Integrating HIPAA Into Your Compliance Program Fifth Annual National Congress on Health Care Compliance February 7, 2002 Glenna S. Jackson Vice President.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.
NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
CORPORATE COMPLIANCE PROGRAM The Office of Corporate Integrity
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Connecting the Dots A Practical Approach to Integrating Compliance, Risk and Quality Jody Ann Noon RN, JD Partner Health Care Regulatory Practice.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Risk Management: why and how to protect your health center
Confidentiality of Information Acknowledgment and Agreement 2018
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
Presentation transcript:

Integrating HIPAA Into Your Compliance Program Fifth Annual National Congress on Health Care Compliance February 7, 2002 Glenna S. Jackson Vice President Compliance, MedStar Health Diane H. Meyer Chief Privacy Officer & Senior Project Manager, Enterprise Solutions Group Interim Privacy Officer, MedStar Health © 2002 MedStar Health & Enterprise Solutions Group

1 Seven Elements of an Effective Compliance Program Organization Policy Training Monitoring Communications Responding to Concerns Discipline © 2002 MedStar Health & Enterprise Solutions Group

2 Organization © 2002 MedStar Health & Enterprise Solutions Group

3 Organization  Expansion of existing Compliance Committee for HIPAA Implementation Process  Once implementation is complete, Privacy Officer and Compliance Officer coordinate on-going privacy compliance management  Key areas of representation for expanded Compliance Committee = HIPAA Implementation Task Force OperationsClinical IS © 2002 MedStar Health & Enterprise Solutions Group

4 Organization Implementation Task Force Representation Considerations  Medical Records  Patient Financial Services  Compliance/Risk Management  Admissions  Outpatient services  IS  Facilities  Legal  Marketing/Public Affairs  Fundraising  Operations/Planning  Business Affairs  Human Resources/Labor Relations  Patient Relations  Physicians  Nurses/Patient Care Services  Pharmacy  Lab  Residents/Teaching  Physicians Relations  Referrals  Clinical - major product lines: –Research –Emergency –Cancer Services –Heart Services –Women’s Services –Surgical Services –Radiology © 2002 MedStar Health & Enterprise Solutions Group

5 Organization  Compliance Officer  Privacy Officer  Security Officer  Implementation Task Force / Expanded Compliance Committee  Patient Privacy Advisory Council © 2002 MedStar Health & Enterprise Solutions Group

6 Policy  Code of Conduct and Compliance Policies  Enterprise-wide policy review for privacy gap analysis – where are we now, where do we need to go?  Modification of existing policies (examples: patient access to records, patient amendment of records, release of information for marketing purposes)  Development of new policies (examples: accounting of disclosures, Notice of Privacy Practices, Business Associate Agreements)  Policies for on-going compliance monitoring © 2002 MedStar Health & Enterprise Solutions Group

7 Policy Information Capture for development of the Notice of Privacy Practices Does your department handle Protected Health Information (PHI) in any of the following ways?  Create new PHI in electronic records  Create new PHI in paper-based records  Add PHI to records created by others  Transfer PHI to another department within your hospital or business unit  Receive PHI from another department within your hospital or business unit  Disclose PHI to persons or entities outside your hospital or business unit  Receive PHI from persons or entities outside your hospital or business unit  Maintain PHI in electronic records in your department  Maintain PHI in paper-based records in your department  Review PHI created or compiled by others for other than treatment or payment  Other (explain)_________________________________  Not applicable: This department does not handle PHI Please complete the sections below only for each of the boxes checked above © 2002 MedStar Health & Enterprise Solutions Group

8 Policy  What PHI is created (added)?  For what purpose is PHI created (added, transferred, received, disclosed, reviewed)? Treatment___ Payment___ Other (please describe the purpose)  To which other departments (outside entities) is PHI transferred (received)?  How is PHI transferred (received)? (original paper-based records, copies of paper based records, fax, , telephone, etc.)  What specific information is transferred (received, maintained, viewed)? (clinical information, demographic information, billing information, etc.)  How is disclosure authorized? (written patient consent, required by law or regulation, required by contract, approved by IRB, etc.)  In what format is PHI maintained (paper-based records, electronic-based records, CD’s, images, films, videotapes, etc.)  Where is PHI maintained (in you department, in another location within the facility, off-site storage, etc.)  How long is PHI maintained? Information Capture for Notice Development (continued) © 2002 MedStar Health & Enterprise Solutions Group

9 Policy Policy Template  Policy Title  Purpose  Policy Statement  Scope of Policy  Definitions  Responsibilities  Exceptions  What Constitutes Non-Compliance  Explanation and Details/Examples  Requirements and Guidelines for Implementing The Policy  Related Policies  Procedures That Are Absolutely Linked To the Policy  Legal Reporting Requirements  Reference to Laws or Regulations of Outside Bodies  Right To Change or Terminate Policy © 2002 MedStar Health & Enterprise Solutions Group

10 Training  Orientation Training now – begin to raise level of awareness  Workforce training required on organization’s privacy policies and procedures  Required training conducted towards completion of implementation – if privacy policies are changed, affected workforce must be retrained  Training customized to workforce needs – 3 levels  Clinical staff – staff directly involved with patient treatment  Staff in contact with patient information  Staff with minimal/no contact with patient information  eLearning platform – if you’ve been considering it, now’s a good time © 2002 MedStar Health & Enterprise Solutions Group

11 © 2002 MedStar Health

12 © 2002 MedStar Health

13 © 2002 MedStar Health

14 © 2002 MedStar Health

15 © 2002 MedStar Health

16 © 2002 MedStar Health

17 © 2002 MedStar Health

18 © 2002 MedStar Health

19 © 2002 MedStar Health

20 © 2002 MedStar Health

21 © 2002 MedStar Health

22 © 2002 MedStar Health

23 Monitoring  No external audit for HIPAA  Audit potential = every patient, every day  Internal compliance review critical  Review for Privacy vulnerabilities before they become problematic – include patient point of view  Similarities to OIG Work Plan and Documentation & Coding compliance review  Similarities between Qui Tam Suits and Whistleblower provisions of HIPAA Privacy Rule  Expand to include Business Associates, Volunteers, Vendors, Physicians not on staff  HIPAA Enforcement Notice of Proposed Rule Making planned  JCAHO inclusion of Privacy © 2002 MedStar Health & Enterprise Solutions Group

24 Communications  Include Patient Education - process for privacy concerns or complaints  Establish policies and compliance review for publicity and media release  Develop a logo and tagline  “Just Do It Right”  “Protecting Patient Privacy”  Articles in Compliance newsletters and updates © 2002 MedStar Health & Enterprise Solutions Group

25 Responding to Concerns  Compliance protocol for handling issues applicable to HIPAA Privacy  Similar forms for logging complaints, ranking risk, tracking resolution  Similar reporting process  Hotline  Employees – internal compliance hotline  Patients – interface with customer service  Goal is to resolve privacy issues internally  It is everyone’s right to complain directly to HHS  Compliance Officer and Privacy Officer response © 2002 MedStar Health & Enterprise Solutions Group

26 Discipline  HIPAA Privacy Rule:  “A covered entity must have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures.”  No detail provided in regulation  Privacy violation disciplinary action policies incorporated into existing Compliance and HR policies  Extend existing disciplinary process and mechanisms to apply to Privacy violations  Workforce awareness of HIPAA Civil and Criminal penalties for violations of the Privacy Rule © 2002 MedStar Health & Enterprise Solutions Group

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.