1 healthcare IT solutions Copyright Phoenix Health Systems, Inc. 2004. All rights reserved. Countdown to Compliance For HIPAA Results of the Winter 2004.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

HIPAA Health Insurance Portability and Accountability Act.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Are you ready for HIPPO??? Welcome to HIPAA

Building a Medical Records Compliance Program for Your Office: Charles B. Brownlow, OD, FAAO December 17, 2012.

Segment Five: Provider Communication Idaho ICD-10 Site Visit Training segments to assist the State of Idaho with the ICD-10 Implementation January 26-27,

Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.

WHAT'S AHEAD? Kathy Whitmire Dale Gibson February 15, 2011 HIPAA 5010, ICD-10, ACO's, VBP, HIGLAS, PECOS.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

0 Presentation to: Medical Associations and Societies - Group Meeting Presented by: Department of Community Health (DCH) Medicaid Division June 12, 2013.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

State of Iowa Enterprise HIPAA Compliance

Integrating HIPAA Into Your Compliance Program Fifth Annual National Congress on Health Care Compliance February 7, 2002 Glenna S. Jackson Vice President.

The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.

2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.

1 HIPAA for Small Providers Sherry Shults, RN BSN Director Clinical Support South Carolina Heart Center.

HIPAA TRANSACTIONS 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and Human Services.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

1 HSCRC ICD-10 Hospital Survey Information Exchange II May 28, 2015.

WEDI ICD-10 Update National Committee on Vital and Health Statistics Subcommittee on Standards June 10, 2014 Jim Daley, Chairman, WEDI Director, IT Risk.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Reflections on the State of Privacy Risk Management in Health Care Benefits Administration (one year and counting …) Mark Lutes, Esq. Partner Epstein Becker.

The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HIPAA Summit Audioconference Analysis of Addenda to HIPAA Transactions and Code Sets Rule Larry Watkins Executive Vice President, Claredi Co-chair, WEDI.

Copyright © Emerson Strategic Group, Inc. All Rights Reserved 1 Ninth National HIPAA Summit Auditing for Privacy Compliance: A Case Study September.

Facilitators: Kit Cairns, Dean Health Greg Margrett, Netwerkes/Ingenix.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Segment 6: Provider Communication California ICD-10 Site Visit Training segments to assist the State of California with the ICD-10 Implementation June.

Standard Unique Health Identifier for Health Care Providers April 9, th Annual HIPAA Summit Gail Kocher Highmark.

March 19, 2003 Audioconference Approaches to Compliance with the HIPAA Privacy and Security Workforce Training Requirements Presented by: Steven S. Lazarus,

ASCA Transaction Extension and Resources to Help Extending Your Compliance Deadline for Transactions & Code Sets April 19, 2002 Steven S. Lazarus, PhD,

Extending Your Compliance Deadline for Transactions & Codes Sets Developing your Compliance Plan for a Smoother Transition and to Avoid Potential Medicare.

ICD-10 Operational and Revenue Cycle Impacts Wendy Haas, MBA, RN Dell Services Healthcare Consulting.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

© 2014 By Katherine Downing, MA, RHIA, CHPS, PMP.

HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.

April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and.

EMPLOYER HIPAA COMPLIANCE STRATEGIES HIPAA Summit Audio Conference

Countdown to Compliance

Presented by: Steven S. Lazarus, PhD, FHIMSS

The Centers for Medicare & Medicaid Services

The Centers for Medicare & Medicaid Services

Countdown to Compliance

Countdown to Compliance

Transaction, Code Sets and Identifier Update

Presentation transcript:

1 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Countdown to Compliance For HIPAA Results of the Winter 2004 Healthcare Industry HIPAA Compliance Survey conducted by HIMSS and Phoenix Health Systems Tom Grove, Vice President

2 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. 17th! Healthcare Industry Quarterly HIPAA Survey Conducted in collaboration by Phoenix Health Systems and HIMSS Participants completed the online survey during early January 2004, at Phoenix’ web site HIPAAdvisory.com Expanded coverage of transactions readiness

3 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Who Participated? 631 industry representatives across the nation responded 70% of total respondents were Providers –Hospitals represented 51% of the total –Remainder were physician practices and other providers 30% of respondents were Payers and Vendors, and only a few Clearinghouses

4 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Who Participated? Almost 90% of respondents hold an “official” role within their organization for HIPAA compliance –52% CIOs or senior department managers –28% specific role in compliance or security

5 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Transactions and Code Sets: Key Findings Less than 50% of respondents are ready to conduct all HIPAA standard transactions –Only 50% have completed external testing 85% of Payers continued to accept non- compliant transactions into January –34% will stay on this course for at least three more months –An additional 34% will continue until the Centers for Medicare and Medicaid Services (CMS) ends its temporary Contingency Plan

6 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Ready for All HIPAA Transactions Ready Now Within 3 Months Do Not Know Providers45% (up from 18%) 18%21% Payers56% (up from 53%) 17%10% Vendors40% (down from 47%) 16%12% Clearinghouses (4 responses) 50%0%

7 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Focused Efforts TransactionProviderPayer 83778%85% 83568%82% 276/27741%72% 270/27141%63% 83419%55% 8208%38% None2%0%

