Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Similar presentations


Presentation on theme: "Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA."— Presentation transcript:

1 Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA Transmission, Privacy and Nondiscrimination Rules 2007

2 HIPAA Health Insurance Portability & Accountability Act of 1996

3 HIPAA Compliance Issues Portability Nondiscrimination Privacy Electronic Transactions Security

4 Privacy – “Protected Health Information” Individually identifiable Health Information Created by “Covered Entity” or Employer Health and Demographic Information Relates to past, present, future physical or mental health or condition of Individual or Payment Regardless of format, if Entity ever engages in covered transactions

5 Who is Covered? Covered entities Health Plans Health Care Providers Health Care Clearinghouses HHS has no authority to regulate many key stakeholders who receive PHI from a Covered Entity Business Associates must comply

6 Covered Entities Must Provide information on Privacy Rights Adopt Privacy Procedures Appoint a Privacy Official Establish Grievance Procedures Amend plan to include specific provisions Provide Privacy Training to Employees Have safeguards to prevent disclosure

7 Rule’s Limited Scope “…once PHI leaves a Covered Entity, the Department no longer has jurisdiction under the statue to apply protections to the information.”

8 Business Associates Claims Processing / Administration Data Analysis Processing or Administration Utilization Review Quality Assurance Billing Benefit Management Practice Management and Re- pricing Legal Actuarial Accounting Consulting Data aggregation Management services Administrative services Accreditation services Financial services

9 Business Associate Contract Will not disclose PHI Appropriate safeguards Disclosure of non-contract PHI Assure that agents / subcontractors agree to same restrictions Accounting of all disclosures Contract termination if Breach of Confidentiality

10 Oversight of Business Associates Training program Reporting mechanism for violations Corrective actions / Mitigate Damages Contract termination Policies & Procedures Auditing annually Government Fines: -up to $100/violation/person -up to $25K / year

11 Consents and Authorizations Not required for treatment, payment, health care operations (TPO) Otherwise consent or authorization must be obtained for purposes other than TPO: Marketing To release medical records to life insurer

12 Authorization Requirements Must be very specific and written in plain language: Describe PHI – “all Health Information” Name or ID of person authorized to release Name or ID of person/class to whom PHI goes Expiration date or event Individual’s right to revoke PHI may be reused and is no longer protected

13 “Minimum Necessary” Covered entities must have policies/procedures to limit disclosures to minimum necessary Doesn’t apply to: PHI given to the individual or their personal representative PHI authorized by the individual Information for treatment purposes

14 Security Standards

15 Administrative Safeguards Covered entities must adopt a written set of policies/procedures Designate a privacy officer ID employees who will have access to PHI Ongoing training program Contingency plan for emergencies or security breaches

16 Physical Safeguards Controlled access to media Limit to authorized people Keep away from plain sight or high traffic areas Dispose of PHI properly

17 Technical Safeguards Controlled access Encryption Authentication Employer ID number National Provider ID Unique Identifier (for individuals)

18 Electronic Transactions National standards to simplify and improve efficiencies Transaction Inclusions: Claims Submissions Enrollment / Disenrollment Coordination of Benefits Patient Eligibility Request / Response Claim Status Request / Response

19 Electronic Transactions - Standards ANSI ASC X12N, version 4010 Providers Disease Management DME NCPDP 5.1 Product claims transactions DUR

20 Electronic Transactions – Coding Standards ICD-9: Diagnoses & Inpatient Services CPT-4: Professional Services CDT-3: Dental Services NDC: Drugs HCPCS / J CODES: Injectables (Not Self-Administered) and Procedures Providers: NPI

21 Privacy Rule – A Summary Notify patients about their privacy rights Adopt and implement privacy procedures for a practice, hospital, or plan Train employees Designate a Privacy Officer Implement security standards for PHI

22 HIPAA Health Insurance Portability & Accountability Act of 1996

23 HIPAA INFORMATION Guide to Medical Privacy & HIPAA, Thompson Publishing Group HIPAA Portability & Privacy, EBIA The Institute for Community Pharmacy:

24 Any Questions? P RO P HARMA P HARMACEUTICAL C ONSULTANTS, I NC.


Download ppt "Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA."

Similar presentations


Ads by Google