HIPAA Update Randy Snyder

Topics Today  Security Primer  Electronic Transactions Clearinghouse Update  Secure Certificates

Where are we at with HIPAA?  Privacy Practices –Policies and Procedures available at ISAC website  Electronic Transactions –Electronic Transaction Clearinghouse –28E ETC via ISAC  Security Regulations (April 2005) –Policies and Procedures TBA

Privacy Practices  Implemented in April 2003  Changes in Policies and Procedures  Available via ISAC Website –

Electronic Transactions & Code Sets  October 2003 Implementation  Payers must be capable of accepting HIPAA Compliant Transactions if requested by Provider  28E ETC (Electronic Transaction Clearinghouse) administered by ISAC 

28E ETC  Available to all counties currently 65 signed up  CPC, Jail, General Assistance typical initial HIPAA users (currently inbound only)  EDI Transactions capability  Future potential other uses could include electronic ordering, invoicing and payments for use by other departments

ETC Features  Internet Access –SSH FTP for Providers (Medical Practitioners) –Secure Website for Counties –Option for SSH FTP for file transmissions to counties  Support by ISAC’s Tammy Norman –Voice Phone: –  Secure Hosting Facility by Quilogy

ETC Features cont.  Processes –837/835 Claims –277/276 Eligibility –270/271 Status  Multiple Dept Capable –Requires separate Taxpayer Identification Number  Internal Process Independent  Printable Transactions  Auditable Transaction Numbers  Notification  Future updates/ changes dependent on County input

Security Regulations Compliance  April 2005 Compliance Date  Policies and Procedures being developed by HIPAA Security Committee (Chaired by Jim Rice, Cerro Gordo)  To be published via ISAC Website

Security Action Plan  Assign Security Officer Role  Establish Policies and Procedures –Look for Boilerplates on ISAC Website  Perform Risk Assessment  Resolve Findings in Risk Assessment  Develop & Implement Risk Mgmt Plan –Continuity Plan Disaster Recovery Data Backup –Security Procedures Server/Workstation Network Infrastructure Physical/Logical

Components of Security  People –Awareness –Competency  Process –Policies –Procedures  Technology –Perimeter Hardening –Critical Core Strengthening

Resources  ISAC –  ICIT –  SNIP –

Questions?