Presentation is loading. Please wait.

Presentation is loading. Please wait.

“HIPAA -- -- Beyond April 14, 2003” n “BUILDING HIPAA COMPLIANCE” Beyond April 14, 2003”

Published byHoward Peters Modified over 8 years ago

Similar presentations

Presentation on theme: "“HIPAA -- -- Beyond April 14, 2003” n “BUILDING HIPAA COMPLIANCE” Beyond April 14, 2003”"— Presentation transcript:

1

2

3 “HIPAA -- -- Beyond April 14, 2003” n “BUILDING HIPAA COMPLIANCE” Beyond April 14, 2003”

4 Health Insurance Portability and Accountability Act of 1996 n Presented For: CAHF Quarterly n Location: Sacramento, California –Date: May 20, 2003

5 Presented by Rhonda Anderson, RHIA –Anderson Health Systems, Inc. –email: office@ahis.net –Phone: 714-558-3881 –Fax.714-558-1302 –Web Site: www.ahis.netwww.ahis.net

6 Q & A by: Juliana Glydon Horizons West, Inc. Phone and emai: –916.624.6230 / info@horizonwest.coml

7 HIPAA TRANSACTION

8 n Who is involved: Administrator, Business Office Manager, HIM/Record Director, Nursing Management, IT resource, Business Associates

9 COMPLIANCE DATES n Electronic Transactions Standards Standardized Code Sets – 10/16/02 or 10/16/03 published

10 COMPLIANCE DATES n Privacy Standards – 4/14/03 n Security Standards – Due February, 2005 n Enforcement Proposed ‘date final??’

11 TRANSACTIONS AND CODE SET

12 DESIGNATED CODE SETS n ICD-9-CM n HCPCS - Health Care Financing Administration Common Procedural Coding System (eliminates level III codes) n CPT is required for Physician’s and ancillary services n HCPCS- health care supplies, etc. n J-Codes used for drugs – (from HCPCS Codes)

13 WHAT DO THESE MEAN TO YOU? n NDC - National Drug Codes – Commercial Pharmacies Billing and other systems will need to be modified to include new standard IDs n UB - 92 will be replaced with 837- new claims form n Computer systems need to accommodate the required codes/changes

14 WHAT DO THESE MEAN TO YOU? - 2 n Compare current code sets to HIPAA standards –Must use standard code sets and code “by the book” –May require modifications or upgrades to computerized coding systems –Accuracy of coding is an issue!!!

15 WHAT DO THESE MEAN TO YOU? - 3 n Follow the Fiscal Intermediary Guidelines…..Be aware of the AHA Coding Clinic & AHIMA Coding recommendations n Watch for CMS Electronic Transmittals for guidance (No more paper transmittals)

16 TCS TESTING… n Testing of the Standardized Transactions required –Must begin testing by April 16, 2003 –May begin testing sooner

17 PRIVACY

18 “SIX NEW PRIVACY RIGHTS” n Notice of Organizations “PHI” Privacy Practices n Request Restrictions on Disclosures to Others of their “PHI” n Request alternative means of communicating “PHI”

19 “SIX NEW Resident RIGHTS”- 2 n May (access) inspect and get a copy of “PHI” n May request Amendments to their “PHI” Must be given an accounting of organization’s disclosures of their “PHI”

20 PRIVACY RULE: WHAT DOES IT DO? HIPAA regulates the use or disclosure of Protected Health Information (PHI)

21 PRIVACY: KEY COMPONENTS n PHI n Notice of Privacy Practices n Acknowledgement n Uses & Disclosures n Authorization n Minimum Necessary n Patient Rights

22 PRIVACY: KEY COMPONENTS -2 n Amendment of Records n Access To Records n Accounting of Disclosure

23 PRIVACY: KEY COMPONENTS -3 n Business Associates n Marketing, Fundraising, and Research n Interaction with State privacy and confidentiality laws-Preemption

24 PRIVACY: KEY COMPOENENTS -4 n Administrative Requirements – Staff, Privacy Officer, Contact Department/Person. Security Officer, Training, Monitoring Penalties

25 WHAT IS PHI? Health and demographic information about an individual that is transmitted or maintained in any medium where the information: Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and  Copyright 2002 HIPAA COW

26 WHAT IS PHI? Relates to the past, present, or future Physical or mental health condition of an individual, or Provision of health care to an individual, or Payment for the provision of health care to an individual

27 PRIVACY NOTICES AND BEYOND HIPAA DOES NOT END ON APRIL 14,2003 HIPAA DOES NOT END ON APRIL 14,2003 THE ONLY THING YOU CAN COUNT ON IS CHANGE THE ONLY THING YOU CAN COUNT ON IS CHANGE

28 COMMON HIPAA MANDATES? Notice of Privacy Practices Acknowledgement Accounting of Disclosures Minimum Necessary Standard Access to Records

29 COMMON HIPAA MANDATES? -2 Amendment to Records Disclosure under authorizations Sanctions Audit Trails

30 WHAT IS COMMON? Requests for PHI Requests for PHI Uses of PHI Uses of PHI Disclosures of PHI Disclosures of PHI “Minimum Necessary” – and can it be consistent? Over – dramatization – over correction. REMEMBER RESIDENT CARE AND TREATMENT!! “Minimum Necessary” – and can it be consistent? Over – dramatization – over correction. REMEMBER RESIDENT CARE AND TREATMENT!!

31 REQUESTING PHI – request/or receive PHI Do you ever request/or receive PHI from outside the organization –Is the information for treatment –Is the information for payment –Is the information for operations If not for TPO, why is the information used? have you mapped who?

