1 / 24

Getting Started April 12, 2002

lorin
Download Presentation

Getting Started April 12, 2002

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. FRAMING HIPAA Under the Title of . . . Bob DeGrand will do this slideBob DeGrand will do this slide

    3. The HIPAA “Mountain” Patty will discuss At IHS we put together a Task Team with members from each affiliate which includes our physician clinics and started to tackle HIPAA on our own. We broke the Task Team into 3 teams, one for EDI/Privacy and Security. Each team started to review the regulations. We kept thinking we could do on our own. We worked on putting together a database of HIPAA questions we needed to ask departments. Each team member was putting in a lot of time. Dave and Deb please add to yours here on how you have scaled the HIPAA mountainPatty will discuss At IHS we put together a Task Team with members from each affiliate which includes our physician clinics and started to tackle HIPAA on our own. We broke the Task Team into 3 teams, one for EDI/Privacy and Security. Each team started to review the regulations. We kept thinking we could do on our own. We worked on putting together a database of HIPAA questions we needed to ask departments. Each team member was putting in a lot of time. Dave and Deb please add to yours here on how you have scaled the HIPAA mountain

    4. By Breaking The HIPAA “Mountain” Into “Wisconsin-Sized Hills” Patty will do this slide Finally our IHS team decided we needed some help, we just felt we could do it on our own, but maybe we could find a consultant that had it figured out that could provide us with help as we were expending lots of employee resources. SO our team interviewed 3 different consultants and decided that American Express met our needs. American Express would work with our current teams they would allow us to incorporate some of our tools into the process(so our time was not wasted) and American Express would provide us with a project plan and their tools. We would have one consultant “Bob DeGrand” Bob had done this project at other large and small hospitals. He kept telling us that HIPAA should not be allowed to interfere with patient care: where compromises need to be made they should not be made at the expense of patient care. CIHS was chosen to be the pilot for the project because of the diversity of services available at our facility. The team thought that this way all bases would be HIPAA covered and then we would roll it out to the affiliates and our managed rural hospitals. Dave and Deb feel free to add herePatty will do this slide Finally our IHS team decided we needed some help, we just felt we could do it on our own, but maybe we could find a consultant that had it figured out that could provide us with help as we were expending lots of employee resources. SO our team interviewed 3 different consultants and decided that American Express met our needs. American Express would work with our current teams they would allow us to incorporate some of our tools into the process(so our time was not wasted) and American Express would provide us with a project plan and their tools. We would have one consultant “Bob DeGrand” Bob had done this project at other large and small hospitals. He kept telling us that HIPAA should not be allowed to interfere with patient care: where compromises need to be made they should not be made at the expense of patient care. CIHS was chosen to be the pilot for the project because of the diversity of services available at our facility. The team thought that this way all bases would be HIPAA covered and then we would roll it out to the affiliates and our managed rural hospitals. Dave and Deb feel free to add here

    5. FRAMING HIPAA The GOOD The BAD The UGLY Transactions Stds Security Privacy Bob DeGrand will do this slide Patty will say that IHS Task Team had 2 days of training with Bob. We went over all the regulations to become familiar with them. Bob presented us with our tool kit, which included the regulations in an easy to read format, a basic workplan that we would take and develop further. We discussed how we would utilize the tools and how they could also work for our rural hospitals. It all made sense and the team left after 2 days of training feeling overwhelmed but happy that we now had a good plan and it was scaleable. Dave and Deb feel free to addBob DeGrand will do this slide Patty will say that IHS Task Team had 2 days of training with Bob. We went over all the regulations to become familiar with them. Bob presented us with our tool kit, which included the regulations in an easy to read format, a basic workplan that we would take and develop further. We discussed how we would utilize the tools and how they could also work for our rural hospitals. It all made sense and the team left after 2 days of training feeling overwhelmed but happy that we now had a good plan and it was scaleable. Dave and Deb feel free to add

    6. “Framing” HIPAA HIPAA Compliance is “Scalable” (One Law but many ways to Comply) Physician Offices, Hospitals, and Insurance Companies Covered by the Same Regulations Patty will do: So we had our team and a work plan. The work plan was scaleable to large or small facilities and physician offices. Our work plan was broken into strategies based on the regulations.Patty will do: So we had our team and a work plan. The work plan was scaleable to large or small facilities and physician offices. Our work plan was broken into strategies based on the regulations.

