Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Strategy Methodologies and Tools. 1 Presentation Agenda  Review of HIPAA Objectives  Overview and Update on the Status of HIPAA  Components/Objectives.

Published byAmice Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA Strategy Methodologies and Tools. 1 Presentation Agenda  Review of HIPAA Objectives  Overview and Update on the Status of HIPAA  Components/Objectives."— Presentation transcript:

1 HIPAA Strategy Methodologies and Tools

2 1 Presentation Agenda  Review of HIPAA Objectives  Overview and Update on the Status of HIPAA  Components/Objectives of a HIPAA Strategic Plan  Detailed Review of Each Planning Component  Questions  Resources

3 Review of HIPAA Objectives

4 3 Objectives of HIPAA  To reduce the administrative costs associated with the provision of health care services  To make the administration of health care services more efficient by:  Requiring some transactions to be supported electronically  Standardizing those transactions  To protect individually identifiable health information from:  Physical damage/destruction  Unauthorized access  Misuse or inappropriate disclosure  This is the first step toward a broader application of e- commerce in health care

5 4 HIPAA Overview HIPAA Title ITitle IITitle IIITitle IVTitle V w Health insurance access, portability and renewal w Fraud and Abuse w Medical Liability Reform w Administrative Simplification w Medical Savings Accounts w Tax deduction provisions w Group health plan provisions w Revenue offset provisions Electronic Transaction Standards (EDI) Security Standards Privacy Standards w For 9 key payor transactions w Includes clinical code sets w Includes key identifiers w For protecting electronic health information w To spell out permissible uses of patient identifiable healthcare information

6 5 HIPAA Overview  Each component of HIPAA has proceeded independently through a development, review and approval process  The lack of forward movement on any one element does not necessarily impede the implementation of others Public Com ment Perio d Pu blic Inp ut Review of Existing Regulations & Standards Red raft of Rule Final Rule Publis hed Regulatio ns Enacted And Enforced Proposed Rule Released Still Awaiting Action for Some Elements 26 Months from Date of Publication

7 6 Applicability  From the Act: “Sec 1172(a) Applicability. Any standard under this part shall apply, in whole or in part, to the following persons:  A health plan  A health care clearinghouse  A health care provider who transmits any health information in electronic form in connection with a transaction referred to in Section 1173(a)91.”

8 7 Provider Responsibilities  Providers governed under HIPAA must:  Comply with the regulations that impact them no later than the published implementation dates for those rules  Ensure that vendors are prepared to deliver applications that support EDI and security requirements  Hold those business partners (vendors and others) with whom patient-identifiable information is shared accountable for complying with the privacy and security regulations that apply to the covered entity  Develop EDI, Privacy and Security policies and procedures  Train staff on the Privacy policies and procedures  Document compliance with applicable regulations

9 Status of HIPAA Rules

10 9 u The anticipated dates for HHS issuing new proposed or revised final HIPAA rules  The final Security Rule is expected to be released in August of this year  The Employer Identifier final rule has been drafted and sent to HHS for final review with release expected in June  The Provider and Payer Identifier final rules are expected around August  The Patient Information (Claims Attachment) NPRM is expected in August of this year

11 10 Updates u The anticipated dates for HHS issuing new proposed or revised final HIPAA rules (con’t)  A draft regulation for electronic medical records is being developed, which should be available for public review by the end of 2002  The Doctors First Report of Injury NPRM is also expected sometime in 2002  An Enforcement NPRM is expected to be released some time in 2002  Two proposed revisions to the Transaction and Code Set standards are expected any time now Changes in the Designated Standard Maintenance Organizations or DSMOs and Removal of NDC codes as the standard for medications

12 11 Compliance Date Update Summary 7/6/01 received First Guidance (not changes) on the final privacy rule First proposed changes to the Privacy Rule published on 3/27/02 Proposed Rule Electronic Transaction Standards (EDI) Security Standards Privacy Standards* n Transactions & Code Sets n Provider ID n Employer ID n Payer ID n Patient ID Final Rule n Released 5/98 n Released 6/98 n Expected 2001 n ON HOLD n Released 8/98 n No action by Congress; draft regulation released 11/99 n Published 8/2000 n Expected 8/2002 n Expected 6/2002 n Expected 8/2002 n ON HOLD n Expected August 2002 n Published 12/2000 n Reconfirmed 4/2001 n 10/16/2002/03 n 26 months from date final rule is published n 4/14/2003

13 Components of a HIPAA Strategic Plan

14 13 Steps to Compliance Organizational Structure Education Policies and Procedures Establish Linkages High-level Risk Analysis Quick Hit Identification Detailed Assessment Prioritization Project Definition Budget Development Programming/ System Upgrades Policy/Process Development Contract implementation End User Education System/Process Testing Compliance Audits Quality Assurance Post Implementation Support Regulatory Updates/Changes Stage 1: Organization and Planning Stage 2: Assessment and Design Stage 3: Implementation and Testing Stage 4: Compliance Monitoring The key to achieving HIPAA compliance is to take it one manageable stage at a time… We will be discussing these…

