1 Student Health Director Briefing Frequently Asked Questions HIPAA May 23, 2012.

Slides:



Advertisements
Similar presentations
HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.
Advertisements

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.
Presents: Weekly HIPAA Teleconference Revised
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
HIPAA PRIVACY AND SECURITY AWARENESS.
Company LOGO Data Privacy HIPAA Training. Progress Diagram Function in accordance Apply your knowledge Learn the Basics Orientation Evaluation Training.
Copyright Fleisher & Associates A HIPAA PRIMER FOR PUBLIC HEALTH PEOPLE CPHA-N Conference 2003 January 30, 2003 Presented by: Steven M. Fleisher,
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA – Developing an Understanding
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
1 HIPAA: Privacy Regulations Addressing HIPAA at Harvard University Tina S. Sheldon Harvard University HIPAA Colloquium at Harvard University Cambridge,
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
© 2004 Moses & Singer LLP HIPAA and Patient Privacy Issues Raised by the New Medicare Prescription Drug Program National Medicare Prescription Drug Congress.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
HIPAA Health Insurance Portability and Accountability Act.
IRS Circular 230 Disclosure: To insure compliance with Treasury Regulations, we are required to inform you that any tax advice contained in this communication.
May 2, 2002 (updated 11/02/02) HIPAA Basics: 2002 Washington and Lee University 1 HIPAA: Understanding the Basics.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
HIPAA Privacy Rule Training
UNDERSTANDING WHAT HIPAA IS AND IS NOT
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Electronic Data Interchange (EDI)
Electronic Transactions Workshop
Electronic Transactions Workshop
HIPAA Update J. T. Ash University of Hawaii System
Disability Services Agencies Briefing On HIPAA
2003 Immunization Registry Conference
WELCOME.
Presentation transcript:

1 Student Health Director Briefing Frequently Asked Questions HIPAA May 23, 2012

Disclaimers 2 This training session is for educational purposes only and does not constitute legal advice. If as a result of this training session you have questions about your HIPAA status or your organizations privacy or security compliance, please contact your SUNY Counsel. This training session is not intended to cover all of the privacy and security laws/regulations training requirements. Slides are provided for informational purposes only.

??? 3 Frequently Asked Questions: –Do electronic health record transactions make me HIPAA covered? –What type of billing activities make me HIPAA covered? –Do transactions between my campus and my student health insurance company make me HIPAA covered? –My campus would like to engage in new revenue producing enterprises related to our Student Health Centers, are there any issues that I need to address prior to implementing?

To answer these questions 4 Understand the Basics of HIPAA –What does HIPAA stand for? Health Insurance Portability & Accountability Act of 1996 (45 CFR Parts 160 & 164) –Enacted August 21, 1996 which required the Secretary of Health and Human Services “to publicize standards for the electronic exchange of health care data as well as privacy and security” measures for personally identifiable health information. ( known as Administrative Simplification provisions)

Administrative Simplification 5 “ADMINISTRATIVE SIMPLIFICATION” (HIPAA Rules) –Title 42 The Public Health and Welfare U.S. Code 1320d-1 et seq. Subtitle F of Title II of HIPAA, Part C (HIPAA Provisions) National standards to protect the confidentiality of patient health information via regulations in three areas: –Privacy (Privacy Rule) »Applies to information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral known as Protected Health Information (PHI) –Electronic Exchange (Transaction and Code Set Regulations) –Security measures (Security Rule)

Privacy Rule 6 Excludes from protected health information –Employment records –Education records and other records as defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. section 1232g Goal: Is to assure individuals that their health information with covered entities will be properly protected while allowing the flow of health information needed to provide and promote high quality health care.

