1 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Issues for Counties – PHI, Prisoners, Disaster Preparedness and Homeland Security March 9,

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Security Controls – What Works
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA – Developing an Understanding
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
HIPAA Security Final Rule Overview
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Copyright The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
HIPAA Privacy Rule Training
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
Electronic Data Interchange (EDI)
Paul T. Smith Davis Wright Tremaine LLP
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Security Standards Final Rule
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Enforcement and Policy Challenges in Health Information Privacy
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Security Risk Assessment (SRA)
Presentation transcript:

1 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Issues for Counties – PHI, Prisoners, Disaster Preparedness and Homeland Security March 9, 2004 Presented by: Mary Knapp Senior Director CHC Healthcare Solutions Mark Beckmeyer Director CHC Healthcare Solutions

2 © CHC Healthcare Solutions 2004 All rights reserved Critical County Issues for HIPAA Privacy n HIPAA covered entity status n Notice of Privacy Practices n Designated Record Set (DRS)

3 © CHC Healthcare Solutions 2004 All rights reserved HIPAA “Entities” n Single entity n Single affiliated entity n Hybrid entity n Organized Health Care Arrangement

4 © CHC Healthcare Solutions 2004 All rights reserved How to Determine if you are a Covered Entity under HIPAA n Are you a health plan? You are a covered entity. n Are you a clearinghouse (take non-compliant data and make it compliant)? You are a covered entity. n Are you a provider? It depends –do you perform one of the eight transactions that have a HIPAA standard format? Then you are a covered entity.

5 © CHC Healthcare Solutions 2004 All rights reserved HIPAA National Electronic Transaction Standards n Enrollment and Disenrollment in a Health Plan (834) n Health Care Premium Payments (820) n Health Care Eligibility Benefit Inquiry and Response (270/271) n Referral Certification and Authorization (278) n Health Care Claims or Equivalent Encounter Information (837) n Health Care Claim Status (276/277) n Health Care and Remittance Payment Advice (835) n Coordination of Benefits (837) n First Report of Injury (145) (Delayed) n Additional Claim Information (275) (Delayed)

6 © CHC Healthcare Solutions 2004 All rights reserved “And now, let’s determine if we are a covered entity, affiliated single covered entity, hybrid covered entity or organized health care arrangement.”

7 © CHC Healthcare Solutions 2004 All rights reserved Notice of Privacy Practices (NPP) n Health Care Provider vs. Health Plan n State Preemption Issues n One vs. Multiple County NPPs

8 © CHC Healthcare Solutions 2004 All rights reserved Designated Record Set n A group of records maintained by or for a covered entity that is: –The medical records and billing records about individuals maintained by or for a covered health care provider –Used, in whole or in part, by or for the covered entity to make decisions about individuals –Enrollment, payment, claims adjudication and case or medical management records maintained by or for a health plan. n “Record” means any item, collection, or grouping of information that includes PHI and is maintained, collected, used or disseminated by or for a covered entity.

9 © CHC Healthcare Solutions 2004 All rights reserved Designated Record Set Issues n The health care component of the hybrid entity must be able to define and then track all elements of the DRS –Major challenge: Most are not electronic Staff is not familiar with the concepts Security of paper and oral as well as electronic records Psychotherapy notes More than medical information

10 © CHC Healthcare Solutions 2004 All rights reserved Exchange of Information In and Out of the County Hybrid Entity n Agencies or Divisions that have been determined to be outside the health care components of the hybrid entity may use PHI of the “inside” agencies. n Via a Memorandum of Understanding. n Obviates need for Agencies or Divisions to be set up as Business Associates within the county.

11 © CHC Healthcare Solutions 2004 All rights reserved Critical County Issues for HIPAA Security n HIPAA Security –General Requirements –Flexibility of Approach –Subject Areas –Thoughts to Ponder n Homeland Security –General Requirements –Thoughts to Ponder n Risk Management – Cost-Benefit Analysis n Best Practice/HIPAA Compliance Program/Roadmap n Questions & Answers

12 © CHC Healthcare Solutions 2004 All rights reserved “HIPAA Speak” n New foreign language created by legislation for the express purpose of making the learner feel as though they have landed in a parallel universe where basic common sense and plain language are unheard of.

13 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Security – General Requirements n All “covered” entities must do the following: –Ensure the confidentiality, integrity, and availability of all electronic protected health information (EPHI) the covered entity creates, receives, maintains, or transmits. –Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. –Protect against any reasonably anticipated uses or disclosures of such information. –Ensure compliance by workforce.

