Mesa Mental Health HIPAA Summit West, June 5, 2003 1 HIPAA Compliance Case Study: Practical HIPAA Compliance Strategies for Small Providers Session 2.07;

Slides:

Advertisements

Similar presentations

Performance Appraisals

Advertisements

Analysis to support CALEA Standards Prepared by: Christie Goddard.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

NAU HIPAA Awareness Training

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Termination Decisions and Meetings Training for Supervisors

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Performance Indicators Exam QuestionsPromotionMerchandisingGeneral

ICAICT202A - Work and communicate effectively in an IT environment

Summer Camp: Duty of Care as a 4-H Staff Member Connie Coutellier, consultant, author, trainer and member of the 4-H State Camp Advisory Committee.

The SACS Re-accreditation Process: Opportunities to Enhance Quality at Carolina Presentation to the Faculty Council September 3, 2004.

Management Responsibility Procedure Tutorial. Introduction to Management Responsibility In this presentation we will discuss how to write a procedure.

Electronic Health Records

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Confidentiality… important facts to know and critical things to do!

August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

 Value Proposition  Key Features  A Closer Look  Operational Support  Essential Payback Employee Access TM Your Window to Employee and Manager Self-Service.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.

Electronic Records Management: What Management Needs to Know May 2009.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Job Analysis. I. Nature of Job Analysis Work activities and behaviors Interactions with others Performance standards Machines and equipment used Working.

HIPAA COMPLIANCE PROTECT INFORMATION INCREASE RECYCLING SAVE MONEY.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Joanne Hayden UVA Health Plan Ombudsman 1.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

ACCOUNTING INFORMATION SYSTEMS

CEB Corporate Leadership Council © 2013 The Corporate Executive Board Company. All Rights Reserved. 1 EMPLOYEE GUIDE: INTERACTING WITH EXTERNAL STAKEHOLDERS.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

CODE OF CONDUCT TRAINING. We conduct our global business honestly, ethically and legally, believing that good ethics is good business. The Company’s Philosophy.

The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI

Implementing an Effective Global Anti-Bribery Program Implementing an Effective Global Anti-Bribery Program Elaine Murphy, MBA Director Health Care Compliance.

UNIT 6: SECURITY MEASURES IN WORD PROCESSORS. Functions of Word Processing Software Preparing written forms of communications for clients, other lawyers,

Unit 9 Seminar Business Organizations. Things to do this unit: UNIT 9 – Read Chapter 13 and 14 – Respond to the Discussion Board – Attend the Weekly Seminar.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Compliance August 18, Agenda Outline Status Draft of Answers.

City of Pasadena Underground Utility Program Steve Toler, Senior Manager October 19, 2015.

Policy 2 Dr.Talal Alkharobi. 2 Create Appropriate Policy Each organization may need different policies. Policy templates are useful to examine and to.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

Module 1: Writing Your Functional Competency Assessment East Carolina University Department of Human Resources Classification and Compensation.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

MODULE ONE. AIM To understand the causes and spread of infection and be able to apply the principles of infection prevention and control.

Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.

© BLR ® —Business & Legal Resources 1501 Essential HR For Those Who Have Recently Assumed HR Responsibilities.

Methods of Training Starter Create your own definition of training. Give an example of training you have undertaken in your life so far. Did you have a.

Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.

April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and.

FastFacts Feature Presentation

How to Apply for and Receive Industry Funding for Investigator Sponsored Research Chuck Simonton MD, FACC, FSCAI Chief Medical Officer Abbott Vascular.

Auditing Cloud Services

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

HIPAA Basic Training for Privacy and Information Security

EMPLOYEE ASSISTANCE PROGRAM ComPsych

Management Responsibility

Disability Services Agencies Briefing On HIPAA

Managing TANF Policies and Procedures August 2017

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA Policy & Procedure Strategies

Employee Training and Orientation Process

Internal Audit Who? What? When? How? Why? In brief . . .

