The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

HIPAA AWARENESS TRAINING
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Presents: Weekly HIPAA Teleconference Revised
NAU HIPAA Awareness Training
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA Regulations What do you need to know?.
Improving Efficiency and Increasing Patient Satisfaction by Leveraging HIPAA Standards, Including Privacy and Transactions and Data Code Sets Presented.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.
Component 2: The Culture of Health Care Unit 3: Health Care Settings— The Places Where Care Is Delivered Lecture 3 This material was developed by Oregon.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Approaches to Implementation of the Transactions and Codes Sets Addendum Presented by: Steven S. Lazarus, PhD, FHIMSS President Boundary Information Group.
State of Iowa Enterprise HIPAA Compliance
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Making Health Savings Accounts Work: Interoperable with Health Plans, Providers and Patients Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS September 27,
STEVEN S. LAZARUS, PHD, CPEHR, CPHIT, FHIMSS PRESIDENT, BOUNDARY INFORMATION GROUP AUGUST 20, – The Twelve Year Journey is Not Over.
HIPAA Policies, Procedures and Training Margret Amatayakul, RHIA, CHPS, FHIMSS President, Margret\A Consulting, LLC Steven S. Lazarus, PhD, FHIMSS Boundary.
HIPAA TRANSACTIONS 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and Human Services.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
Copyright Boundary Information Group 2002 HIPAA CASE STUDIES: A SURVEY OF 10 HEALTH SYSTEMS’ HIPAA COMPLIANCE EFFORTS Steven S. Lazarus, PhD, FHIMSS President,
1.Summary of Needs Analysis 2.Summary of Action Plan 3.Systems Analysis between Microsoft SharePoint® and OpenText Content Server 4.System Recommendation.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA Security A Quantitative and Qualitative Risk Assessment Rosemary B. Abell Director, National Healthcare Vertical Keane, Inc. HIPAA Summit VII September.
Copyright © Emerson Strategic Group, Inc. All Rights Reserved 1 Ninth National HIPAA Summit Auditing for Privacy Compliance: A Case Study September.
Transactions and Code Sets and the National Provider Identifier (NPI) Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS September 25, 2006.
Standard Unique Health Identifier for Health Care Providers April 9, th Annual HIPAA Summit Gail Kocher Highmark.
Confidential 1 HIPAA Compliance at Blue Cross Blue Shield of Minnesota: A Case Study Tim Wittenburg Director of Corporate Architecture & Data Management.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Vendor and Clearinghouse Requirements for HIPAA Compliance HIPAA Summit Audio Conference Presented By: Steven S. Lazarus, PhD, FHIMSS Boundary Information.
HIPAA Security Final Rule Overview
March 19, 2003 Audioconference Approaches to Compliance with the HIPAA Privacy and Security Workforce Training Requirements Presented by: Steven S. Lazarus,
HIPAA Transactions and Code Sets U.S. Healthcare Industry at a Tipping Point Steven S. Lazarus, PhD, CPHIT, CPEHR, FHIMSS April 7, :30 pm –
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
ASCA Transaction Extension and Resources to Help Extending Your Compliance Deadline for Transactions & Code Sets April 19, 2002 Steven S. Lazarus, PhD,
Strategic Planning Deanna Herwald Vice President-Quality Management Systems.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and.
The Fourth National HIPAA Summit, April 26, 2002 A SURVEY OF 10 HEALTH SYSTEMS’ HIPAA COMPLIANCE STRATEGIES Presented by: Margret Amatayakul, RHIA, FHIMSS.
Acknowledgement The presenters acknowledge the contributions and suggestions of Margret Amatayakul, RHIA, CHPS, FHIMSS, President, Margret\A Consulting,
Health Insurance Portability and Accountability Act HIPAA 101
Moderated by: Steven S. Lazarus, PhD, FHIMSS President
Enterprise Content Management Owners Representative Contract Approval
Paul T. Smith Davis Wright Tremaine LLP
EMPLOYER HIPAA COMPLIANCE STRATEGIES HIPAA Summit Audio Conference
Privacy Project Framework & Structure
Final HIPAA Security Rule
HIPAA Transactions and Code Sets Implementation June 6, 2003
Presented by: Steven S. Lazarus, PhD, FHIMSS
The Centers for Medicare & Medicaid Services
OVERVIEW OF CMS GUIDANCE
The Centers for Medicare & Medicaid Services
HIPAA Security Standards Final Rule
Enforcement and Policy Challenges in Health Information Privacy
The Importance of April 16, 2003: Where You Should be in HIPAA Data Code Sets/Transactions Testing and Compliance Presented by: Steven S. Lazarus, PhD,
Steven S. Lazarus, PhD, CPEHR, CPHIT, FHIMSS President
Strategies to Comply with the HPAA Privacy Rule Before the HIPAA Security and Enforcement Rules are Final Presented by: Steven S. Lazarus, PhD, FHIMSS.
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven S. Lazarus, PhD, FHIMSS Boundary Information Group October 30, 2002

Copyright © Boundary Information Group BOUNDARY INFORMATION GROUP  Virtual Consortium of health care information systems consulting firms founded in 1995  Internet-Based –Company website: –BIG HIPAA Resources:  Senior Consultants with HIPAA Leadership Experience Since 1992  Clients include: –Hospitals and multi-hospital organizations –Medical groups –Health plans –Vendors

Copyright © Boundary Information Group  Nonprofit Trade Association, founded 1991  213 organizational members –Consumers, Government, Mixed Payer/Providers, Payers, Providers, Standards Organizations, Vendors  Named in 1996 HIPAA Legislation as an Advisor to the Secretary of DHHS  Website:  Strategic National Implementation Process (SNIP) – snip.wedi.org  WEDI Foundation formed in 2001  Steven Lazarus, WEDI Chair Workgroup on Electronic Data Interchange

Copyright © Boundary Information Group Workforce Definition  Workforce means employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity.

Copyright © Boundary Information Group Privacy Training Requirements, April 14, 2002, and Operational Issues  § (b)(1) Standard: Training –Train all members of the Covered Entity workforce Identify all workforce members –Train to the Policies and Procedures Need to create the Policies and Procedures before training Training needs to be specific to the workforce functions

Copyright © Boundary Information Group Privacy Training Requirements, April 14, 2002, and Operational Issues  § (b)(2) Implementation Specifications: Training –(i)(A) by the compliance date for the Covered Entity April 14, 2002 or April 14, 2003 For all current workforce members –(i)(B) Thereafter, to each new workforce member within a reasonable time after joining workforce Each Covered Entity needs to define reasonable time –(i)(C) Thereafter, to each workforce member where functions are affected by a change in Policies and Procedures –(ii) Must document training

Copyright © Boundary Information Group Security NPRM Training: August 12, 1998 and Operational Issues  Security Standard –(a)(12) (Administrative) Training: Security Awareness Password management Incident reporting Virus protection Log-in access inventory

Copyright © Boundary Information Group Security NPRM Training: August 12, 1998 and Operational Issues  § Security Standard –(b)(6) (Technical) Security awareness training Includes the workforce and contractors

Copyright © Boundary Information Group Achieving Effective Privacy  Need good Security to achieve Privacy  Privacy Regulation requires Security  Reminders, periodic training, and “breach monitoring” reporting and management will be needed to achieve effective Privacy

Copyright © Boundary Information Group Training Issue Options  Define workforce categories –Few workforce categories Easy to administer –Assign workforce to courses Less customization to create and maintain –Many workforce categories May be difficult to administer –Complex management of workforce to training content choices Potential to highly customize content to workforce categories

Copyright © Boundary Information Group Training Issue Options –Practical Issues Identify source of workforce lists, identifications and passwords Include employees, physicians, volunteers, long-term contract renewal (e.g., Medical Director in a health plan) Use Human Resource application if capable –Names –Job categories –Identifications and passwords from another source Keep passwords and identifications secure

Copyright © Boundary Information Group Training Issue Options  Tests –Use to document learning for compliance –Set passing score –Consider Continuing Education credits (can not change content significantly and maintain credits)

Copyright © Boundary Information Group Training Issue Options  Training Options –In person – classroom Can customize Questions and answers addressed by trainer Difficult to schedule for new workforce members Can use paper or automated testing

Copyright © Boundary Information Group Training Issue Options –Video or Workbooks Can not customize No questions and answers Need VCRs and/or supply of Workbooks –E Learning May be able to customize Limited questions and answers Flexible schedule for training for current and new workforce There may be technological barriers depending on delivery mode

Copyright © Boundary Information Group Training Cost  Cost/Budget –Product Fixed price Per course per person Maintenance –Customized setup Policies and Procedures State Law pre-emption for Privacy CEs Assign courses to individuals

Copyright © Boundary Information Group Training Cost –Workforce training time Salaries and benefits CE offset –CE value/budget –Technology Several VCRs, monitors, and rooms, website Support – internal and external –Administrative Record keeping Management

Copyright © Boundary Information Group Setup Issues  Setup Time and Resources –Assignment of internal staff/outsource –Initially may require dedicated staff, rooms, and equipment  Pilot Training –Evaluate learning

Copyright © Boundary Information Group Logical Sequence of Activities  Complete gap analysis for Privacy and Security  Identify Privacy State law issues  Create/revise policies, procedures, and forms  Approve policies, procedures and forms

Copyright © Boundary Information Group Logical Sequence of Activities  Select training mode (and product)  Train work force  Test all forms  Test all work flows  Monitor incidents

Copyright © Boundary Information Group Key Dates and Milestones  September – October, 2002 –Complete Privacy and Security Gap Analysis –Develop/revise policies, procedures, and forms –Designate Chief Privacy Information Official –Identify technology to support Privacy and Security –Develop budget and obtain approval for 2002 and 2003 –Increase HIPAA awareness –Create a complete list of Business Associates

Copyright © Boundary Information Group Key Dates and Milestones  November – December, 2002 –Select training method for Privacy and Security –Identify HIPAA training content options, including State issues –Select HIPAA training options –Approve all new policies, procedures and forms –Create and approve new Business Associate contract language

Copyright © Boundary Information Group Key Dates and Milestones  January, 2003 –Implement Privacy and Security technology –Set up training lessons and pilot them  February – March, 2003 –Train existing workforce –Test forms –Pilot work flows –Complete contracts with Business Associates who have no current agreement

Copyright © Boundary Information Group Key Dates and Milestones  By April 14, 2003 –Use new forms for all patients –Train all new workforce members –Answer patient questions –Document full compliance with Chief Privacy Information Official or Compliance Officer –Implement incident reporting and monitoring

Copyright © Boundary Information Group HIPAA READINESS Steve Lazarus

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.