Presentation is loading. Please wait.

Presentation is loading. Please wait.


Similar presentations

Presentation on theme: "HIPAA AWARENESS TRAINING"— Presentation transcript:

ND Department of Health March 2003

2 HIPAA Coordinator & Officers
Darleen Bartz, HIPAA Coordinator and Privacy Officer Bridget Weidner, Assistant Privacy Officer Darin Meschke, Security and Transactions Officer

3 HIPAA 101 Health Insurance Portability and Accountability Act of 1996
Four Parts to HIPAA Administrative Simplification: Electronic Transactions and Code Sets Standards Privacy requirements Security requirements National Identifier requirements

4 Background HIPAA Public Law 104-191 Title II
Healthcare industry initiative Congress passes HIPAA Law HIPAA Public Law Title II Access Portability Renewal Title I Tax-related Provisions Title III Application & Enforcement of Group Plan Title IV Revenue Offset Title V Preventing Fraud & Abuse Administrative Simplification Medical Liability Form 1. HIPAA began as a healthcare industry initiative. 2. In 1996 HIPAA was signed into law. BY the END OF JUNE 1998 MOST PROVISIONS WERE IN EFFECT FOR MOST PLANS. TITLE 1 - GUARANTEES HEALTH INSURANCE ACCESS, PORTABILITY AND RENEWAL TITLE II- INTENDED TO PREVENT HEALTH CARE FRAUD AND ABUSE AND PROVIDE ADMINISTRATIVE SIMPLIFICATION TITLE III MEDICAL SAVINGS ACCOUNTS AND HEALTH INSURANCE TAX DEDUCTIONS FOR SELF-EMPLOYED INDIVIDUALS AND SMALL BUSINESSES TITLE IV - ENFORCES GROUP HEALTH PLAN PROVISIONS TITLE V - LONG TERM CARE SERVICES AND CONTRACTS AMENDMENTS - WOMEN’S HEALTH & CANCER RIGHTS MENTAL HEALTH PARITY ACT NEWBORNS & MOTHERS HEALTH PROTECTION ACT RESPONSIBILITY OF ENFORCING WAS DIVIDED AMONG 3 FEDERAL AGENCIES AND THE STATES So, the Administrative Simplification provisions of HIPAA is the section that directly impacts DHS and is the entire focus of our efforts. HIPAA is much faster to say than Administrative Simplification and lately when the health care industry talks of HIPAA they mean Administrative Simplification. The intent of Administrative Simplification is to simplify administrative and financial data transactions AND to regulate the security and privacy of electronically stored and transmitted patient health information

5 HIPAA 101 Final Privacy rule – August 14, 2002
Covered entities must comply by April 14, 2003 Final Security rule – February 20, 2003 effective April 21, 2005 Final Transactions and Codes Sets – August 17, 2000 effective October 16, 2002 Extension of October 2003

6 HIPAA Administrative Simplification
Privacy requirements Limit the release of patient protected health information without patient’s consent Patient’s personal information must be more securely guarded and more carefully handled

7 HIPAA Administrative Simplification
Electronic Transactions and Code Sets Standards Requirements National standards for formats and data content Providers who do business electronically must use the same health care transactions, code sets and identifiers Common language for health care industry to make it easier to transmit information electronically

8 HIPAA Administrative Simplification
Security requirements Outlines minimum administrative, technical and physical safeguards required to prevent unauthorized access to protected health care information Ensure confidentiality, integrity and availability of electronic PHI Ensure compliance by the workforce

9 HIPAA Administrative Simplification
National Identifier Requirements Will require health care providers, health plans and employers have standard national numbers that identify them on standard transactions The Employer ID # was selected as identifier for employers

10 What does this regulation do?
Must comply with the regulation by April 2003 Gives patients more control over their health information Sets boundaries on the use and release of health records Establishes safeguards that health care providers must achieve Holds violators accountable (penalties)

11 What does this regulation do?
For patients, it means being able to make informed choices when seeking care and reimbursement Enables patients to find out how their information may be used Gives patients the right to examine and obtain a copy of their own health records and request corrections

12 Why is this regulation needed?
Personal information moves across hospitals, doctor’s offices, insurance payers and state lines We have relied on a patchwork of laws allowing health information to be distributed Health care providers have a strong tradition of safeguarding private health information

13 What does this regulation require the average provider to do?
Provide information to patients about their privacy rights Adopt clear privacy procedures Train employees so they understand privacy Designate an individual to see that privacy procedures are adopted and followed Secure patient records

14 Who must comply with these new privacy standards?
Covered entities are: health plans, health care clearinghouses and Those health care providers who conduct certain financial and administrative transactions electronically Bound by the new privacy standards

15 When will covered entities have to meet these standards?
Most covered entities have 2 full years or until April 14, 2003 Small health plans will have 3 full years or until April 14, 2004

16 Who is Impacted by HIPAA?
Health care providers transmitting health information in electronic form (Division of Microbiology) Health plans Health care clearinghouses

17 Who is Impacted by HIPAA?
NDDoH is a hybrid entity Hybrid entity is a single legal covered entity who business activities include both covered and noncovered functions NDDoH covered functions are performed by the Division of Microbiology

18 What is protected health information?
Protected health information is referred to as “phi” Includes all health and individual information whether it is stored on paper or computer May be found in medical records, s, computers, in files, in desks

19 NDDoH Policies and Procedures
HIPAA team developed 27 policies and procedures for the NDDoH Reviewed by the HIPAA Privacy Workgroup Mike Mullen, Attorney General’s Office, reviews for legality Dr. Dwelle and Arvy Smith give final approval

20 Uses and Disclosures for Research Activities
NDDoH may use or disclose PHI for research purposes NDDoH to establish an Institutional Review Board (IRB) chaired by Arvy Smith NDDoH to establish a Privacy Board

21 HIPAA Complaint Process
Individual has a right to file a complaint Department will not retaliate against the complainant Submit your complaint(s) to the NDDoH Privacy Officer, or The federal Department of Health and Human Services

22 Contact the HIPAA Team Darleen Bartz, 328-2352
Bridget Weidner, Darin Meschke, Administrative Support: Kaye Hessinger & Cheryl Stockert

23 Check the Web

24 Time is running out - are you HIPAA compliant?

25 HIPAA Fact or Fiction You will still have access to the patient information you need to do your job. Sharing computer passwords is appropriate business practice. You will only have to think about HIPAA once a year. HIPAA was written to make your life difficult. No one will know if we are not compliant.

ND Department of Health March 2003


Similar presentations

Ads by Google