Presentation transcript:

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Compliance Case Study: Practical HIPAA Compliance Strategies for Small Providers Session 2.07; June 5, 2003 Carol Furgal, MSN, CPHQ Privacy Officer and V. P. Quality/Risk Management Mesa Mental Health

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers A.ORGANIZATIONAL CONSIDERATIONS 1. Selection of Privacy Officer: a. Overall general knowledge of company processes a. Overall general knowledge of company processes b. Position of authority c. Regular responsibilities include one or more of the following: risk reduction, complaints, regulatory or legal following: risk reduction, complaints, regulatory or legal functions, quality management functions, quality management

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers A.ORGANIZATIONAL CONSIDERATIONS (cont) 2. Selection of Privacy Committee: a. All major departments represented b. All levels of staff and authority represented c. Supervisor/Manager buy off on committee attendance d. Set regularly scheduled day and time for meetings e. Capitalize on time by assigning homework

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers A.ORGANIZATIONAL CONSIDERATIONS (cont) 3. Selection of Security Officer a. Needs knowledge of information/technical systems, a. Needs knowledge of information/technical systems, hardware and software programs and capabilities hardware and software programs and capabilities b. Authority level needs to allow for access to financial data data c. Best fit might be the IT/systems administrator for the company company d. Must be able to work with Privacy Officer

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers A.ORGANIZATIONAL CONSIDERATIONS (cont) 4. Selection of Legal Consultant a. Substantial experience in healthcare law b. Inquire about conferences/seminars attended c. Inquire, via references, about turn-around-time and customer service issues customer service issues d. Willing to let you do most of initial preparatory work e. Remember – No tried experts in this area yet

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers A.ORGANIZATION CONSIDERATIONS (cont) 5. Ownership of the data a. Before embarking discuss who really owns the data under consideration consideration b. If you are a recipient of data and not the generator, you may have to follow someone else’s protocols may have to follow someone else’s protocols c. Do not spend valuable time developing documents you won’t be able to use won’t be able to use d. Color code forms for different lines of business, keeping in mind copying requirements mind copying requirements

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers B. PREPARING WRITTEN DOCUMENTS 1. Begin with review and discussion of who needs what data to do their jobs (see Role Based Access Summary) to do their jobs (see Role Based Access Summary) 2. Then conduct a thorough review of existing policies, procedures, protocols procedures, protocols 3. Adapt and Modify already existing documents 4. Reserve one individual with excellent writing and grammar skills to serve as final proof reader skills to serve as final proof reader 5. Prepare drafts and then submit for legal review

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers C.TRAINING NEEDS AND APPROACHES 1. In-house versus a vendor? a. Is there enough lead time? b. Is the trainer knowledgeable about HIPAA? c. Can the Privacy Officer find the time to conduct training? training? d. Weight the costs of an outside vendor against the costs to pull an existing employee from their other costs to pull an existing employee from their other assignments to conduct the HIPAA training assignments to conduct the HIPAA training

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers C.TRAINING NEEDS AND APPROACHES (cont) 2. On-Going Requirements a. Make it part of initial orientation; HR to do overall exposure and departmental manager/supervisor to train on job and departmental manager/supervisor to train on job specific aspects specific aspects b. Provide HIPAA Workbook; include Policies, Procedures, Protocols, forms, process flowcharts, contact names and Protocols, forms, process flowcharts, contact names and numbers numbers c. If have company wide consider making a game of HIPAA questions and answers based on actual incidences HIPAA questions and answers based on actual incidences

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers D.BEHAVIORAL HEALTH ISSUES 1. State Laws and Pre-emption a. Need to secure information regarding any state laws that are more stringent than HIPAA – Obtain from legal source more stringent than HIPAA – Obtain from legal source b. HIPAA defers to state laws when they are more stringent 2. Fears/stigma still associated with receiving behavioral health care 3. Inadvertent access to sensitive information that could have disastrous effects disastrous effects

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Case Study: Practical Strategies for Small Providers EXHIBITS All exhibits and materials are the property of Mesa Mental Health. You may not use the existing materials in their entirety without the expressed permission of Mesa Mental Health. If you would like to use the material for your business please contact Carol Furgal at