HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA 94111 (415) 276-6532

Slides:



Advertisements
Similar presentations
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advertisements

H OGAN & H ARTSON, L.L.P.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Understanding Medical Privacy in the Work Place © Copyright 2005 The Nugent Law Firm, P.C. All Rights Reserved.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
HIPAA Administrative Simplification Final Rule for Transactions Code Sets Stanley Nachimson
Presented by the Office of the General Counsel An Overview of HIPAA.
Presents: Weekly HIPAA Teleconference Revised
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Part III – HIPAA Reference
The Use of Health Information Technology in Physician Practices
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,
Company LOGO Data Privacy HIPAA Training. Progress Diagram Function in accordance Apply your knowledge Learn the Basics Orientation Evaluation Training.
Copyright Fleisher & Associates A HIPAA PRIMER FOR PUBLIC HEALTH PEOPLE CPHA-N Conference 2003 January 30, 2003 Presented by: Steven M. Fleisher,
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA – Developing an Understanding
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
Davis Wright Tremaine LLP Basic Legal Issues in Implementing Healthcare Incentives and Pay for Performance Programs Paul T. Smith, Esq. Davis Wright Tremaine.
HIPAA Workforce Training PRIVACY and HIPAA MANDATORY Completion of training is mandatory under HIPAA for the entire workforce of the MHRB Including volunteers,
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
LEGAL ISSUES IN MEDICAL HOME DEVELOPMENT Presented by: Gerry Hinkley Davis Wright Tremaine LLP
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
HIPAA Health Insurance Portability and Accountability Act.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
1 Administrative Simplification: The Last Word National HIPAA Summit 8 Baltimore, MD March 9, 2004 William R. Braithwaite, MD, PhD “Doctor HIPAA”
Confidentiality of Substance Use Disorder Treatment Information in an Era of Integration and Health Information Exchanges Ellen Weber University of Maryland.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
HIPAA Privacy Rule Training
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HEALTH INFORMATION TECHNOLOGY SUMMIT OCTOBER 23, 2004 COMMUNITY-BASED COLLABORATIONS: LEGAL ISSUES: STARK, FRAUD & ABUSE Paul T. Smith, Esq. Partner,
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
Electronic Data Interchange (EDI)
Paul T. Smith Davis Wright Tremaine LLP
HIPAA Update J. T. Ash University of Hawaii System
HIPAA Privacy The Morning After
The HIPAA Privacy Rule and Research
NATIONAL HEALTH INFORMATION TECHNOLOGY AUDIOCONFERENCE NOVEMBER 23, 2004 Legal Barriers to the Adoption of Health Information Technology Paul T. Smith,
Business Associate Contracts: Time Is Running Out . . .
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Analysis of Final HIPAA Privacy Modification Rule
WELCOME.
Presentation transcript:

HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415) HIPAA Summit VIII March 9, 2004

1 Covered Entities  Health plans  Providers who transmit data electronically in connection with a standard transaction  Health care clearinghouses

2 Provider Contracting Network Group health plan Provider Contracting Organization Licensed Insurer Health insurance contract At-risk provider contract At-risk or fee-for-service provider contract Providers

3 Core Network Functions  Financial risk sharing  Claims processing  Utilization review  Credentialing  Quality assurance

4 Additional Network Functions  “Messenger-model” fee-for-service contracting  Fee-for-service billing  Practice management services

5 Key Questions  Privacy/security: Is the network organization a covered entity?  Transaction standards: Where is the standard transaction?  What are the operational implications of the answers to these questions?

6 Provider Network as OHCA  Organized Health Care Arrangement: –A health care system that holds itself out as a system and has shared UR, QA or payment arrangements –An independent practice association of physicians is a common example of this form of OHCA Preamble to final Privacy Regulations – Fed. Reg. Vol. 65, No. 250, 12/28/2000, p

7 Organized Health Care Arrangement  Covered entities participating in an OHCA-- –May share health information for purposes of the OHCA –Are not one another’s business associates –May use a joint notice of privacy practices for the OHCA  But what is the status of the network entity?

8 Health Care Provider?  A provider of medical or health services  Any other person or organization who furnishes, bills or is paid for health care in the normal course of business. Is a treatment relationship required?

9 Health Plan?  16 specific kinds (not including provider contracting networks), plus  “Any other individual or group plan... That provides or pays for the cost of medical care.”

10 What is a “Plan”?  A health plan — –Offers a plan of benefits to employers and individuals –Has an insurance function, including underwriting –Has enrollees  A provider contracting network— –Contracts with licensed plans –Shares financial risk among providers, without underwriting –Does not have enrollees (the health plan assigns its enrollees to the network)

11 What is a “Plan”? Most states do not regulate “downstream” provider contracting networks as health plans, unless they—  Offer a plan of benefits directly to employers or individuals, or  Take substantial risk for services their members do not provide

12 Is it a Health Care Clearinghouse?  We’ll get to that...

13 Business Associates  CEs must have contracts with business associates –BA is any contractor that has access to PHI to assist the CE –But a contract not required for disclosures to providers for treatment  The contract must require the BA to: –Safeguard the confidentiality and security of the PHI –Restrict uses and disclosures to those permitted to the CE –Return or destroy PHI on termination, if feasible

14 Network as Business Associate  Risk contracts –BA of health plans –Not BA of contracting physicians –Contracting physicians are not BAs under the plan- provider exception (and if they were no contract is required for disclosure to a provider for treatment)  Fee-for-service contracts –BA of contracting physicians if it receives PHI

15 Network as Business Associate  Consequences –Obligations established by contract, not HIPAA –Whose PHI is it? –What are the permissible uses? Internal network operations Research –What happens on termination?

16 Transactions Standard Transactions  Claims or encounter information  Health plan eligibility  Referral certification and authorization  Health care claim status  Enrollment and disenrollment  Payment and remittance advice  Premium payments  Coordination of benefits  First report of injury  Claims attachment Deferred:

17 Transactions Requirements for Covered Entities  Providers don’t have to conduct electronic transactions, but they must use the standards if they do  Health plans must-- –use the standards for electronic transactions –accept standard transactions from providers, and process them promptly  Providers and plans may use clearinghouses to comply  CEs are not permitted to vary the standards

18 Where’s the Standard Transaction? Provider Contracting Organization Licensed Insurer Capitation payment/ Encounter and other data Claim/encounter data Capitation or service payment Providers

19 Is the Network a Clearinghouse? A clearinghouse...  Processes health information received from another entity in a non-standard format... into standard data elements, or vice versa  What if the network –Processes standard electronic claims from providers into non- standard reports for a plan? –Processes non-standard paper claims from providers into standard electronic encounter reports?