Student Health Information - Exclusion 7 Employment Records: Are excluded from the definition of PHI, and therefore not subject to the protections of HIPAA. Other laws and regulations that cover uses and disclosures of information in such records may apply -- such as OSHA, Family and Medical Leave Act (FMLA), workers' compensation, and alcohol and drug free workplace laws. Education records covered by FERPA Records of students held by colleges and universities used exclusively for health care treatment and which have not been disclosed to anyone other than a health care provider at the student’s request. (These are specifically excluded from the definition of “education records.”) 45 CFR HHS expressly determined that it was not going to preempt FERPA, because FERPA provided a privacy framework for student records. So, if the records fit within the “HIPAA FERPA” exception, must apply FERPA. *HIPAA Basics: 2002 Washington and Lee University

Determination 8 Remember: only individuals/offices that deal in PHI are required to comply with HIPAA privacy regulations. If your office only deals with student or employment records, and does not handle PHI it may not be necessary to designate it as a covered care component of SUNY as a hybrid HIPAA covered entity. *HIPAA Basics: 2002 Washington and Lee University

Covered Entities 9 1.Health Plans 2.Health Care Providers 3.Health Care Clearinghouses

Covered Entities – 1. Health Plan 10 Health Plans – provide or pay the cost of medical care (42 U.S.C. 1320d, 45 CFR ) –Include: health, dental, vision, prescription drug insurers, HMOs, Medicare, Medicaid… –Excludes: (reference 42 U.S.C. 300 gg-91(c) (1)) Group health plan with less than 50 participants that is administered solely by the employer and established and maintains the plan Two types of governmental funded programs –Those whose principle purpose is not providing or paying the cost of health care, such as food stamps program –Those whose principle activity is directly providing health care, such as community health center Certain other entities providing: workers compensation, automobile insurance, and property and casualty insurance, coverage for on-site medical clinics

Examples of Covered Health Plans in the College or University Setting* 11 Employee group health plan (fully/self-insured) Employee group dental plan (fully/self-insured) Employee group vision plan (fully/self-insured) Employee flexible spending account Employee Assistance Plan (for other than on-site clinic) Retiree health plan (fully/self-insured) Student health (fully/self-insured) (for other than on-campus clinic) *HIPAA Basics: 2002 Washington and Lee University

Examples of Non-Covered Plans in a College or University Setting* 12 NCAA intercollegiate accident policy Employee long-term disability policy Employee life insurance policy Employee workers’ compensation coverage Student health fee for on-site student health and counseling services *HIPAA Basics: 2002 Washington and Lee University

Evaluate Activity – An Example 13 University has a private psychiatrist on retainer, to evaluate students on a one-time referral from University physician/counselors when behavioral concerns arise. University pays psychiatrist directly for these sessions out of student health and counseling budget. Is this practice a “health plan” under HIPAA? This is not a covered health plan, but a contractual extension of the excluded on-site clinic exemption as an excerpted benefit excluded from HIPAA privacy and security rule. *HIPAA Basics: 2002 Washington and Lee University

Endorsed vs. Sponsored Plans 14 Question: A university endorses one student health insurance policy and allows that insurer to market the policy as the College Sponsored Student Health Plan. There is no contractual relationship between the college and the insurer and the students apply, pay premiums, and file claims on their own. Is the college a Plan Sponsor for HIPAA? No. First, the concept of a plan sponsor as defined appears to apply only to ERISA plans. Second, the college has not undertaken any responsibility to pay any premiums or subject itself to any other liability under the policy. It is acting only as endorser and liaison between insurer and student. Under these circumstances, the college is not a HIPAA plan sponsor of this plan. (Presenter’s opinion) *HIPAA Basics: 2002 Washington and Lee University

Who is the Covered Entity – Student Health Insurance 15 Best practice – in case of an issue with HIPAA and Student Health Insurance - Know which entity is covered (many colleges and university’s utilize group health insurance companies such as Aetna for their student health insurance, these entities are the HIPAA covered entity and comply with regulations). Why does it matter? Most campuses exchange information as it relates to students and their health insurance. This information should be verified as not PHI and that only summary/participation/enrollment is being transacted. You can verify this will your student health insurance carrier.

