CalOHI Staff Policy Branch Operations Branch Information Technology

Slides:



Advertisements
Similar presentations
Billing and Electronic Health Record Upgrade Project October 23, 2013 Implementation Phase Presenters: Terry Reusser, Michael Snouffer.
Advertisements

Medicaid Division of Medicaid and Long-Term Care Department of Health and Human Services Managed Long-Term Services and Supports.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
 Board of Trustees has asked for more focus on financial controls  CES Audit Committee has requested more departmental audits  Likely that one or.
W E L C O M E to the SB 1022 Real Estate Due Diligence Training SB 1022 Real Estate Due Diligence Training.
Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Florida Transportation Commission TEAMFL January 21, 2011 Stephen Reich, Center for Urban Transportation Research, University of South Florida.
Delaware Health Benefit Exchange (HBE) Project Update Delaware Health Care Commission Meeting: March 28, 2013.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
Continuous Improvement and Focused Monitoring System US Department of Education Office of Special Education Programs Overview of the OSEP Continuous Improvement.
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
National HIPAA Audioconference: Analysis of the National Provider Identifier Preparing for the NPI Transition January 11, 2006.
HIPAA Progress in the State of California National Governors Association Burt Cohen, Acting Director Office of HIPAA Implementation Health & Human Services.
OSAE sets the PACE: Premier Auditing Consulting and Evaluations! American Recovery and Reinvestment Act (ARRA) Readiness Review.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.
Michigan Department of State Traffic Safety Agenda Development Governor’s Traffic Safety Advisory Commission June 22, 2007.
California Department of Public Health California Department of Public Health Accreditation Readiness Team (ART) Orientation Office of Quality Performance.
ADRC in Maryland Maryland Department of Aging Evaluator: Stephanie M. Lyon, Ph.D. Center for Health Program Development and Management University of Maryland,
Social Value: The Social Value in Health and Care programme in Salford.
Safety Committee Formation
Plan & Partner Management Update
NCDPI Information Technology k-12 Cybersecurity Study
Office of Information Technology October 18, 2016
Integrating Employment and Housing to End Homelessness
Community Development Department April 3, 2017
HIPAA Administrative Simplification
DMS Office of Efficient Government Kick Off Meeting.
Implementation Strategy July 2002
Health Information Exchange: Alaska’s Health Pipeline
2 Selecting a Healthcare Information System.
CMS HIPAA Transaction Implementation Status Checklist
Wyoming association of sheriffs and chiefs of police
Early Childhood Programs
Kentucky Lead Workgroup Recommendations
Community Development Department April 3, 2017
Confidentiality and Interagency Sharing of Juvenile Information
HIPAA Implementation Strategies for Compliance Professionals
Privacy Project Framework & Structure
Disability Services Agencies Briefing On HIPAA
Career Banding Program for North Carolina State Government Employees
SMAA SMAA 101 What is SMAA?.
ESEA Consolidated Monitoring
HIPAA Summit VII The Hidden Trap: Compliance with State Law
School Site Council (SSC) Training
HIPAA Implementation Strategies for Compliance Professionals
Health Care: Privacy in a Digital Age
Presented by: Steven S. Lazarus, PhD, FHIMSS
The partnership principle in the implementation of the CSF funds ___ Elements for a European Code of Conduct.
Presentation to The Fourth National HIPAA Summit
The Process for Final Approval: Ongoing Monitoring
PSO Overview for Executives
National Congress on Health Care Compliance
Enforcement and Policy Challenges in Health Information Privacy
Making Your IRBs and Clinical Investigators HIPAA-Ready
Government Data Practices & Open Meeting Law Overview
Quality Management STD/HIV Program (SHP)
MAP-IT: A Model for Implementing Healthy People 2020
Hands-On: FSA Assessments For Foreign Schools
Government Data Practices & Open Meeting Law Overview
PSO Overview for Executives
League of Advanced European Neutron Sources
Transaction, Code Sets and Identifier Update
The Office of Health Insurance Programs (OHIP) and The Division of Family Health (DFH)
National data opt-out - Preparing for implementation
Government Partnerships Best Practice Example: Special Olympics Kenya
Community Development Department April 3, 2017
SMAA SMAA 101 What is SMAA?.
Presentation transcript:

CalOHI Staff Policy Branch Operations Branch Information Technology Legal Services You may be wondering who is behind all this HIPAA work: Let me take a minute and introduce the CalOHI staff: There Hart – Policy Alex Kam – Operations Greg Thompson – IT Stephen Stuart – Legal Elaine Scordakis – Planning & Reporting Terrie Williams – Technical Assistance & Training Bobbie Holm – Program Development Ruth Jacobs – Corrective Action Alan Zamansky – Program Review Daryl Spiker – Business & Contractual Services

CalOHI Interfaces ADVISORY GROUPS DEPARTMENTS LOCAL AGENCIES U.S. DHHS CALIFORNIA OFFICE OF HIPAA IMPLEMENTATION CALIFORNIA LEGISLATURE STATEWIDE WORKGROUP The work of CalOHI is on a different dimension than that of operating departments. CalOHI is responsible for planning, policy articulation, education, monitoring, tracking, evaluation, and reporting HIPAA implementation as a whole. Successful implementation requires close coordination and communication between CalOHI and many key groups such as: U.S. HHS California Legislature Local Agencies Control Agencies Departments CONTROL AGENCIES SUB-WORKGROUPS The Advisory Group The Statewide Workgroup Sub workgroups

Statewide Workgroup Proposed

Preemption under HIPAA Why necessary What CalOHI is doing Next steps Possible exception determinations (waivers) Some state laws may have to be changed or modified Generally, HIPAA preempts state law, except that in the Privacy area, more stringent state law preempts HIPAA. So, need to determine what to follow in each case. Different results – 50 states. Tough on multi-state business. We are analyzing major statewide laws – IPA & Confidentiality of Medical Info Act, and are asking all covered entities to analyze their program specific statutes. We will review these when they come back & discuss these. Based on these reviews, we will map out what Calif. Has to follow. Then we need to decide where to ask for waivers. These will have to be requested by the Governor. Also, we may need to change some state statutes – California Constitution, Sec. 3.5 of Article III. Complicates the waiver process.

Accomplishments & On-Going Activities SB 456 Activities: Assessment Legislative Report DOF Quarterly Report Advisory Committee Web Site Charter Policy & Information Memorandums Preemption Analysis Enterprise Efforts MSA Departmental Liaisons Phases to HIPAA Compliance Since October, CalOHI has: In accordance with SB 456: 1) developed the assessment and sent to 200+ departments, 2) began preparing the leg report, 3) created a quarterly report process for DOF and collected data from departments who have HIPAA funding, 4) organized an Advisory committee which will have its first meeting April 26th. The group is composed of 53 members representing…, 5) began the research and development to initiate a web site. CalOHI has developed a charter which outlines … (handout) Developed policy & information memorandums and shared them with impacted departments and members of the statewide workgroup.Our staff counsel has been working with other departments and corresponding with the federal government about preemption and HIPAA law. CalOHI has been pursuing enterprise efforts among departments to most efficiently tackle HIPAA A MSA has been established for impacted departments to use to contract with HIPAA vendors; near finalization… CalOHI staff have been assigned to departments… Also, CalOHI has developed its own taxonomy, per se, to measure steps to compliance with HIPAA (handout)

What the assessment is telling us… 24 impacted departments 53 programs 10 Covered Entities 6 Health Care Providers 8 Health Care Plans 1 Health Care Clearinghouse 12 Business Associates 13 Trading Partners 6 Hybrid Entities 20 Impacted by Data Content Sent out approximately 280 assessments to state entities and interested parties. Of those, 209 were to state entities that may be impacted by HIPAA. To date, we have received 162 back, 78% return rate. We have validated data for those departments that indicated HIPAA impact and met with Departments as necessary. Shows 12 covered entities, for example There are 6 Business Associates that are not Covered Entities. For example, SCO, Insurance, Inspector General for VA, California Medical Assistance Commission, Dept. of Social Services, HHSDC Departments are at different stages of assessment. DHS started early. Very few know the cost of remediation. What does all this mean…?

18 programs impacted in 46 categories For Example… 18 programs impacted in 46 categories Health Services 18 impacted programs (including Medi-Cal) 10 covered entities 1 provider 10 health plans 4 business associates 3 trading partners 18 data content Approximately 151 impacted IT systems DHS represents about 33% of state impacted entities

What the assessment is telling us… 24 Departments impacted in over 100 ways Unexpected impacted departments include Forestry and YACA Most departments recently identified as impacted are at the awareness stage, and therefore, we do not have much cost information from them See Bobbie’s talking points

Next Steps Develop Statewide Project Plan with Departments Identify Risks / Contingencies with Departments Identify Best Practices & Strategies Continue to Pursue Enterprise Efforts Continued Presence at National Level