32 ACCESSING PHI WITHIN Do you know who has access to PHI within the organization and do you know who uses it. Do you know who has access to PHI within the organization and do you know who uses it.

33 “THE STUDY” Have you carried out any of the “due diligence” to the use and disclosure of PHI coming into the facility GOING OUT OF THE FACILITY??? MINIMUM NECESSARY use and disclosure? HOW CAN YOU ASSURE THE MINIMUM NECESSARY use and disclosure?

34 THE TEAM WHAT NEEDS TO BE DONE??? Assure you know who has, uses and discloses PHI Do you know which WorkForce Members access PHI, Use/Disclose PHI Have you got documents to show this information… Carried out “due diligence”

35 POLICIES AND PROCEDURES USE AND DISCLOSURE FOR USE AND DISCLOSURE FOR Treatment Treatment Payment Payment Health Care Operations Health Care Operations Commonly known as “TPO”

36 USE AND DISCLOSURE GENERAL POLICY AND PROCEDURES – ADMINISTRATIVE, CLINICAL RECORDS, OTHER DEPARTMENTS GENERAL POLICY AND PROCEDURES – ADMINISTRATIVE, CLINICAL RECORDS, OTHER DEPARTMENTS –Assure it meets your facility/agency requirement –Assure it meets your facility/agency requirement :

37 DESIGNATED RECORD SET NEW CONCEPT DRIVES POLICY PROCEDURE What is to be included? Medical Records Billing Records Payment Claims Case Management records (maintained for or by a health plan

38 NOTICE - PROCEDURE REQUIREMENTS n Post Notice at the site, on the web n Admission Policy and Procedure

39 USES & DISCLOSURES -1 n PHI can be used/disclosed without consent, authorization, or opportunity to agree/object in the following instances as defined in 164.512

40 USES & DISCLOSURES -2 n EXCEPTIONS include: –Required by law –Public Health activities –Victims of abuse, neglect or domestic violence –Health oversight activities –Law enforcement purposes

41 USES & DISCLOSURES -3 n EXCEPTIONS –cont. –Judicial and administrative proceedings –Decedents (coroners & medical examiners) –Cadaveric organ, eye or tissue donation –Research

42 USES & DISCLOSURES - 4 n EXCEPTIONS –cont. –Avert serious threat to health and safety –Specialized government functions –Correctional institutions & other law enforcement custodial situations –Worker’s compensation

43 USE/DISCLOSURE- MINIMUM NECESSARY n Requires reasonable efforts be made to limit disclosure of ‘PHI’ to minimum necessary to accomplish the intended purpose of the use, disclosure or request.

44 RULE - MAINTAIN RECORDS n The requirement to maintain records and titles of persons responsible for processing request for access for 6 years n These are for those specific authorizations for request of protected health information

45 HIPAA – BUSINESS ASSOCIATES Who is involved: Those person/s companies who are not a part of your work force AND DO NOT PROVIDE TREATMENT

46 BUSINESS ASSOCIATES B.A. ---who works with you and not your employee

47 ADMINISTRATIVE REQUIREMENTS

48 ADMINISTRATIVE n Designation of a Privacy Official n Designation of Contact Person n Employee Training H.O. #3 Training Grid n Safeguards n Complaint procedures n Employee Sanctions

49 ADMINISTRATIVE - 2 n Documentation Requirements n Refraining from intimidating or retaliatory acts n Policies and Procedures n Mitigation of risks n Waiver of rights n Retention period

50 POLICY & PROCEDURES See H.O. #1 Policy and Procedures

51 COMPLIANCE - PRIVACY n Refer to Attached. n H.O. #2

52 E-ISSUES n FAX – NOT addressed in HIPAA n E-Mail – encryption required n Internet vs. Intranet n Security –Or - PRIVACY n Or both??

53 IMPLEMENTATION STRATEGIES

54 IMPLEMENTATION n Understand the impact and liability in YOUR setting n Scalable solutions and applications n Track regulations n Review/Revise project plan n Coordinate with professionals Determine the gap between what is required and what you have

55 WHATS NEW – WHATS NOT n ENFORCEMENT

56 SECURITY IS NOT NEW, BUT FINALIZED Security will focus on certain areas,.

57 SECURITY n Applies to health information in manual or electronic form or information that had at one time been in electronic form. n Operationally difficult to separate security and privacy

58 SECURITY Covered Entities must maintain reasonable & appropriate administrative, physical, & technical safeguards to: Ensure the integrity & confidentiality of PHI Protect against unauthorized access, use, or disclosures by employees or external parties Protect the availability of PHI in emergency and disaster situations Demonstrate compliance by officers and employees

59 KEY TO SECURITY

60 SECURITY: KEY COMPONENTS Administrative Security Procedures Physical Safeguards Technical Security Services Communications Security Electronic Signature

61 ADMINISTRATIVE PROCEDURES n Contingency and Disaster Recovery Planning n Information Access Control n Internal Security Audit Procedures

62 ADMINISTRATIVE PROCEDURES n Personnel Security Transfers Termination procedures Management of authorization methods Personnel clearance procedures Training in security

63 PHYSICAL SAFEGUARDS n Assigned Security Responsibility n Media Controls n Physical Access Controls n Secure Workstation Location

64 TECHNICAL SECURITY SERVICES n Access Controls n Audit Controls n Authorization Controls n Data Authentication n Entity Authentication

65 BEGIN IMPLEMENTATION…

Download ppt "“HIPAA -- -- Beyond April 14, 2003” n “BUILDING HIPAA COMPLIANCE” Beyond April 14, 2003”"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google