Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA PRIVACY RULE IMPLEMENTATION – WHAT’S UP AFTER 4/14/03?

Published byGeorgia Oliver Modified over 5 years ago

Similar presentations

Presentation on theme: "HIPAA PRIVACY RULE IMPLEMENTATION – WHAT’S UP AFTER 4/14/03?"— Presentation transcript:

1 HIPAA PRIVACY RULE IMPLEMENTATION – WHAT’S UP AFTER 4/14/03?
8th National HIPAA Summit Baltimore, MD March 8, 2004 Lynda A. Russell, EdD, JD, RHIA Privacy Manager Cedars-Sinai Medical Center Los Angeles, CA

2 Disclaimer The presentation and materials are not to be perceived as legal advice. 3/8/04 HIPAA - Post 4/14/03

3 INTRODUCTION Discussion topics: Pre 4/14/03 – General Comments
Post 4/14/03 Implementation of Patient Rights Investigation of Potential Privacy Breaches Policies and Procedures Training 3/8/04 HIPAA - Post 4/14/03

4 Pre 4/14/03 HIPAA gave several rights to patients: Access to own PHI
Request for an Accounting Request for Amendment Request for Confidential Communications Request for Restrictions 3/8/04 HIPAA - Post 4/14/03

5 Pre 4/14/03 Hospitals identified gaps between current practice and the new rights Gaps did not always indicate something was wrong They merely reflected the difference between what was ok before 4/14/03 and what would be ok after 4/14/03 3/8/04 HIPAA - Post 4/14/03

6 Pre 4/14/03 Closed many gaps by:
Revising and writing policies and procedures Conducting training 3/8/04 HIPAA - Post 4/14/03

7 Post 4/14/03 – What continues to face hospitals?
3/8/04 HIPAA - Post 4/14/03

8 Post 4/14/03 – What continues to face hospitals?
Centralized approach? Decentralized approach? Combination of both approaches? 3/8/04 HIPAA - Post 4/14/03

9 Post 4/14/03 – What continues to face hospitals?
Centralized approach All processing is handled under the auspices of a designated department 3/8/04 HIPAA - Post 4/14/03

10 Post 4/14/03 – What continues to face hospitals?
Decentralized approach All processing is carried out in areas Where medical records are maintained or Where reporting activities occur 3/8/04 HIPAA - Post 4/14/03

11 Post 4/14/03 – What continues to face hospitals?
Designated record set Medical and billing records and any other record used to make decisions about an individual Used to define the set of information that the individual can access, copy, and request amendment to 3/8/04 HIPAA - Post 4/14/03

12 Post 4/14/03 – What continues to face hospitals?
Implementation of patient rights under HIPAA 3/8/04 HIPAA - Post 4/14/03

13 Post 4/14/03 – What continues to face hospitals?
We have decentralized approach to maintaining medical records and to the ROI function We have an ongoing process for centralizing the ROI function Requires mechanism to alert entity responsible for implementing the request 3/8/04 HIPAA - Post 4/14/03

14 Post 4/14/03 – What continues to face hospitals?
Request for Access to DRS 3/8/04 HIPAA - Post 4/14/03

15 Post 4/14/03 – Request for Access to DRS
Decentralized medical record maintenance process Pt must go to several different locations to gain access to all components of the designated record set 3/8/04 HIPAA - Post 4/14/03

16 Post 4/14/03 – Request for Access to DRS
Problems with this approach Patient does not know where DRS is maintained Staff across institution may not know that other components exist, or, if so, where they exist Patient has to re-qualify right to access in each department or treatment area 3/8/04 HIPAA - Post 4/14/03

17 Post 4/14/03 – Request for Access to DRS
Benefits of centralizing process Greater likelihood policies and procedures will be followed Patient is more confident he/she has been given access to entire DRS Patient only has to go to one location (better customer service) 3/8/04 HIPAA - Post 4/14/03

18 Post 4/14/03 – What continues to face hospitals?
Request for Accounting 3/8/04 HIPAA - Post 4/14/03

19 Post 4/14/03 – Request for Accounting
A new patient right Had no formalized processes in place Had patients before HIPAA wanting to know who had seen their records 3/8/04 HIPAA - Post 4/14/03

20 Post 4/14/03 – Request for Accounting
Uses and disclosures that must be included in an Accounting Public interest disclosures Research disclosures under a Waiver of Authorization Disclosures in violation of HIPAA 3/8/04 HIPAA - Post 4/14/03

21 Post 4/14/03 – Request for Accounting
We decided to implement this right on a centralized basis in the HIM Department 3/8/04 HIPAA - Post 4/14/03

22 Post 4/14/03 – Request for Accounting
Options for creating an Accounting Central database Accounting on Demand 3/8/04 HIPAA - Post 4/14/03

23 Post 4/14/03 – Request for Accounting
Central database – First Approach Data entered by one department only Advantage Greater likelihood policies will be followed Disadvantages Must gather all information from source departments No guarantee for obtaining all information Very time consuming 3/8/04 HIPAA - Post 4/14/03

24 Post 4/14/03 – Request for Accounting
Central database - Second Approach Data entered by source department Advantage Data entry responsibilities spread over several departments Data may be more accurately entered Disadvantages May be more difficult to monitor and hold departments accountable 3/8/04 HIPAA - Post 4/14/03

25 Post 4/14/03 – Request for Accounting
Regardless of who enters data into a centralized database Only enter actual ROI activities Do not need to enter “multiple disclosures” (discussed later) 3/8/04 HIPAA - Post 4/14/03

26 Post 4/14/03 – Request for Accounting
Accounting on Demand Make list of disclosures only when patient requests an accounting May implement as long as process is in place to assure that the HIM department can accurately identify all required disclosures The accounting meets the HIPAA mandate 3/8/04 HIPAA - Post 4/14/03

27 Post 4/14/03 – Request for Accounting
Accounting on Demand Advantages Less time consuming overall Potentially less costly 3/8/04 HIPAA - Post 4/14/03

28 Post 4/14/03 – Request for Accounting
Accounting on Demand Disadvantages May be difficult to implement because of decentralized “public interest” reporting Hospital does not have specific department or individual responsible for identifying all circumstances that should be included in an accounting Hospital must have a system for maintaining all copies of disclosure requests 3/8/04 HIPAA - Post 4/14/03

29 Post 4/14/03 – Request for Accounting
Cost of maintaining database vs accounting on demand Number of requests for accounting Potential size of database Confidence in decentralized data entry Confidence in centralized data entry 3/8/04 HIPAA - Post 4/14/03

30 Post 4/14/03 – Request for Accounting
Regardless of option selected, should include monitoring the process in the ongoing HIPAA Program monitoring plan 3/8/04 HIPAA - Post 4/14/03

31 Post 4/14/03 – Request for Accounting
Difficult Accounting Problems Accounting for multiple disclosures Accounting for research under a Waiver of Authorization Residents collecting information 3/8/04 HIPAA - Post 4/14/03

32 Post 4/14/03 – Request for Accounting
Accounting for multiple disclosures of: A particular patient to the same person or entity Multiple patients to the same person or entity 3/8/04 HIPAA - Post 4/14/03

33 Post 4/14/03 – Request for Accounting
Multiple disclosures to a third party for review constitutes a disclosure even if third party does not review any particular record 3/8/04 HIPAA - Post 4/14/03

34 Post 4/14/03 – Request for Accounting
Accounting for multiple disclosures Must maintain documentation of all records included in the universal set of records provided to the third party May be too time consuming to enter into centralized database May be better to use the accounting on demand approach 3/8/04 HIPAA - Post 4/14/03

35 Post 4/14/03 – Request for Accounting
May be easier to check documentation of multiple disclosures whether creating the accounting using a centralized database or the accounting on demand approach 3/8/04 HIPAA - Post 4/14/03

36 Post 4/14/03 – Request for Accounting
Approach taken may also depend on whether interfaces exist between the source system and the accounting system 3/8/04 HIPAA - Post 4/14/03

37 Post 4/14/03 – Request for Accounting
What about JCAHO record reviews? Some say: Don’t include because this is HCO Don’t include because JCAHO is a BA Include in accounting 3/8/04 HIPAA - Post 4/14/03

38 Post 4/14/03 – Request for Accounting
2nd difficult accounting issue – research Not required to include PHI disclosed pursuant to an authorization, in Limited Data Sets, and as de-identified data Must account for research under a Waiver of Authorization 3/8/04 HIPAA - Post 4/14/03

