“ Technology Working For People” Intro to HIPAA and Small Practice Implementation

“ Technology Working For People” Overview What is HIPAA? Transactions Privacy Security Implementation Manual/Process

“ Technology Working For People” Insurance Reform [Portability] Insurance Reform [Portability] Administrative Simplification [Accountability] Health Insurance Portability and Accountability Act (HIPAA) Transactions, Compliance Date: 10/16/2003 Privacy Compliance Date: 4/14/2003 Security Compliance Date: 4/21/2005 What is HIPAA?

“ Technology Working For People” Who is affected ? “Covered Entities” which include: Health Plans Healthcare Clearinghouse Healthcare Provider who transmits health information in electronic format (Us )

“ Technology Working For People” Is it Mostly Process Or Mostly “Things” to purchase?

“ Technology Working For People” HIPAA Compliance Deadlines Transaction & Code Sets October 16, 2003 (with extension) Privacy Regulation April 14, 2003 Security Regulations April 21, 2005 or April 21, 2006 for small health plans

“ Technology Working For People” COMPLY? $100 for each violation Maximum of $25,000 per year per specific provision  Penalties up to $250,000 u Prison time up to 10 years Non-Compliance Unauthorized Disclosure or Misuse of Patient Information

“ Technology Working For People” Transactions, Codes, & Identifiers What are they, and why do we care ? Is it something I control ? How do we comply?

“ Technology Working For People” Transaction, Codes, and Identifiers Verify your vendor or clearinghouse has been certified? Tested your electronic claims submission for accuracy?

“ Technology Working For People” Privacy Regulations Require Designating a Privacy Officer Educate the Privacy Officer Take this training module Become familiar with helpful web sites Begin Implementing the new Procedures & Policies

“ Technology Working For People” Privacy Regulation The Privacy Rule has 3 General Areas Patient Rights Communications Administration

“ Technology Working For People” Privacy Regulation Patient Rights Notice of Privacy Practice Authorization Form Access and Amendment Policy Accounting and Restrictions Policy

“ Technology Working For People” Privacy Regulation Communications Phone and Face-to-Face Policy (Optional) Fax Policy Medical Records De-Identification

“ Technology Working For People” Privacy Regulation Administration Privacy Officer Business Associate Privacy Contract Tracking Safeguards Pre-emption of State Law Training

“ Technology Working For People” Security Regulation Three Categories of Security Standards Administrative Physical Technical

“ Technology Working For People” Security Regulation In All 3 Categories, the Standards are: Required or Addressable

“ Technology Working For People” Security - General Rule Ensure the confidentiality, integrity and availability of all EPHI Protect against any reasonably anticipated threat or hazard to security or integrity Protect against reasonably anticipated uses or disclosure that are nor permitted under the Privacy Rule Ensure compliance by your workforce

“ Technology Working For People” Security Flexibility Size, complexity and capabilities of office Technical infrastructure, hardware and software security capability of office Costs of security measures Probability and criticality of potential risks

“ Technology Working For People” Security – Administrative Security Management Responsibility Workforce Security Information Access Management Security Awareness & Training Incident Procedures Contingency Plan Evaluation Business Associate Contract

“ Technology Working For People” Security - Physical Facility Access Control Workstation Use Workstation Security Device & Media Controls

“ Technology Working For People” Security - Technical Access Control Audit Controls Integrity Entitiy Authentication Transmission Security

“ Technology Working For People” Implementation The Head of Practice Overview Office Manager Steps Transaction/Code Certification Staff Training Privacy Security Maintenance

“ Technology Working For People” Office Manager Steps Appointed Privacy & Security Officer Studies the HIPAA Office Manual Makes any modifications to the forms, policies and procedures for this specific practice Calls a staff meeting for HIPAA training

“ Technology Working For People” Transaction/Code Certification Obtain certification of compliance from Billing/Admin software vendor Obtain certification of compliance from all clearinghouse vendors Confirm accuracy of transactions

“ Technology Working For People” Staff Training Staff read the awareness essay Read and sign employee confidentiality form Attend the HIPAA overview training Attend Security Awareness Training

“ Technology Working For People” Privacy Post Privacy Notice Process for patients receiving and signing Notice of Privacy Practice Post Fax and Policies Create “Entities” log Issue/Collect Business Associate contracts

“ Technology Working For People” Security VeroTek & Office Manager Produce: Risk Assessment/Plan Access Control Workstation Security Staff Security Training Anti-Virus Procedures Backup Procedures Internet/Firewall System Disaster Recovery Plan

“ Technology Working For People” Maintenance Quarterly review by Office Manager for compliance Bi-Annual Security Audit by VeroTek “As Required” updates as regulations change

“ Technology Working For People” Questions? Call or