Covered Entities – 2. Health Care Providers 16 Every health care provider who electronically submits health information in connection with standard transactions (42 U.S.C. 1320d-1, 45 CFR ) is covered Standard Transactions (45 CFR Part 162, K-R) –Health care claims or equivalent encounter information –Enrollment and disenrollment in a health plan –Eligibility for a health plan –Health care payment and remittance advice –Health plan premium payments –Health claim status –Referral certification and authorization –Coordination of benefits

Evaluate Activity – An Example 17 If a health care provider transmits any of these transactions electronically, that health care provider is a covered entity. E.g., if your student health center bills student insurance electronically, or bills summer campers’ insurance electronically, or sends referral authorizations to insurers electronically, it has become a covered entity. It appears from HHS comments that “in connection with” means as a part of the covered transaction itself, not merely in communications in any way related to a covered transaction (e.g., electronically submitting a claim as opposed to ing with a question about how to transmit a claim). *HIPAA Basics: 2002 Washington and Lee University

Evaluate Activity - Examples 18 Student health centers that only bill student accounts, not third-party payers. This is direct billing of the patient under an excluded plan covering on-site clinic services, not a “claim” to a covered health plan. Thus, this sort of account billing is not a HIPAA transaction. An from one doctor to another doctor regarding a patient’s treatment is not a HIPAA transaction to trigger coverage as a “covered entity” or require standard formatting. A flexible spending account plan does not involve claims from health providers to the plan, but merely direct reimbursement of the employee, so though the plan is a covered plan, it conducts no HIPAA “claims” required to be standardized. *HIPAA Basics: 2002 Washington and Lee University

Health Care Providers Double Check 19 Student Health Centers – physicians, nurses, and other providers Counseling Center staff – psychiatrists, clinical psychologists Athletic Trainers ONLY IF THEY TRANSMIT HEALTH INFO. ELECTRONICALLY IN ONE OF THE DEFINED HIPAA TRANSACTIONS *HIPAA Basics: 2002 Washington and Lee University

Covered Entity – 3. Health Care Clearinghouses 20 Entities that process nonstandard information they receive from another entity into a standard format They include: billing services, re-pricing companies, community health management information systems, and value-added networks and switches if the entity performs clearinghouse functions.

Evaluate Activity – An Example 21 Universities or Colleges may act as clearinghouses by billing third-party payers on behalf of other entities, such as clinics or practice groups and which makes the university/college a HIPAA covered entity *HIPAA Basics: 2002 Washington and Lee University

Evaluate Activity – Electronic Health Record 22 In and of itself an electronic health record does not make a institution HIPAA covered, an evaluation of the activities processed through the electronic health record determines whether the entity is HIPAA covered (refer to covered electronic transactions) Note: Even where not HIIPAA covered, institutions should apply the highest in privacy and security safeguards with respect to access, use and transmission of electronic health records.

Business Associates 23 A person or organization that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. The HITECH Act of 2009 part of the American Reinvestment and Recovery Act now imposes direct compliance of security rule, information breach notification, and enhanced penalties etc on business associates to the same extent as applicable to covered entities.

SUNY and Business Associate Agreements 24 SUNY has a standard template for Business Associate Agreements. Please contact SUNY Counsel should you be asked about entering into a Business Associate Agreement. Business Associates must use appropriate privacy and security safeguards.

Still have questions…. 25 Contact your SUNY counsel and they will work with designated campus and System Administration personnel to help assist you to determine which privacy and security regulations apply.

Helpful Training 26 Contact your human resources representative to see about GOER training and your access. If you have an ability to access the GOER training, please make sure to check out the learning module titled “Privacy and Security of Health Information in New York State”.

SUNY Resources 27 Policy 4200 HIPAA Policy 6608 Information Security Guidelines Privacy and Safety on Campus – A legal framework

HIPAA Resources 28 Presentation Source Material –U.S. Department of Health and Human Services Office of Civil Rights –HIPAACOW.org –HIPAA Basics: Washington and Lee University

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.