39 Post 4/14/03 – Request for Accounting
Accounting for research under a Waiver of Authorization Modified accounting procedure if protocol involves 50 or more individuals, and the individual’s PHI may have been disclosed 3/8/04 HIPAA - Post 4/14/03

40 Post 4/14/03 – Request for Accounting
May find it better to track specific protocols May find it better to do accounting on demand May encourage researchers to use Limited Data Sets 3/8/04 HIPAA - Post 4/14/03

41 Post 4/14/03 – Request for Accounting
3rd difficult accounting issue – residents Need information to take boards Collect information on patients they have treated to start their practice 3/8/04 HIPAA - Post 4/14/03

42 Post 4/14/03 – What continues to face hospitals?
Request for Confidential Communications 3/8/04 HIPAA - Post 4/14/03

43 Post 4/14/03 – Request for Confidential Communications
Patients are requesting hospitals to provide information by alternative methods 3/8/04 HIPAA - Post 4/14/03

44 Post 4/14/03 – Request for Confidential Communications
We implemented on decentralized basis We are applying our ongoing ROI centralization process 3/8/04 HIPAA - Post 4/14/03

45 Post 4/14/03 – Request for Confidential Communications
Patients are requesting information via Current options Issues with current options Alternative option – content scanner 3/8/04 HIPAA - Post 4/14/03

46 Post 4/14/03 – What continues to face hospitals?
Request for Restrictions 3/8/04 HIPAA - Post 4/14/03

47 Post 4/14/03 – Request for Restrictions
Opting out of directory Identifying who is or is not permitted to receive information as a participant in care Opting out of marketing, fundraising, and research Identifying any entity who is not permitted to receive information 3/8/04 HIPAA - Post 4/14/03

48 Post 4/14/03 – Request for Restrictions
We implemented on decentralized basis We are applying our ongoing ROI centralization process Requires mechanism to notify those responsible for implementing request 3/8/04 HIPAA - Post 4/14/03

49 Post 4/14/03 – What continues to face hospitals?
Investigating potential breaches 3/8/04 HIPAA - Post 4/14/03

50 Post 4/14/03 – Investigating Potential Breaches
Have policy and procedure in place Work with IT Department Work with HR Department Work with Medical Staff Leadership Work with Educational Program Leadership 3/8/04 HIPAA - Post 4/14/03

51 Post 4/14/03 – Investigating Potential Breaches
Examples: Volunteers looking up patients Deliver flowers to patient opting out of directory Conversations in areas with multiple patients present Employee believes record accessed by another employee without need to know 3/8/04 HIPAA - Post 4/14/03

52 Post 4/14/03 – What continues to face hospitals?
Policies and Procedures 3/8/04 HIPAA - Post 4/14/03

53 Post 4/14/03 – Policies and Procedures
Ongoing process Still identifying new policies needed Still identifying existing policies needing revision 3/8/04 HIPAA - Post 4/14/03

54 Post 4/14/03 – Policies and Procedures
Examples: Department/specialty name in return address Visitors and observers 3/8/04 HIPAA - Post 4/14/03

55 Post 4/14/03 – What continues to face hospitals?
Training 3/8/04 HIPAA - Post 4/14/03

56 Post 4/14/03 – Training It didn’t end on 4/14/03 Have policy in place
Various categories of workforce Persons not part of workforce 3/8/04 HIPAA - Post 4/14/03

57 Post 4/14/03 – What continues to face hospitals?
Q & A Thank you 3/8/04 HIPAA - Post 4/14/03

Download ppt "HIPAA PRIVACY RULE IMPLEMENTATION – WHAT’S UP AFTER 4/14/03?"

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
HIPAA PRIVACY RULE IMPLEMENTATION – WHATS UP AFTER 4/14/03? 8 th National HIPAA Summit Baltimore, MD March 8, 2004 Lynda A. Russell, EdD, JD, RHIA Privacy.

HIPAA PRIVACY RULE IMPLEMENTATION – WHATS UP AFTER 4/14/03? 8 th National HIPAA Summit Baltimore, MD March 8, 2004 Lynda A. Russell, EdD, JD, RHIA Privacy.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.

HIPAA Business Associates Leadership Group Meeting June 28, 2001.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585.

Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA

Similar presentations

Ads by Google