15 14 Elements of a HIPAA Strategic Plan u Develop an organizational structure for implementing HIPAA u Review corporate initiatives in light of HIPAA u Educate organizational decision makers on the importance of HIPAA and its impact across the organization u Develop policies and procedures for Privacy and Security regulations u Determine links between HIPAA initiatives and organizational strategic initiatives

16 15 Elements of a HIPAA Strategic Plan u Determine which EDI standards to use electronically u Conduct a high level risk analysis u Conduct a detailed risk assessment u Prioritize and schedule tasks to accomplish u Develop a budget for implementing HIPAA

17 16 Stage 1 – Organizational Structure u Appointment of HIPAA coordinator u Appointment of Privacy Officer u Appointment of individual(s) to be responsible for implementing Security regulations u Provide staff time to prepare for HIPAA u Establish reporting mechanisms to Administration and the governing body

18 17 Sample HIPAA Governance Structure Information Systems (Policy and Procedure Web Based Distribution) Privacy Officer (Policy Development Oversight, Training ) HIM (Regulation Impact Analysis) Security Responsibility (Policy Development Oversight, Training ) HR (Policy Development Oversight, Enforcement) Legal (Policy Development, “source of truth”) HIPAA Coordinator (oversight for assessment, implementation and ongoing monitoring) HIPAA Coordinator (oversight for assessment, implementation and ongoing monitoring) Compliance (Compliance Monitoring and Coordination) Others (Other Departments or Functions) External Stakeholders (Trading Partners & Business Associates)

19 18 Stage 2 – Corporate Initiatives u Identify strategic initiatives that HIPAA will impact  These initiatives should be divided into two primary categories; information technology (IT) and business initiatives u The HIPAA regulations will touch most major clinical, financial and administrative areas within the health system. As such, most of the strategic initiatives will require modification or consideration of the new HIPAA regulations u Develop a plan for transaction implementation  Initiate cost/benefit analysis to determine which standards will yield most positive results  Determine resources required for implementation u Submit request for EDI extension

20 19 Stage 3 – Education u HIPAA 101 - Overview of HIPAA u HIPAA 201 - Advanced Topics on EDI, Codes Sets and Identifiers u HIPAA 202 - Advanced Privacy Course u HIPAA 203 - Advanced Security Course

21 20 Stage 4 – Policies and Procedures u Develop policies and procedures for:  Privacy Material from Michael Best and Friedrich to customize  EDI Dependent upon standard transactions to be used  Security Health Future IT task force to develop sample policies  Address HIPAA compliance in organizational HR policies Background checks Sanctions for non-compliance General policies on confidentiality

22 21 Stage 5 – Linking Initiatives u Identify trading partners/business associates u Develop contractual assurances of HIPAA compliance u Evaluate vendor preparedness to support HIPAA

23 22 Stage 6 – Selection of EDI Standards to Implement u Develop a plan for transaction implementation  Initiate cost/benefit analysis to determine which standards will yield most positive results  Develop a schedule for implementation  Determine resources required for implementation u Submit request for EDI extension  Prior to October 16, 2002

24 23 Stage 7 – Risk Assessment u Conduct a high level risk analysis and initiate “quick hit” remediation u Assign responsibility for EDI, Privacy and Security assessments u Conduct detailed assessment tool training u Perform assessments u Define the boundaries of “acceptable risk”

25 24 High-level Risk Analysis u A high-level analysis of the current environment from an EDI, Privacy, and Security perspective to see where the largest gaps are would include questions like those below:  What electronic systems are in place for billing/clinical/medical records?  How many clearinghouses (if any) are used?  Are business associates/trading partners HIPAA compliant?  Which of the 7 approved standard transactions are being done?  What is the make-up of the IT infrastructure?  Are security policies in place that meet the categories outlined in the proposed rule?  How much data sharing is currently allowable in the system?  Are there system access controls and audit functions?  What is the level of complexity of systems across the network?  Do users have unique ID’s and passwords and do they share?

26 25 Stage 8 – Preliminary Budget u Summarize compliance gaps identified through the risk assessment u Develop operating budget for incremental labor costs and savings u Develop capital budget for HIPAA compliance

27 26 Stage 9 – Project Definition u Review results of compliance assessment u Prioritize tasks to achieve compliance u Assign responsibility for compliance projects

28 27 Stage 1 - Project Timeline May Establish Linkages June July August Oct Sept Nov Dec Risk Assessment Budget Project Definition Education Transaction Selection Corporate Initiatives Policies and Procedures

29 Initiate Prioritization

30 29 How to Prioritize HIPAA Initiatives u HIPAA activities need to be prioritized using several factors, for example:  Compliance deadlines  Potential for enforcement  Budget constraints (cost/benefit)  Resource constraints/requirement for external resources  Organizational readiness  Organizational impact  Integration with other projects  Enterprise-wide importance

31 30 Sample Immediate Initiatives u HIPAA Governance Model  Solidify organizational responsibility for the development of regulatory policies and procedures, approval processes, enforcement and oversight of all organizational HIPAA initiatives u Policy and Procedure Documentation  Initiate the development of, and update policies and procedures to meet HIPAA requirements and establish the organization’s “defensible position” u Business Associates  Inventory contracts and identify organizations that are business associates and trading partners with whom protected health information is shared

