Copyright 2002 - The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1,

Slides:



Advertisements
Similar presentations
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA AWARENESS TRAINING
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Dr. Yaseen Hayajneh Health Insurance Portability and Accountability Act Yaseen HayajnehYaseen Hayajneh RN, MPH, PhD.
Presented by the Office of the General Counsel An Overview of HIPAA.
NAU HIPAA Awareness Training
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.
HIPAA Health Insurance Portability and Accountability Act.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA Certified LLC 1 6th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, March 28, 2003.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Western Asset Protection
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
1 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Issues for Counties – PHI, Prisoners, Disaster Preparedness and Homeland Security March 9,
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
The Health Insurance Portability and Accountability Act 
HIPAA PRIVACY & SECURITY TRAINING
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Security Standards Final Rule
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA & PHI TRAINING & AWARENESS
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
The Health Insurance Portability and Accountability Act
Presentation transcript:

Copyright The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1, 2002

Copyright The Kearney Group LLC All Rights Reserved 2 Healthcare Initiative To Perplex and Agitate Americans

Copyright The Kearney Group LLC All Rights Reserved 3 Healthcare Insurance Portability and Accountability Act

Copyright The Kearney Group LLC All Rights Reserved 4 The Players Sue Miller, Moderator Sue Miller, Moderator The Kearney Group The Kearney Group Co-chair WEDI SNIP SPWG Co-chair WEDI SNIP SPWG Chair Advisory Committee, NCQA, Business Associate Privacy Certification Program Chair Advisory Committee, NCQA, Business Associate Privacy Certification Program Sharon King Donohue, General Counsel, NCQA Sharon King Donohue, General Counsel, NCQA Anthony J. Tirone, JD, Director, Federal Relations, JCAHO Anthony J. Tirone, JD, Director, Federal Relations, JCAHO

Copyright The Kearney Group LLC All Rights Reserved 5 What is HIPAA ? Health Information Portability and Accountability Act Health Information Portability and Accountability Act aka “Kennedy-Kassebaum Act” aka “Kennedy-Kassebaum Act” Adopted August 21, 1996 Adopted August 21, 1996

Copyright The Kearney Group LLC All Rights Reserved 6 Why HIPAA ? Improve efficiency and effectiveness of healthcare through standardization of all shared electronic information Improve efficiency and effectiveness of healthcare through standardization of all shared electronic information Protect the privacy and security of patient information stored and exchanged electronically Protect the privacy and security of patient information stored and exchanged electronically Reduce the cost of exchanging information among healthcare partners Reduce the cost of exchanging information among healthcare partners

Copyright The Kearney Group LLC All Rights Reserved 7 What does HIPAA apply to? Health Insurance Portability Health Insurance Portability Standards for Electronic Claims Submission Standards for Electronic Claims Submission Privacy and Security Protection Privacy and Security Protection

Copyright The Kearney Group LLC All Rights Reserved 8 Who does HIPAA apply to? Applies to Covered Entities Applies to Covered Entities Health care providers who transmit any health information in electronic form Health care providers who transmit any health information in electronic form Health plans Health plans Health care clearinghouses Health care clearinghouses

Copyright The Kearney Group LLC All Rights Reserved 9 HIPAAeze (speak the language) PHI – Protected Health Information PHI – Protected Health Information CE – Covered Entity CE – Covered Entity BA – Business Associate BA – Business Associate OHCA – Organized Health Care Arrangement OHCA – Organized Health Care Arrangement P&P – Policies & Procedures P&P – Policies & Procedures NPP – Notice of Privacy Practices NPP – Notice of Privacy Practices TPO – Treatment, Payment and Health Care Operations TPO – Treatment, Payment and Health Care Operations

Copyright The Kearney Group LLC All Rights Reserved 10 When did HIPAA Happen? Transaction and code sets published August 17 th, 2000 Transaction and code sets published August 17 th, 2000 Effective Date Transaction and Code Sets October, 2002 Effective Date Transaction and Code Sets October, 2002 With Extension October 2003 With Extension October 2003 Privacy Rules published Privacy Rules published December 28, 2000 December 28, 2000 August 14, 2002 August 14, 2002 Effective Date Privacy Rules April 14, 2003 Effective Date Privacy Rules April 14, 2003