    7. “Framing” HIPAA HIPAA is “One-Sided” in that it Does Not Balance Patient Confidentiality with the Quality of Care (DHHS Guidelines Do) “Let’s Be Reasonable” Patty will do: We knew we had to be careful and not compromise patient care or our customer service initiative, but we knew we had to comply. Adminstratively we decided we would not compromise patient care for HIPAA. Bob keeps reminding us and our nursing staff love to hear this: HIPAA should not be allowed to interfere with patient care; where compromises must be made they should not be at the expense of patient care.Patty will do: We knew we had to be careful and not compromise patient care or our customer service initiative, but we knew we had to comply. Adminstratively we decided we would not compromise patient care for HIPAA. Bob keeps reminding us and our nursing staff love to hear this: HIPAA should not be allowed to interfere with patient care; where compromises must be made they should not be at the expense of patient care.

    8. FRAMING HIPAA Patty We need to know and to document what PHI is used/disclosed, by whom, to whom, why and how. That alone is an overwhelming task.Patty We need to know and to document what PHI is used/disclosed, by whom, to whom, why and how. That alone is an overwhelming task.

    9. Dates for Required Compliance Transaction Standards - 10/16/03* Privacy - 4/14/03 Security - Mid-2004 Patty will explain, so our work plan is geared for us to reach compliance by these dates.Patty will explain, so our work plan is geared for us to reach compliance by these dates.

    12. Major HIPAA Sub-Projects Software Compliance for Transactions and Code Sets Health Plan Readiness Business Associate Agreements Privacy Policies and Procedures Patient Rights and Forms Training Bob left side Patty right side Our IHS strategy team developed detailed workplans for Privacy to meet compliance by dates. Then each affiliate team meets and is responsible to do the workplan. Our CIHS team got organized, defined our roles and responsibilities and reviewed the workplan and tools. Team leaders were assigned to strategies. An awareness program was initiated at each affiliate. Education was performed at the Manager level and above. Bob left side Patty right side Our IHS strategy team developed detailed workplans for Privacy to meet compliance by dates. Then each affiliate team meets and is responsible to do the workplan. Our CIHS team got organized, defined our roles and responsibilities and reviewed the workplan and tools. Team leaders were assigned to strategies. An awareness program was initiated at each affiliate. Education was performed at the Manager level and above.

    13. Compliance Action Plan Software Development Project - Identify affected software - Communicate w/ software vendors - Understand development plans and delivery projections - Develop test plans and determine criteria for acceptance - Develop contingency plans BobBob

    14. Compliance Action Plan Payer Readiness Project - Identify and prioritize by major payers - Understand payers’ compliance plans and time lines - Develop test plans and determine criteria for acceptance (by Transaction Type) - Assess potential process changes - Develop contingency plans BobBob

    15. H. I. P. A. A. BobBob

    16. Compliance Action Plan Business Associate Agreements - Identify BAs that require Agreements - Review current contracts - Identify contractual “gaps” - Develop BA contract addendum and stand-alone BA Agreement - Deploy BA Agreement execution strategy Patty We went to our managers with a definition and asked to prioritize based on criteria of A B C. A’s are major/B-intermediate/C- Minor and asked them fill in a tool called a BA sheet. They forwarded to compliance electronically and then we now have a access database with all of our BA’s. We want a meaningful list by January1. We will use this database to access our contractual gaps. We have developed a contract addendum for any new contracts that may go beyond 2003, but will have our law office develop the stand alone agreement We then will send a LOE to all BA’s. Patty We went to our managers with a definition and asked to prioritize based on criteria of A B C. A’s are major/B-intermediate/C- Minor and asked them fill in a tool called a BA sheet. They forwarded to compliance electronically and then we now have a access database with all of our BA’s. We want a meaningful list by January1. We will use this database to access our contractual gaps. We have developed a contract addendum for any new contracts that may go beyond 2003, but will have our law office develop the stand alone agreement We then will send a LOE to all BA’s.