8 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Obstacles: “We Have Met the Enemy, and the Enemy is Us” Providers 1.Payers are not ready to accept/transmit standard transactions 2.Payers are not ready for testing 3.Cannot get needed information from Payers, Vendors and Clearinghouses Payers 1.Providers are not ready for testing 2.Providers have not captured the data required for standard transactions 3.Cannot get needed information from Providers, Vendors and Clearinghouses

9 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Obstacles: “ We Have Met the Enemy, and the Enemy is Us” Clearinghouses 1.Payers are not ready for testing 2.Payers are not ready to accept/transmit standard transactions 3.Providers have not captured the data required for the standard transactions Vendors 1.Ambiguities exist in Implementation Guide specifications 2.Payers are not ready to accept/transmit standard transactions 3.Providers have not captured the data required for the standard transactions

10 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. The CMS Contingency Plan Over 50% of Providers and 33% of Payers felt that CMS should maintain its Contingency Plan for up to three months. 32% of Providers and 50% of Payers want the Contingency Plan extended up to six months or longer.

11 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Internal Contingency Plans: What’s Plan C? Providers Direct Data Entry and/or Paper Clearinghouse Payers Accept paper processing Continue to accept non-compliant transactions Vendors Advise Providers to use a compliant Clearinghouse Continue to accept non-compliant transactions Clearinghouses Use compliant Clearinghouse

12 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Interesting Comments Provider: “Clearinghouses and Payers were not ready – and some still are not.” Provider: “Various of our Payers tell us that they are ready, however they provided the wrong PIN, lost our Trading Partner Agreements, fail to return phone calls, lost our test files….” Payer: “We are currently capable of accepting and sending compliant transactions. We are awaiting our Provider/Clearinghouses to be ready.” Payer: “…We are only able to accept the 837 transaction from our largest Providers. The smaller ones…are too small for the Clearinghouse to have reached them on their testing schedule. ”

13 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Interesting Comments Clearinghouse: “Our challenges lie in our trading partners’ misinterpretation of the Implementation Guides, reduced or non- existent claim-level acknowledgement responses, and their general issues associated with implementing a new X12 system.” Clearinghouse: “Inconsistent interpretation of the Implementation Guides by the Payers, [is] causing more Payer-specific customization in all translator programs than anticipated.”

14 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Privacy Progress

15 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Privacy: Key Findings 20% of Providers and 14% of Payers reported that they remain non-compliant with the Privacy Rule, nine months after its effective date. Even among “compliant” organizations, compliance gaps remain in areas such as establishing Business Associate Agreements and monitoring internal Privacy compliance. An average of 56% of Provider and Payer respondents reported their organizations had experienced one or more privacy breaches since April 2003.

16 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Privacy “Spot-Check” Detailed Spot Check of “Privacy-Compliant” Organizations Areas of Privacy ComplianceProvidersPayers Obtain Patient Authorizations for use and disclosure of PHI 99%97% Enable mandated patients’ rights (review, amend, restrict records) 99% Post and distribute Notice of Privacy Practices 98%93% Obtain acknowledgement of receipt of Notice of Privacy Practices 98%N/A Provide ongoing Privacy training 95%100% Use “Minimum Necessary” Restrictions 94%N/A Document Privacy policies and practices 93%99% Maintain Accounting of Disclosures 93%96% Implement security protections as required under the Privacy Rule 89%95% Provide overall workforce Privacy training updates 85%96% Monitor organizational compliance with Privacy regulations 76%87% Have obtained all required Business Associate Agreements 73%93%

17 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Privacy Breaches ARE Happening

18 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Formal Complaints (HIPAA and Civil Action)

19 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Security: Key Findings Initiatives for Security Rule compliance are moving slowly – over one-half of Providers and Payers reported they will not be fully compliant until An average of 24% of Providers, Payers and Clearinghouses reported that their organizations experienced one or more data security breaches from October to December 2003.

20 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Security Progress

21 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Data Security Breeches 24% of respondents reported that their organizations had experienced one or more data security breaches from October to December The vast majority of respondents reported experiencing no breaches at all. Possible Biases: Desire not to report, breeches unknown to the reporter, or breeches unknown to the organization.

22 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Consultant Support 49% of participants reported using outside consultants: –Payers and large hospitals are most likely to engage outside assistance –Most contracted for HIPAA Assessment and Implementation Planning and/or Implementation Support –Security Risk Analysis also popular

23 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. HIPAA Budget Highlights Across the industry, HIPAA budgets for 2004 are lower than for 2003: –Payers showed the most dramatic drop as they wind up transactions spending. –Payers and Clearinghouses should need to spend comparatively less on Security compliance.

24 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Summary Industry focus is on Transactions compliance, with Security compliance a secondary priority. Privacy compliance has improved, but is still not complete: –A significant number of those reporting compliance still have issues. –Complaints are a real force. All industry segments have Transactions barriers, and each group believes the others are major barriers. Security compliance is a year off (2005) for many respondents. Spending on HIPAA compliance activities is dropping.

25 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Complete Survey Results Survey results are published each quarter at -- compare results with previous surveys!

26 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Questions About Survey For further information about the Quarterly Industry HIPAA Surveys, please contact: Phoenix Health Systems 9200 Wightman Road, Suite 400 Montgomery Village, MD / Fax: