HIPAA Update Randy Snyder
Topics Today Security Primer Electronic Transactions Clearinghouse Update Secure Certificates
Where are we at with HIPAA? Privacy Practices –Policies and Procedures available at ISAC website Electronic Transactions –Electronic Transaction Clearinghouse –28E ETC via ISAC Security Regulations (April 2005) –Policies and Procedures TBA
Privacy Practices Implemented in April 2003 Changes in Policies and Procedures Available via ISAC Website –
Electronic Transactions & Code Sets October 2003 Implementation Payers must be capable of accepting HIPAA Compliant Transactions if requested by Provider 28E ETC (Electronic Transaction Clearinghouse) administered by ISAC
28E ETC Available to all counties currently 65 signed up CPC, Jail, General Assistance typical initial HIPAA users (currently inbound only) EDI Transactions capability Future potential other uses could include electronic ordering, invoicing and payments for use by other departments
ETC Features Internet Access –SSH FTP for Providers (Medical Practitioners) –Secure Website for Counties –Option for SSH FTP for file transmissions to counties Support by ISAC’s Tammy Norman –Voice Phone: – Secure Hosting Facility by Quilogy
ETC Features cont. Processes –837/835 Claims –277/276 Eligibility –270/271 Status Multiple Dept Capable –Requires separate Taxpayer Identification Number Internal Process Independent Printable Transactions Auditable Transaction Numbers Notification Future updates/ changes dependent on County input
Security Regulations Compliance April 2005 Compliance Date Policies and Procedures being developed by HIPAA Security Committee (Chaired by Jim Rice, Cerro Gordo) To be published via ISAC Website
Security Action Plan Assign Security Officer Role Establish Policies and Procedures –Look for Boilerplates on ISAC Website Perform Risk Assessment Resolve Findings in Risk Assessment Develop & Implement Risk Mgmt Plan –Continuity Plan Disaster Recovery Data Backup –Security Procedures Server/Workstation Network Infrastructure Physical/Logical
Components of Security People –Awareness –Competency Process –Policies –Procedures Technology –Perimeter Hardening –Critical Core Strengthening
Resources ISAC – ICIT – SNIP –
Questions?