    17. Compliance Action Plan Patient Rights / Forms Project - Determine required changes to current forms and practices - Manage current forms inventory and time line - Revise current forms / develop new forms (Notice of Privacy Practices) - Develop and implement comprehensive patient rights strategy Patty We have 2 teams that are representatives from each affiliates including our physician offices. Patient Rights Team Consent/Admission/Registration Forms Team They will develop Patient Rights brochures/ Privacy statement/HIPAA consents and associated policies and procedures. They will do inpatient and outpatient HIPAA consent forms. They will develop distribution plan/order new brochures/consents Develop the education and training piece and the competency testing. Patty We have 2 teams that are representatives from each affiliates including our physician offices. Patient Rights Team Consent/Admission/Registration Forms Team They will develop Patient Rights brochures/ Privacy statement/HIPAA consents and associated policies and procedures. They will do inpatient and outpatient HIPAA consent forms. They will develop distribution plan/order new brochures/consents Develop the education and training piece and the competency testing.

    18. Compliance Action Plan Privacy Policy and Procedures - Identify HIPAA P&P Requirements - Review current P&Ps - Identify P&P “gaps” - Estimate magnitude of work effort and prioritize / schedule resources - Spread work effort over time available Patty Developing IHS System wide policies Each Affiliates gathered and sent any HIPAA related policies to a main designee. Gaps were identified by reviewing the regulations 5 policy teams were formed Medical records IT Patient Rights HR General Each Affiliate donated 2 people to these teams.These teams will review all current polices and take best and make them HIPAA compliant., These will be shared with our rural affiliates. Goal is to spread the 20 polices over these 5 teams and have them completed by end of 2002 with education completed by 4/2003 These will then go through the compliance committee and their dissemination/education processPatty Developing IHS System wide policies Each Affiliates gathered and sent any HIPAA related policies to a main designee. Gaps were identified by reviewing the regulations 5 policy teams were formed Medical records IT Patient Rights HR General Each Affiliate donated 2 people to these teams.These teams will review all current polices and take best and make them HIPAA compliant., These will be shared with our rural affiliates. Goal is to spread the 20 polices over these 5 teams and have them completed by end of 2002 with education completed by 4/2003 These will then go through the compliance committee and their dissemination/education process

    19. Positioning Concepts Developing a HIPAA Plan Managing the HIPAA Time Line Properly Allocating Resources Controlling Expenses (“Spend No Money Before It’s Time”) Staying “Ahead of the Curve” BobBob

    20. Risk Probability Assessment BobBob

    21. H. I. P. A. A. Public Domain Information Web Sites: http://aspe.hhs.gov/admnsimp/ (general info) http://ahima.org (general info - sample practices) http://hipaadvisory.com (general info) http://www.healthcare-informatics (general info) http://www.hcfa.gov/security/isecplcy.htm (security regs) http://www.jhita.org/ (joint h/c info tech info) BobBob

    22. What You Should Do NOW Name a HIPAA Officer Study the Requirements (esp. Policies and Forms) Develop a Project Plan Communicate with your “Billing” Partners Continue to get knowledgeable Patty, someone that cares about Privacy and Security and will be a champion Dave and Deb addPatty, someone that cares about Privacy and Security and will be a champion Dave and Deb add

    23. What You Should Do NOW Required Reading Privacy Regulations (in some form) DHHS Guidelines (7/6/01 Release) Practice Briefs (AHIMA, other) BobBob

    24. HIPAA Preparations Questions . . . .Answers Bob and Patty Dave and Deb Bob and Patty Dave and Deb

More Related