1 / 33

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT - HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT - HIPAA. Executive Overview & Summary. Executive Overview & Summary of HIPAA. Goals of the HIPAA regulations Impact of HIPAA on hospitals Action steps to become HIPAA compliant. Legislative Goals of HIPAA.

kathy
Download Presentation

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT - HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT - HIPAA Executive Overview & Summary

  2. Executive Overview & Summary of HIPAA • Goalsof the HIPAA regulations • Impactof HIPAA on hospitals • Action steps to become HIPAA compliant

  3. Legislative Goals of HIPAA • Guarantee health insurance coverage • when workers change or lose their jobs • Reduce fraud and abuse • Protect patient information • Establish standards for administrative simplification

  4. Goals of the HIPAA regulationsUS legislative deliverables • Under administrative simplification, DHHS has drafted proposed standards governing: • Transactions & Code Sets • Unique Health Identifiers • Privacy • Security • Electronic Signature

  5. Impact of HIPAA on hospitals • Healthcare activities • Health information • Compliance with standards • Cost of compliance • Cost of non-compliance

  6. Impact of HIPAA on hospitals Healthcare activities:HIPAA standards apply • Any preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, counseling, service, or procedure with respect to the physical or mental condition or functional status of a patient or affecting the structure or function of the body • Any sale or dispensing of a drug, device, equipment or other item pursuant to a prescription • Procurement or banking of blood, sperm, organs, or any other tissue for administration to patients

  7. Impact of HIPAA on hospitals Health information:HIPAA standards apply • Information which: • “Relates to past, present, or future physical or mental health or condition of an individual; or the past, present or future payment for the provision of health care to an individual.” • “Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.” • Identifies the individual, or with respect to which there is reasonable basis to believe that the information can be used to identify the patient.

  8. Impact of HIPAA on hospitals Compliance with standards • Transactions & Code Sets • Unique Health Identifiers • Privacy • Security • Electronic Signature

  9. Impact: Compliance with standardsTransactions & Code Sets Standards • EDI - Electronic Data Interchange is the digital exchange of standard business documents & data • HIPAA applies standards to health care transactions: • Health claims or similar encounter information • Enrollment & disenrollment in a health plan • Eligibility for a health plan • Health care payment & remittance advice • Health plan premium payments • Health claim status • Referral certification & authorization • Health claims attachments (future) • First report of injury (future)

  10. Impact: Compliance with standardsUnique Health Identifiers Standards • National Provider Identifier • Creates National Provider System (NPS) from HCFA • National Employer Identifier • EIN • National Health Plan Identifier • PLANID is under development by HCFA • National Individual Identifier • (On hold pending privacy legislation and/or regulations)

  11. Impact: Compliance with standardsSecurity Standards • Security standards apply to: • “The security provisions…apply to any health plan, any health care clearinghouse, and any health care provider that electronically maintains or transmits any health information regarding an individual.” • Categories of security standards include: • Administrative Procedures • Physical Safeguards • Technical Security Services • Technical Security Mechanism • Electronic Signature

  12. Impact: Compliance with standardsPrivacy Standards • Standards apply to: • “Information…from the point in time when it becomes electronic, either by being sent electronically or being maintained by a computer system” • “Paper versions of the information, such as computer printouts, are also protected • Categories of privacy standards include: • Patient rights • Use and disclosure of health information • Administrative policy documentation • Preemption, compliance, enforcement

  13. Impact: Compliance with standardsElectronic Signature Standard • Use of electronic signature is not required for any of the currently proposed standards transactions. • If electronic signature is used, it must: • Identify the signatory individual • Assure the integrity of a document’s content • Provide for nonrepudiation - “strong and substantial evidence that will make it difficult for the signor to claim that the electronic representation is not valid”

  14. Impact: Compliance with standardsFuture state of hospitals • All healthcare providers and payers standardize the way patient information is transmitted and stored • Everyone is using the same transmission, security and privacy practices • Positive ID of every plan, provider, employer and patient

  15. Impact: Compliance with standardsStrategic business benefits of HIPAA • HIPAA mandates, but also facilitates the ... • Decrease cost of operations • Opportunity to redesign transaction processing • Opportunity to redesign workflow models • Provision of better service & information management

  16. Impact of HIPAA on hospitals Cost of Compliance • Technology • Process • People

  17. Impact of HIPAA on hospitals Cost of Compliance: Technology • Every entity you transmit individually identifiable health information to, or receive individually identifiable health information from must be in compliance • Computer systems that contain individually identifiable health information must be in compliance • Computer System upgrades or replacements • HIPAA is technology neutral & scalable

  18. Impact of HIPAA on hospitals Cost of Compliance: Process • Health care providers, plans, and clearinghouses are responsible for determining the implementation of specific security and privacy practices • Providers, plans, and clearinghouses must create and keep current, detailed documentation of their data security assessments, plans, policies, and procedures. • HIPAA requires formal, not informal processes • HIPAA allows for reasonable and practical implementation decisions • HIPAA implementation is scalable

  19. Impact of HIPAA on hospitals Cost of Compliance: People • A “Data Security Officer” must be appointed to • Monitor practices • Enforce policies • Employ sanctions • Every employee or contractor with access to individually identifiable health data must be trained • Individuals that are responsible for maintaining data security must have ready access to the documentation.

  20. Impact of HIPAA on hospitals Cost/Benefit & Savings of Compliance DHHS 5 Year Projection (in billions of dollars)

  21. Impact of HIPAA on hospitals Cost of non-compliance • Penalties for Violations of Standards • Fine of up to $250,000 and/or imprisonment up to 10 years • For a knowing misuse of unique health identifiers and/or individually identifiable health information • Fine of up to $100 per person, per transaction, up to $25,000 annually • For a failure to comply with transaction standards

  22. Action Steps to become HIPAA compliant • DHHS Timetable • Awareness/Education • Impact Analysis: Assessment and gap identification • Implementation for HIPAA compliance • Training and Enforcement • Audit

  23. Final Rule NPRM Comments Compliance Action Steps to become HIPAA compliant DHHS Timetable • Monitor NPRM and Final Rules publication dates • When Final rules are published: • 24 months to comply. • All health care providers, plans and clearinghouses, except small health plans (<50 members ) • 36 months to comply if you qualify as a • Small health plans • DHHS rules will supersede any state law contrary to their requirements, except where waived

  24. Action Steps to become HIPAA compliant DHHS Timetable • Transactions and Code Sets • 8 transactions - Final Rule 8/2000 (est.) • Claims Attachments - Proposed Rule TBD • First report of injury TBD • Privacy • Proposed Rule 11/1999 • Final Rule TBD • Security • Final Rule TBD • Electronic Signature • Final Rule TBD

  25. Action Steps to become HIPAA compliant DHHS Timetable • Unique Health Identifiers • National Provider Identifier • Final Rule TBD • National Employer Identifier • Final Rule TBD • National Health Plan Identifier • Final Rule TBD • National Individual Identifier • (On hold pending privacy legislation and/or regulations)

  26. Action Steps to become HIPAA compliantAwareness and Education • Initiate Enterprise Awareness • Executive Team • Medical Staff • Initiate management awareness program • Acknowledge that HIPAA is real • Identify organizational scope and timeframes • Identify & explain HIPAA impact, department by department • Cost of compliance verses non-compliance • Business partner relationships and HIPAA

  27. Action Steps to become HIPAA compliantAssessment and Gap Identification • Check existing computer systems • capabilities for security mechanism • security and privacy policies • security and privacy practices • Assess current business policies & practices • Assess current staff knowledge and training

  28. Action Steps to become HIPAA compliantImplementation for HIPAA compliance • Identify security officer • Identify HIPAA Team • Identify business strategies • Perform risk analysis • Develop implementation plan and budget • Track system changes and replacements • Develop policies to support HIPAA compliance

  29. Action Steps to become HIPAA compliantTraining and Enforcement • New Hire training • Contractor training • Periodic updates and training • HR policies for security/privacy breaches • Monitoring for compliance • Sanctions for non-compliance

  30. Action Steps to become HIPAA compliant Audit • Due diligence process to ensure HIPAA compliance • Compare actual practices to policy • Compare actual practice & policy to HIPAA standards

  31. Phoenix Health Systems • Founded in 1988 • Based in Washington, D.C. area • Over 60 employees • Specialize in healthcare information technology • Consulting services • Outsourcing • All senior staff members and consultants have a minimum of 10 years experience in the healthcare industry

  32. HIPAAlert • Stay in touch with HIPAA health information security & privacy issues and developments as they evolve. • Subscribe to HIPAAlert, a free monthly email newsletter for healthcare managers who must address HIPAA compliance issues and requirements. • Sign up for your free subscription, by clicking <http://hipaalert.com> and receive our next issue at the end of the month. In the meantime, you'll have web access to all past issues of HIPAAlert and HIPAAlert NewsBriefs.

  33. HIPAAlive • Keep in touch with HIPAA health information security & privacy issues and the industry’s daily discussion • Participate in this free E-mail discussion list • Provides an opportunity for healthcare managers and other professionals to discuss health information security and privacy issues and events related to HIPAA • To subscribe to HIPAAlive send an email to join-hipaalive@lists.hipaalert.com

More Related