Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

Published byRicky Beans Modified over 9 years ago

Similar presentations

Presentation on theme: "Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t."— Presentation transcript:

1

2 Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t i n g a n d O R M a t e r i a l s M a n a g e m e n t

3 How Does HIPAA impact Hospitals All inter-organization standard electronic transactions have to be in compliance with HIPAA standards. These are 1.Health claims or equivalent encounter information. 2.Health claims attachments. 3.Enrollment and disenrollment in a health plan. 4.Eligibility for a health plan. 5.Health care payment and remittance advice. 6.Health plan premium payments. 7.First report of injury. 8.Health claim status. 9.Referral certification and authorization. 10.Co-ordination of benefits Security and Electronic Signature Standards Privacy and Individually Identifiable Health Information Standards Unique health identifier (based on standards) to be developed for Individuals, Employers, Health plans, and Health care providers. HIPPA Requires Key implications for Hospitals (in order of priority) Ensuring Security of all Patient Data, electronic or otherwise Ensuring Privacy of all individually identifiable health information Enabling Electronic Transactions –for referral, benefits co- ordination, billling advice for patients –for handling all insurance needs of employees

4 W e b e n a b l i n g Pa t i e n t A d m i t t i n g a n d O R M a t e r i a l s M a n a g e m e n t Potential HIPAA Lapses at Hospitals  A university medical center employee sold a well known singer’s medical records to a tabloid  A congressional candidate sued a hospital for exposing her suicide attempt details  A banker member of a state health commission accessed a list of local cancer patients and cross- referenced it to a list of his customers. He then called in their loans Real Anecdotes Potential Lapses at HSS (based on our observations) Patient Data stored in insecure paper based format Easy access and modification Easy duplication Readily accessible by unauthorized agencies e.g. Medical Equipment suppliers, Hospital junior staff, inquiring public! No chain of trust partner agreements with other agencies needing access to patient data leading to no indemnification in case of misuse by partners No tracking of disclosures No electronic transactions capability to send or receive standard transactions Non compliance penalties Civil penalties at $100 per violation Criminal penalties – up to 10 years imprisonment and $250,000 Possible civil litigation Damage to reputation

5 W e b e n a b l i n g Pa t i e n t A d m i t t i n g a n d O R M a t e r i a l s M a n a g e m e n t Activity List for HIPAA Security Compliance Administrative Procedures Physical Safeguards 1.Certification 2.Chain of trust partner agreement 3.Contingency plan 4.Formal mechanism for processing records 5.Internal Audit 6.Personnel Security 7.Security Configuration Management 8.Security Incident Procedures 9.Security Management Process 10.Termination process 11.Training 1.Assigned Security Responsibility 2.Media Controls 3.Physical Access Controls 4.Policy on workstation use 5.Secure Workstation location 6.Security Awareness training Technical Security Services 1.Access Control 2.Audit Control 3.Authorization Control 4.Data Authentication 5.Entity Authentication Technical Security Mechanisms 1.Communications / Network Controls 2.Alarm 3.Audit Trail 4.Encryption 5.Integrity Control 6.Message Authentication 7.Access Control Administrative Security ProceduresTechnical Security Procedures

6 W e b e n a b l i n g Pa t i e n t A d m i t t i n g a n d O R M a t e r i a l s M a n a g e m e n t viaMD Ensures Compliance to HIPAA Technical Security Aspects Access control (Including a procedure for emergency access) Context-based access Role-based access and surrogating User-based access Encryption (optional) Authorization Control Role-based access and surrogating User-based access. Entity Authentication Automatic logoff Unique user identification AND Biometric Password PIN Telephone callback Token Technical Security Mechanisms Communications/network controls Integrity controls Message authentication Access controls Encryption Requirements for networks with external access: Alarm. Audit trail. Entity authentication. Event reporting. System designed currently for Password and Secure dynamic PIN based access. Can be upgraded to incorporate other secure access mechanisms

7 W e b e n a b l i n g Pa t i e n t A d m i t t i n g a n d O R M a t e r i a l s M a n a g e m e n t viaMD Security Design Incorporates Elements for HIPAA Compliance viaMD Security Features Secure storage and retrieval at viaMD hosting center Identification/ Authentication and Logout System events audit Role based access control Transaction back-out capability Disclosure accounting Data encryption Minimum disclosure Restriction request De-identification Notice of Information Practices HIPAA Relevance Unique user identification, secondary authentication and automatic log-off Audit trail Role, context and user based access control Contingency plan Minimum and accounted disclosure User discretion and surrogate access Partner agreements Secured access through SecurID devices is under consideration

8 W e b e n a b l i n g Pa t i e n t A d m i t t i n g a n d O R M a t e r i a l s M a n a g e m e n t High Level Technical Architecture Web Server Web Application Server DB Server (Business Data) DNS Server (from data center) Internet Firewall (service from data center) Clients (Hospitals, Surgeons, other designated entities) Admin, Partners & External Services (Suppliers / viaMD hub admin) viaMD Internet Service Zone Internet SMTP (mail) Server Only Secure Connection* Logs Archives Secure & non-secure Data

Download ppt "Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t."

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
ISecurity Compliance with HIPAA. Part 1 About HIPAA.

ISecurity Compliance with HIPAA. Part 1 About HIPAA.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA, Computer Security, and Domino/Notes Chuck Connell, www.chc-3.comwww.chc-3.com.

HIPAA, Computer Security, and Domino/Notes Chuck Connell,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Virginia Department of Medical Assistance Services Presentation On HIPAA to the Virginia COTS PSA Workgroup Frank G Guinan Craig Goeller November 7, 2000.

Virginia Department of Medical Assistance Services Presentation On HIPAA to the Virginia COTS PSA Workgroup Frank G Guinan Craig Goeller November 7, 2000.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Similar presentations

Ads by Google