Employers’ Responsibilities Under HIPAA Case Study: Implementing HIPAA in the Control Group Setting The Sixth National HIPAA Summit March 28, 2003.

Slides:

Advertisements

Similar presentations

H OGAN & H ARTSON, L.L.P.

Advertisements

Supplier’s Declaration of Conformity (SDoC)

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

HIPAA Privacy Rule Training

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

HIPAA Health Insurance Portability and Accountability Act.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Know Your Compliance Obligations Minimize Your Risks Why Do Employers Need Compliancedashboard ? Are You Prepared For ERISA Compliance and Health Care.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

CHOICE OF ENTITY THE TAX DECISION Clare G. Cole CPA Adapted by Massachusetts Small Business Development Center.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc Lightfall Court Columbia, MD A Blumberg Capital, Valley Ventures and Intel Capital Funded.

SMALL BUSINESS RESOURCE GUIDE CHECKLIST FOR GOING INTO BUSINESS.

Marketing of Information Security Products. The business case for Information Security Management.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

SCHERING-PLOUGH INTERNATIONAL Building an International Compliance Program An Operational Approach Dalton Smart CPA, MBA Schering-Plough International.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

U.S. Benefits Group Fifth National HIPAA Summit A Case Study in Employer HIPAA Privacy Compliance Approaches Fred J. Thiele, JD, MBA Legal Compliance Manager.

The State Procurement Agency of the Republic of Azerbaijan Welcomes the participants of the 9 th Public Procurement Exchange Platform “Efficient Implementation.

COMPO 15 Prepared by: Dr. Faustino Reyes II. Global Company A global company is a business that is driven by a global strategy, which enables it to plan.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Chapter 7—Privacy Law and HIPAA

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.

HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?

1 Kingsley Karunaratne, Department of Accounting, University of Sri Jayewardenepura, Colombo - Sri Lanka Practice Management.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Confidential 1 HIPAA Compliance at Blue Cross Blue Shield of Minnesota: A Case Study Tim Wittenburg Director of Corporate Architecture & Data Management.

Consolidation Mergers and the Merger Process Airline Industry Council Meeting Washington, DC June 16, 2005.

HIPAA Security Final Rule Overview

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

U.S. Benefits Group HIPAA Summit Audioconference A Case Study in Employer HIPAA Privacy Compliance Approaches Fred J. Thiele, JD, MBA Legal Compliance.

HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.

An Introduction to Financial Management Services in Consumer- Directed Programs Mollie G. Murphy National Resource Center for Participant- Directed Services.

Financial Management Services 101 An Introduction to Financial Management Services (FMS) for Participant Self-Direction Programs.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

HIPAA Privacy Rule Training

EPE INTERNAL CODE OF CONDUCT

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA CONFIDENTIALITY

Health Insurance Portability and Accountability Act

Refuah Community Health Collaborative (RCHC) PPS

Avanade Trade Organization Structure

HIPAA Implementation Strategies for Compliance Professionals

Division of ACF / Assisted Living Surveillance

Health Insurance Portability and Accountability Act

HIPAA Implementation Strategies for Compliance Professionals

Health Care: Privacy in a Digital Age

Product Stewardship Policy

Drew Hunt Network Security Analyst Valley Medical Center

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

HIPAA Policy & Procedure Strategies

Managing Privacy Risk in Your Commercial Practices

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

Presentation transcript:

Employers’ Responsibilities Under HIPAA Case Study: Implementing HIPAA in the Control Group Setting The Sixth National HIPAA Summit March 28, 2003

2 Implementing HIPAA in the Control Group Setting Case study concerns Nortek, a wholly owned subsidiary of Nortek Holdings, Inc. Nortek is a leading international manufacturer and distributor of high- quality, competitively priced building, remodeling and indoor environmental control products for the residential and commercial markets.

3 Implementing HIPAA in the Control Group Setting Corporate Headquarters: Providence, R.I Sales: $1.89 billion Number of Employees Worldwide: approximately 10,000 throughout 28 subsidiary companies Nortek subsidiaries are wholly owned, located primarily in the U.S., Canada, and Europe, with a small presence in the People’s Republic of China

4 Implementing HIPAA in the Control Group Setting Degree of Centralization –A Control Group can take an Affiliated Covered Entity approach, the benefit of which is simplicity Nortek management philosophy - each subsidiary is a separate legal entity and operates on a decentralized basis. Except in “control-group” matters, the day-to-day decisions for policies and benefits are made by the subsidiary. This is true for health plan purchasing, and was the approach to HIPAA implementation as well.

5 Implementing HIPAA in the Control Group Setting Complying with EDI Requirements –Because of decentralization, there is no central registry of health plans –Carriers and Administrators were not, in all cases, prepared to add their book of business, to their extension filings –Established a tracking mechanism

6 Implementing HIPAA in the Control Group Setting Managing the flow of PHI –Challenge is to keep the integrity of the flow through the corporate units/locations/ subsidiaries within the confines of the privacy regulations

7 Implementing HIPAA in the Control Group Setting Mapping the flow of PHI –Because of decentralization, there is no central registry of health plans –Disseminated a diagnostic tool to map the flow of PHI to 21 subsidiaries in 15 states –Established a tracking mechanism

8 Implementing HIPAA in the Control Group Setting Privacy Officers - Decentralization determined the path - One for each subsidiary where required Choosing to Over-comply - Each subsidiary selected a privacy officer

9 Implementing HIPAA in the Control Group Setting Privacy Notices –Reviewed on a Corporate Level –Customized for each Subsidiary –Three subsidiaries with no self-funded plans had no need to distribute a privacy notice –Several subsidiaries who had a mix of self- funded and fully-insured plans had a choice of sending a notice to enrollees in self-funded plans or all benefit eligibles

10 Implementing HIPAA in the Control Group Setting Amending Plan Documents for HIPAA Compliance –HIPAA requires a written plan amendment for all HIPAA covered plans; –Cross check plan amendments against 5500s to make sure all plans are covered Certification –Issue Certification to each group health plan

11 Implementing HIPAA in the Control Group Setting Business Associate Agreements –Ensure that all business associates have been identified check schedule C of 5500s –Draft, Review, and Forward Agreement for Approval of Client –Establish a tracking mechanism

12 Implementing HIPAA in the Control Group Setting Training Benefits Staff –Utilization of web-cast technology creates consistency of messages cost effective delivery system reinforcement of cooperation between subsidiaries

13 Implementing HIPAA in the Control Group Setting Administrative/Technical/Physical Safeguards –Some of the subsidiaries received electronic PHI, which requires special safeguards. Password protections Computer station lockdown Internal system firewalls

14 Implementing HIPAA in the Control Group Setting Control Group Liability? –Liability for HIPAA violations may ultimately flow back to the entire control group.

15 For further information Helena Rubinstein Hobbs Group Employee Benefits 15 Broad Street Boston, MA (617) x159