32 31 Sample High Priority Initiatives u Implement/Update Standard Transaction Sets  Transition to HIPAA-compliant versions of those transactions being performed electronically today u Implement/Update Standard Code Sets  Clean-up proprietary Clinical Codes to align with HIPAA code sets  Purchase additional code sets if needed u Remediate Applications  Remediate applications to HIPAA compliant versions

33 32 Sample Medium Priority Initiatives u Staff Education  Conduct general and detailed HIPAA education u Privacy Documentation Requirements  Develop documents required to comply with Privacy regulations  Utilize documents developed by the WSHA and other business partners that are recommended for use statewide u Focused Strategy & Assessment  Determine strategic approach to HIPAA and complete focused HIPAA assessments to determine compliance gaps and scope implementation efforts u Communication Plan  Establish communication methods and begin to distribute HIPAA education and strategic documentation

34 33 Ranking Definitions

35 34 Initiatives Prioritization Matrix

36 35 Questions and Discussion ? ? ? ? ? ? ? ?

37 Resources

38 37 Resources Association for Electronic Health Care Transactions (AFEHCT):  Impacts of HIPAA (particularly EDI)  Security Self-Evaluation Checklist http://www.afehct.org American Health Information Management Association (AHIMA):  Benchmark information and case studies  Interim Steps for Getting Started http://www.ahima.org/hipaa.html American Society for Testing and Materials (ASTM):  Standards guides for security http://www.astm.org Center for Healthcare Information Management (CHIM):  Up-to-date industry perspective on proposed rules and their status http://www.chim.org Computer-Based Patient Record Institute (CPRI):  CPRI Security Toolkit http://www.cpri-host.org Department of Health and Human Services HIPAA Administrative Simplification:  Latest News on Regulations  Current proposed and final rules http://aspe.hhs.gov/admnsimp/index.htm Electronic Healthcare Network Accreditation Commission (EHNAC):  Certification Program for HIPAA Compliance (under development) http://www.ehnac.org

39 38 Resources (cont.) For the Record: Protecting Electronic Health Information (National Academy Press, 1997) 800- 624-6242  Full Report http://www.nap.edu Health Privacy Forum  Comparison of Privacy proposed and final rules  Comparison of state privacy laws http://www.healthprivacy.org HIMSS: Protecting the Security and Confidentiality of Healthcare Information (Volume 12, Number 1, Spring 1998)  Articles http://www.himss.org HIPAA Home Pagehttp://www.hcfa.gov/hipaa/hippahm.htm HIPAA Transaction Implementation Guides from the Washington Publishing Company http://www.wpc-edi.com Joint Healthcare Information Technology Alliance (JHITA)  Summary of Privacy rules  Upcoming HIPAA conferences http://www.jhita.org Links to other HIPAA siteshttp://www.hcfa.gov/medicare/edi/hipaaedi.htm Medicare EDIhttp://www.hcfa.gov/medicare/edi/edi.htm

40 39 Resources (cont.) National Uniform Billing Committeehttp://www.nubc.org National Uniform Claims Committeehttp://www.nucc.org Washington Publishing Company  ANSI ASC X12N HIPAA Implementation Guides http://www.wpc-edi.com/hipaa Subscribe to email release of HIPAA documents (such as notice of proposed rule making) http://www.hcfa.gov/medicare/edi/a dmnlist.htm Workgroup for Electronic Data Interchange (WEDI):  Details of SNIP effort (Strategic National Implementation Pilot) http://www.wedi.org

Download ppt "HIPAA Strategy Methodologies and Tools. 1 Presentation Agenda  Review of HIPAA Objectives  Overview and Update on the Status of HIPAA  Components/Objectives."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Administrative Simplification Final Rule for Transactions Code Sets Stanley Nachimson

HIPAA Administrative Simplification Final Rule for Transactions Code Sets Stanley Nachimson
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presents: Weekly HIPAA Teleconference Revised 10-16-02.

Presents: Weekly HIPAA Teleconference Revised
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations.

HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations.
HIPAA TRANSACTIONS HIPAA Summit IV 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and.

HIPAA TRANSACTIONS HIPAA Summit IV 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and.
Preparing for ICD-10 Implementation WV HFMA 2012 Revenue Cycle Spring Workshop.

Preparing for ICD-10 Implementation WV HFMA 2012 Revenue Cycle Spring Workshop.
Electronic Data Interchange Assessment Strategies Application Systems Trading Partners Business Associates Application Vendors The Standards Application.

Electronic Data Interchange Assessment Strategies Application Systems Trading Partners Business Associates Application Vendors The Standards Application.
WHAT'S AHEAD? Kathy Whitmire Dale Gibson February 15, 2011 HIPAA 5010, ICD-10, ACO's, VBP, HIGLAS, PECOS.

WHAT'S AHEAD? Kathy Whitmire Dale Gibson February 15, 2011 HIPAA 5010, ICD-10, ACO's, VBP, HIGLAS, PECOS.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google