14 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Security – Flexibility of Approach n Required (R) or Addressable (A) –Required: implementation of the specification is mandatory. Entity may consider the following factors in selecting the appropriate safeguards: The size, complexity and capability of entity Technical infrastructure, hardware, software security capabilities Cost of security measures. Probability and criticality of risk to EPHI

15 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Security – Flexibility of Approach n Required (R) or Addressable (A) –Addressable: implementation of the specification may be optional. However, the entity must consider the following factors: Reasonable and appropriate in protecting EPHI If not reasonable or appropriate: –Document why it would not be –Implement an equivalent alternative measure

16 © CHC Healthcare Solutions 2004 All rights reserved The HIPAA Security Standards: Subject Areas n Administrative Safeguards [§ ] – 9 Standards –12 Required, 11 Addressable n Physical Safeguards [§ ] – 4 Standards – 4 Required, 6 Addressable n Technical Safeguards [§ ] – 5 Standards – 4 Required, 5 Addressable n Organizational Requirements [§ ] n Documentation Requirements [§ ]

17 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Security – Thoughts to Ponder  Regulations finalized on February 20, 2003  Compliance Date: April 21, 2005  Applies to all workforce with access to EPHI  Technology neutral  Focus is on administration  Final rule less stringent  Encryption  Intrusion detection  Auditing

18 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Security – Thoughts to Ponder  Technology Neutral  Consolidation & Organization of Draft Rule:  Definitions mesh with Privacy  Electronic Information Only  Removed electronic signature standard  “Required” vs. “Addressable”  Regulations are “best practices/industry standards”  Why wait???

19 © CHC Healthcare Solutions 2004 All rights reserved Homeland Security – General Requirements  Title II – Information Analysis and Infrastructure Protection  Critical Infrastructure Information Act of 2002  Makes a crime disclosure of “planned or past operational problems or solutions”.  Cyber Security Enhancement Act of 2002  Directs the amendment of sentencing guidelines for computer crimes.

20 © CHC Healthcare Solutions 2004 All rights reserved Homeland Security – General Requirements  Title V – Emergency Preparedness and Response  Inter-operative Communications Technology  Manages Federal Gov response to terrorists or major disaster.  Emergency Response may require the use of national private sector networks.

21 © CHC Healthcare Solutions 2004 All rights reserved Homeland Security – General Requirements  Title VII – Management  Homeland Security Information Sharing Act  Federal Gov may share information with “State” and “Local” government officials.

22 © CHC Healthcare Solutions 2004 All rights reserved Homeland Security – General Requirements  Title X – Information Security  Amends Federal Law to require  OMB Director to “oversee agency information security policies and practices; and  Each Federal Agency Head to provide information security protections.  Selection of security hardware and software left to each agency.  Perform independent evaluation of the information security program and practices to determine effectiveness.  Maintain inventory of information systems.

23 © CHC Healthcare Solutions 2004 All rights reserved Homeland Security – Thoughts to Ponder  Broad Requirements  Vague Specifications  “Best Practices”  In synch with HIPAA (…and all other applicable regulations?)  Don’t wait!!!

24 © CHC Healthcare Solutions 2004 All rights reserved Risk Management – Cost-Benefit Analysis  A Balanced Approach to Costs & Operations:  Threats/Vulnerabilities  Assets  Safeguards

25 © CHC Healthcare Solutions 2004 All rights reserved Best Practice/HIPAA Compliance Program  Perform Assessment of Risk  Senior Management decides on level of risk tolerance  Integrate security into corporate culture  Form security committee –Senior management –Clinical –HR –Legal –IS –Compliance/Audit

26 © CHC Healthcare Solutions 2004 All rights reserved Best Practice/HIPAA Compliance Roadmap The HIPAA Compliance Cycle 1. Strategic Planning 2. HIPAA Compliance Assessment 3. Gap and Impact Analysis 4. HIPAA Documentation 5. Design and Integration 6. Security Training 7. Admin. 8. Compliance Monitoring

27 © CHC Healthcare Solutions 2004 All rights reserved

28 © CHC Healthcare Solutions 2004 All rights reserved Question & Answers

29 © CHC Healthcare Solutions 2004 All rights reserved Contact n Mary Knapp CHC Healthcare Solutions, LLC 101 Greenwood Avenue, Suite 100 Jenkintown, PA

30 © CHC Healthcare Solutions 2004 All rights reserved Contact n Mark R. Beckmeyer CHC Healthcare Solutions, LLC Delmar Drive Leawood, KS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.