Key Issues For Your Remaining HIPAA Compliance Time – The Health Plan Perspective Kimberly GrayKirk J. Nahra Chief Privacy OfficerWiley Rein & Fielding.

Slides:

Advertisements

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

Advertisements

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.

NIXON PEABODY LLP 1 Understanding the Marketing Restrictions of HIPAA Leigh-Ann M. Patterson Nixon Peabody LLP 101 Federal Street Boston, MA (617)

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.

NEW DEMANDS ON OUTSOURCING: THE LONG-RUN PERSPECTIVE.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:

PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.

The New HIPAA Era: What's New, What's Different and What's Actually Important Kirk J. Nahra Wiley Rein LLP Washington, D.C

1 Ethics For the Employee Benefits Agent.  Ethics – defined as a principle of right or good conduct; a system of moral principles or values; the rules.

Risk Assessments: Patient Safety and Innovation Innovation Discussion 02 July 2013.

ESB Copyright 2012 American Fidelity Assurance Company FCCMA June 1, 2012.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

WEDI ICD-10 Update National Committee on Vital and Health Statistics Subcommittee on Standards June 10, 2014 Jim Daley, Chairman, WEDI Director, IT Risk.

U.S. Benefits Group Fifth National HIPAA Summit A Case Study in Employer HIPAA Privacy Compliance Approaches Fred J. Thiele, JD, MBA Legal Compliance Manager.

Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,

LEGAL ISSUES IN MEDICAL HOME DEVELOPMENT Presented by: Gerry Hinkley Davis Wright Tremaine LLP

Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.

Eliza de Guzman HTM 520 Health Information Exchange.

Reflections on the State of Privacy Risk Management in Health Care Benefits Administration (one year and counting …) Mark Lutes, Esq. Partner Epstein Becker.

The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.

Wiley Rein & Fielding LLP HIPAA Privacy: Fundamentals and Key Challenges Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C

HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.

HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.

HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?

Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. (Dec. 8, 2014)

Snowe Amendment to the Wired Act William F. Pewen, Ph.D., M.P.H. Office of Senator Olympia J. Snowe, ME (202)

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

Health Insurance portability and Accountability Act (HIPAA)‏

Wiley Rein & Fielding LLP G-L-B’s Applicability To Health Care Organizations Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C.

A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.

IRS Circular 230 Disclosure: To insure compliance with Treasury Regulations, we are required to inform you that any tax advice contained in this communication.

Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,

©2002 by the National Committee for Quality Assurance NCQA: HIPAA Business Associate Presentation to the 6th National HIPAA Summit March 28, 2003 Patricia.

U.S. Benefits Group HIPAA Summit Audioconference A Case Study in Employer HIPAA Privacy Compliance Approaches Fred J. Thiele, JD, MBA Legal Compliance.

Systems, Data and HIPAA from a Medicaid Perspective Rick Friedman, Director Division of State Systems Center for Medicare and Medicaid US Dept Health &

Top Privacy and Security Developments for the Health Care Industry Kirk J. Nahra Wiley Rein LLP Washington, D.C (December.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

Final PRIVACY RULE Presentation by Richard Campanelli, Director OCR/HHS at 5 th National HIPAA Summit Washington, D.C. October 31, 2002.

©2002 by the National Committee for Quality Assurance NCQA and HIPAA “A match made in ?” The Fifth National HIPAA Summit Sharon King Donohue, JD General.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.

PRECONFERENCE III Advanced Strategies to Achieve ROI in Implementing HIPAA Karl Ideman, CEO Pool Administrators Inc. September 14, 2003.

Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C

EMPLOYER HIPAA COMPLIANCE STRATEGIES HIPAA Summit Audio Conference

SHARING CLINICAL DATA: Legal and Privacy Issues

HIPAA Privacy The Morning After

Presented by: Steven S. Lazarus, PhD, FHIMSS

The Centers for Medicare & Medicaid Services

Enforcement and Policy Challenges in Health Information Privacy

Analysis of Final HIPAA Privacy Modification Rule

Presentation transcript:

Key Issues For Your Remaining HIPAA Compliance Time – The Health Plan Perspective Kimberly GrayKirk J. Nahra Chief Privacy OfficerWiley Rein & Fielding LLP Highmark, Inc.Washington, D.C. Camp Hill, P.A The Fifth National HIPAA Summit (November 1, 2002)

2 Approach Key remaining challenges Issues beyond compliance Balance of legal, risk management and business Provider contracting Employer issues Marketing Research Key remaining challenges Issues beyond compliance Balance of legal, risk management and business Provider contracting Employer issues Marketing Research

3 Contracting Strategy Dealing with the different audiences Dealing with the different contracts Integrating business concerns Management strategy What is your process? –Not too generic, not too individualized

4 Contract Categories - Audiences Employers Vendors Providers Others?

5 Contract Types Business associate (privacy) Chain of trust (security) Trading partner (standard transactions) Focus on understanding/analyzing overlaps

6 Relations with Employers Most difficult Very complicated At least confusing/perhaps inconsistent Major client relations issues Opportunities? Challenges? –Shift to fully insured? –Privacy services to clients? –Will customers abandon group health care? Most difficult Very complicated At least confusing/perhaps inconsistent Major client relations issues Opportunities? Challenges? –Shift to fully insured? –Privacy services to clients? –Will customers abandon group health care?

7 What is the Problem? Avoid having PHI used by employers for employment-related purposes HHS’ fix: –HHS does not directly regulate employers or other plan sponsors –Instead, HHS places restrictions on the flow of information from covered entities to non-covered entities, including plan sponsors HHS guidance has been limited and not helpful Avoid having PHI used by employers for employment-related purposes HHS’ fix: –HHS does not directly regulate employers or other plan sponsors –Instead, HHS places restrictions on the flow of information from covered entities to non-covered entities, including plan sponsors HHS guidance has been limited and not helpful

8 The Role of the Employer Plan Sponsor (Employer and Customers) Rule restricts flow of PHI between GHP and plan sponsor Minimal impact of rule on plan sponsor that receives summary health information for premium bid purposes Substantial impact of rule on plan sponsor that receives PHI Plan Sponsor (Employer and Customers) Rule restricts flow of PHI between GHP and plan sponsor Minimal impact of rule on plan sponsor that receives summary health information for premium bid purposes Substantial impact of rule on plan sponsor that receives PHI

9 Compliance Obligations For Health Plans If fully insured and receive only SHI, very limited effects If (1) self-insured or (2) fully insured and get PHI, substantial obligations

10 Business Opportunities How will you educate your customers? What do you want the answers to be? Understanding the “touch points” with customers (brokers, consultants, reinsurers, HR, customer service, politicians) Implementing appropriate procedures Revising contracts (BA and employer)

11 Provider Contracting Most ignored What is required? What do you want to do anyway? What are the problems you want to anticipate? Cooperation/education efforts Need to be proactive and creative Under the radar today Most ignored What is required? What do you want to do anyway? What are the problems you want to anticipate? Cooperation/education efforts Need to be proactive and creative Under the radar today

12 Potential Problems Overall disincentive to share General nervousness No requirement of disclosure Patients can withdraw consent Are the right people involved? One-pagers Contract revisions Overall disincentive to share General nervousness No requirement of disclosure Patients can withdraw consent Are the right people involved? One-pagers Contract revisions

13 Marketing Most changes A “hot spot” under the Rule Not as bad as we thought under the Final Rule Basic definition: A communication about a product or service that encourages recipients of the communication to purchase or use the product or service Business needs vs. risk management

14 The Final Rule Health-related products and services In a plan of benefits Replacement or enhancement Value added services Plan members only Adds value No sale of customer lists

15 Marketing Challenges How many of your current practices are at risk? Use of PHI Mass circulation Is there anything you can do? How big a problem is this? Will this affect your philosophy?

16 Research The changing rule A sleeper issue Implications for health plans

17 Lessons Learned From The Inside The biggest challenges – operationally The biggest challenges – resources The biggest challenges – going forward

18 Conclusions Still lots to do Enough progress on compliance to consider business implications Resources Keep an eye on the lawsuits Very difficult balancing act Challenges of a moving target