net

Download ppt "April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Improving Efficiency and Increasing Patient Satisfaction by Leveraging HIPAA Standards, Including Privacy and Transactions and Data Code Sets Presented.

Improving Efficiency and Increasing Patient Satisfaction by Leveraging HIPAA Standards, Including Privacy and Transactions and Data Code Sets Presented.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Approaches to Implementation of the Transactions and Codes Sets Addendum Presented by: Steven S. Lazarus, PhD, FHIMSS President Boundary Information Group.

Approaches to Implementation of the Transactions and Codes Sets Addendum Presented by: Steven S. Lazarus, PhD, FHIMSS President Boundary Information Group.
2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.

2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.
STEVEN S. LAZARUS, PHD, CPEHR, CPHIT, FHIMSS PRESIDENT, BOUNDARY INFORMATION GROUP AUGUST 20, 2008 1996-2008 – The Twelve Year Journey is Not Over.

STEVEN S. LAZARUS, PHD, CPEHR, CPHIT, FHIMSS PRESIDENT, BOUNDARY INFORMATION GROUP AUGUST 20, – The Twelve Year Journey is Not Over.
HIPAA Policies, Procedures and Training Margret Amatayakul, RHIA, CHPS, FHIMSS President, Margret\A Consulting, LLC Steven S. Lazarus, PhD, FHIMSS Boundary.

HIPAA Policies, Procedures and Training Margret Amatayakul, RHIA, CHPS, FHIMSS President, Margret\A Consulting, LLC Steven S. Lazarus, PhD, FHIMSS Boundary.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Similar presentations

Ads by Google