HIPAA Policy & Procedure Strategies

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Marcia Gonzales, JD Compliance Officer & Privacy Officer
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Human Subjects Update E. Wethington, Chair, UCHS.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
HIPAA Training Workshop #2 Trainer: Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
UNDERSTANDING WHAT HIPAA IS AND IS NOT
Privacy & Information Security Basics
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
Health Insurance Portability and Accountability Act
HIPAA Pros - Disclosures
Refuah Community Health Collaborative (RCHC) PPS
HIPAA Implementation Strategies for Compliance Professionals
Disability Services Agencies Briefing On HIPAA
Health Insurance Portability and Accountability Act
County HIPAA Review All Rights Reserved 2002.
HIPAA Implementation Strategies for Compliance Professionals
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Lesson 1  7 Basic Components of an Effective Compliance Plan
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Enforcement and Policy Challenges in Health Information Privacy
Presentation transcript:

HIPAA Policy & Procedure Strategies David J. Butler & Christopher E. Coleman Strategic Management Systems, Inc. The HIPAA Colloquium at Harvard University August 22, 2002 SMSInc. HIPAA Colloquium at Harvard University

Drafting Policies & Procedures Privacy regulation requires that activities be documented Procedures must be carried out in accordance with regulatory standards Thus, policies and procedures should be developed that are 1. Practical and Operational for your Organization, and 2. Compliant with Federal, State, and Local Regulations SMSInc. HIPAA Colloquium at Harvard University

Drafting Policies & Procedures Who will manage Policy & Procedure process? Establish a Project Manager Establish a Team for drafting and review How do Policies & Procedures get approval? Executive committee review and approval? Board review and approval? Departmental review and approval? Consider Time Management Prioritize roll-out of policies from most challenging to already existing SMSInc. HIPAA Colloquium at Harvard University

Policies vs. Procedures Many of the Policies will be standard, as required by the HIPAA regulations Many Procedures should be TAILORED to your organization’s operations Both Policies & Procedures must be operational and practical for your organization IT MUST BE “DO-ABLE” SMSInc. HIPAA Colloquium at Harvard University

Privacy Policy Categories Administrative Requirements Individual Rights Consents and Authorizations Uses and Disclosures - General PHI Uses and Disclosures - Specific Applications Uses and Disclosures - Authorization Not Required Forms SMSInc. HIPAA Colloquium at Harvard University

Administrative Requirements Designating a Privacy Officer Non-retaliation Policy Sanctioning of Employees Policy Conducting Training Consider the following when drafting: many may already exist within Compliance Program leverage existing policies and procedures insert amendments to cover privacy requirements use as opportunity to audit and update existing policies and procedures SMSInc. HIPAA Colloquium at Harvard University

HIPAA Colloquium at Harvard University Individual Rights Granting Access to Inspect and Obtain Copies Requesting Amendments to Information Requesting Accountings of Disclosures Confidential Communications Consider the following when drafting: Who will receive and process requests from patients? Who will supervise patient’s inspections? Who will review requests for amendments? Will we charge for copies? How much? SMSInc. HIPAA Colloquium at Harvard University

Consents and Authorizations Consent for Use and Disclosure during Treatment, Payment, and Operations Authorization initiated by Provider, OR initiated by Patient Policies and Procedures should be consistent with Consent Form Identify Scenarios for when you would need to obtain Authorization SMSInc. HIPAA Colloquium at Harvard University

Uses & Disclosures - General PHI Identifying Protected Health Information Verifying the Identity and Authority of Requestors Minimum Necessary Disclosures De-identifying PHI Consider the following when drafting: Do we treat all health information as protected? How should we classify employees for access to PHI? Do we ever need to de-identify PHI? Use professional judgement !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! SMSInc. HIPAA Colloquium at Harvard University

Uses and Disclosures - Specific Applications Marketing Fundraising Notice of Privacy Practices Others involved in the Patient’s Care Consider the following when drafting: Do we conduct marketing or fundraising? Who will provide the Notice of Privacy Practices? How do we notify Next-of-Kin? SMSInc. HIPAA Colloquium at Harvard University

Uses and Disclosures - Authorization Not Required Research review by IRB (in most cases) Subpoena Health oversight release (Medicare review) Public Health release (CDC, State) Consider the following when drafting: identify which situations will not apply to your organization identify which polices and procedures can be consolidated (i.e., lessen # of procedures) leverage existing procedures for release of information (e.g., complying with subpoena) SMSInc. HIPAA Colloquium at Harvard University

Security Policies & Procedures Less in number than Privacy Written documentation for all aspects of Security Administrative Physical Technical Access Controls Data Integrity Disaster Recovery Documentation…..Documentation…..Documentation SMSInc. HIPAA Colloquium at Harvard University

HIPAA Colloquium at Harvard University Forms Consent Authorization Request for Amendment Business Associate Contract Chain of Trust Agreements Consider the following when drafting: forms should be reviewed by legal counsel leverage procedures for existing forms (e.g., consent for treatment) will need to identify business associates (many vendors) SMSInc. HIPAA Colloquium at Harvard University

Coordinate Privacy and Security Minimum Necessary De-identification Disclosure Accounting Breach of Privacy Business Associate Training SECURITY Access Controls Personnel Clearance Access Auditing Security Breaches Chain of Trust Training SMSInc. HIPAA Colloquium at Harvard University

HIPAA Colloquium at Harvard University Take Home Message Policies & Procedures MUST BE TAILORED TO YOUR OPERATIONS COMPLY WITH REGULATORY STANDARDS WORK PRACTICALLY FOR YOUR FACILITY SMSInc. HIPAA Colloquium at Harvard University