Privacy in 24 Hours: or 140,000 Hours Roy Rada, M.D., Ph.D. Prof. at UMBC, Publisher of

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA Workforce Training
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
April 25, 2002HIPAA Summit -- Roy Rada1 HIPAA Common Practices: Small vs. Large Entities Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore Co.
“HIPAA Beyond April 14, 2003” n “BUILDING HIPAA COMPLIANCE” Beyond April 14, 2003”
Human Resources Administration Department of Social Services 1 Eligibility Data and Image Transfer System EDITS November 6, 2008.
Copyright © 2008 Delmar Learning. All rights reserved. Unit 8 Observation, Reporting, and Documentation.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
HIPAA in 24 Hours Roy Rada, M.D., Ph.D. Professor, UMBC, Director, HIPAA-IT LLC,
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Eliza de Guzman HTM 520 Health Information Exchange.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Copyright © Emerson Strategic Group, Inc. All Rights Reserved 1 Ninth National HIPAA Summit Auditing for Privacy Compliance: A Case Study September.
San Marino Unified School District Contracts Presentation Presented by: Wesley Lee, Budget Analyst October 28, 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Standards of Conduct  Training today will give you talking points  You need to read through the book and get comfortable with the information  This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA Administrative Simplification
Policy & Procedure Writing
Disability Services Agencies Briefing On HIPAA
Confidentiality of Information Acknowledgment and Agreement 2018
HIPAA Security Standards Final Rule
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

Privacy in 24 Hours: or 140,000 Hours Roy Rada, M.D., Ph.D. Prof. at UMBC, Publisher of

Dr Rada Start Small For 2-doctor office with 4 assistants, privacy manual is 25 pages, is self-contained, and takes 24 person hours to implement. Then scale to large.

Dr Rada 24 Hour Compliance Phase 1: Executive reads awareness essay & passes manual to office manager – 1 hr. Phase 2: Office manager studies current policies, and information flows – 5 hrs. Phase 3: Policies tailored and business associates contacted – 3 hours

Dr Rada 24 Hours (con’t) Phase 4a: Everyone trained – 5 hours Phase 4b: Procedures implemented – 3 hours Phase 4c: Business associate contracts signed – 4 hrs. Phase 4d: Administration by office manager – 3 hrs. Total 24 Hours

Dr Rada Privacy Manual for small entity Patient Rights, Communication, Administration Patient Rights Checklist: Do you have? YesNo Notice of Privacy Practices Authorization Access and Amend Policy Accounting and Restriction Policy

Dr Rada Notice THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED … AND HOW YOU CAN GET ACCESS … ………… [Further details is 3 pages] ### Acknowledgement of receipt of Notice of Privacy Practices: Signature: _______________________

Dr Rada Communication Checklist Do you have policies for?YesNo Phone and face-to-face and fax Medical records

Dr Rada Medical Record RoleInformation ChiefEverything Medical AssistantsHealth ReceptionistScheduling Information Manager Billing

Dr Rada Administration Checklist Do you have?YesNo Privacy Officer Business Associate Contracts Accountability Safeguards State pre-emptions Training

Dr Rada Executive Awareness Awareness essay is 1,000 words. Gentle Reasonable Solution-filled Begins: The executive in a small facility is challenged by budget reforms and legal minefields. The latest challenge comes in the form of HIPAA’s Administrative Simplification provisions.

Dr Rada Tables 5 electronic or paper tables could accommodate the range of expected behavior documentation. Exceptional Disclosures for John Doe DateTo whom Sent What was Sent Purpose

Dr Rada Requests Requests for access, amendment, or accounting of disclosures. ONE TABLE FOR CENTRAL OFFICE (not in each patient record) Patient Name Date of Request Date Satisfied Details of Request

Dr Rada As Entities Get Larger More roles. More policy specifics. More existing infrastructure to match. An opportunity to further harmonize or a bigger headache.

Dr Rada medical director, pharmacy consultant.. owner administrator marketing, admissions, billing, secretary activities and social work director of nursing certified nurse assistants (3 shifts with 3 FTEs per shift) dietary director cook, aide, dish- washer laundry, housekeeping maintenance financial activities health dietary RECORDRECORD Implementation time: Chief: 1 hour, Facility administrator: 13 hours, 34 other staff: 1 hour each. Total time commitment of 48 hours. Example: 48 Hours for Nursing Home

Dr Rada Model labelsymbolformula parts per entityn subparts per partm employees per subpartk total employeesempn*m*k Privacy Officer Hours in a month POmonth.04*emp+2 CEO awarenessCEO.0004*emp+1

Dr Rada Model (con’t) Phase 1CEO + ((n+m) *5) Phase 25*(n*m)+POmonth Phase 35*(n*m)+POmonth Phase 4 training1*emp+0.1*emp Phase 4 proceduresn*5 + m*3 Phase 4 BA(n+m)*8 Phase 4 adminPOmonth

Dr Rada Economies of scale ‘organizational complexity’ = n*m. organizational complexity at 30 employees from 450 to 900 to 1800 → hour cost from 1,042 to 1,590 to 2,690. employees at 900 organizational complexity from 2 to 30 to 450 → hour cost from 1,175 to 1,591 to 6,355. If 100,000 employees, then 145,000 hours.

Dr Rada Total Compliance Hours Halved by Reducing Training

Dr Rada Maintenance Costs 1-year Maintenance is a small fraction of Implementation Cost. Annual Maintenance Cost is approximately 0.1 of number of employees.

Dr Rada Risk Analysis Threats Remedies I2I3I4tI4pMrMcMpMt Recipe Leak Audit benefit cost I=Implement and M=maintain. I2=collect information, I3=tailor policies, I4t=train, I4p=privacy office, M4=rights, Mc=communicate, Mp=privacy officer. Threats are Recipe, Leak, and Audit. Note: implementation training has worst cost/benefit ratio.

Dr Rada Conclusion Privacy compliance should be simple For small entity can be 24 hours Generally, training is the lion’s share of implementation Maintenance is low cost but best value.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.