Copyright The Kearney Group LLC All Rights Reserved 11 When did HIPAA Happen? Data Security proposed August 12, 1998 Data Security proposed August 12, 1998 Final expected late 2002 Final expected late 2002 National Employer Identifier proposed June 16, 1998 National Employer Identifier proposed June 16, 1998 Final rule May 31, 2002 Final rule May 31, 2002 Effective July 30, 2002 Effective July 30, 2002

Copyright The Kearney Group LLC All Rights Reserved 12 Yet to Come Claims Attachments Claims Attachments Unique Identifiers Unique Identifiers Nat’l Provider Identifier (NPI) Health Plan Identifier Enforcement Enforcement

Copyright The Kearney Group LLC All Rights Reserved 13 Privacy vs Security Privacy Rule - The right of an individual to withhold his or her individual healthcare information from public scrutiny Privacy Rule - The right of an individual to withhold his or her individual healthcare information from public scrutiny Security Rule - The protection of individual healthcare information held by a healthcare entity, or the infrastructure that makes privacy possible Security Rule - The protection of individual healthcare information held by a healthcare entity, or the infrastructure that makes privacy possible

Copyright The Kearney Group LLC All Rights Reserved 14 HIPAA Covers Paper Paper Oral Oral Electronic Transmissions Electronic Transmissions

Copyright The Kearney Group LLC All Rights Reserved 15 WARNING: Dangerous HIPAA! Please Keep Her Quiet By Keeping All Health Information Confidential

Copyright The Kearney Group LLC All Rights Reserved 16 Responsibility for your new “CULTURE Of Caution” Each covered entity must designate a privacy official who is responsible for development and implementation of privacy policies and procedures. Each covered entity must assign security responsibility to one or more individuals. Each covered entity must designate a privacy official who is responsible for development and implementation of privacy policies and procedures. Each covered entity must assign security responsibility to one or more individuals.

Copyright The Kearney Group LLC All Rights Reserved 17 Roadmap for your new “CULTURE Of Caution” Complete a “PHI” inventory. Complete a “PHI” inventory. Understand the purposes of all uses and disclosures of “PHI”. Understand the purposes of all uses and disclosures of “PHI”. Start “looking for leaks.” Start “looking for leaks.”

Copyright The Kearney Group LLC All Rights Reserved 18 Roadmap for your new “CULTURE Of Caution” HIPAA Compliance is impossible without knowing which particular items of PHI your organization uses, and the various forms in which it appears. HIPAA Compliance is impossible without knowing which particular items of PHI your organization uses, and the various forms in which it appears.

Copyright The Kearney Group LLC All Rights Reserved 19 “CULTURE of Caution” Protected Health Information (PHI) Protected Health Information (PHI) All individually identifiable information in ANY form or media All individually identifiable information in ANY form or media Names Names Geo-codes less than state Geo-codes less than state All dates All dates Phone, fax, , Phone, fax, , SSN SSN Medical Record, Medical Record, Beneficiary Beneficiary Account # Account # Certificate / License # Certificate / License # Vehicle IDs Vehicle IDs Device IDs Device IDs URLs, IP Addresses URLs, IP Addresses Biometrics Biometrics Full Face Photo Full Face Photo Any Other Unique ID or Character ID Code Any Other Unique ID or Character ID Code

Copyright The Kearney Group LLC All Rights Reserved 20 ‘Warning Sign” for your new “CULTURE Of Caution” PHI is protected regardless of its form. Protected health information includes written documents, spoken words, data stored on computers, telephone conversations, charts and diagrams, information transmitted via data networks, etc. PHI is protected regardless of its form. Protected health information includes written documents, spoken words, data stored on computers, telephone conversations, charts and diagrams, information transmitted via data networks, etc.

Copyright The Kearney Group LLC All Rights Reserved 21 Rules for your new “CULTURE Of Caution” 1. Establish Rules for Protecting Patient Privacy 2. These rules become your organizations “privacy policy.” 3. Create them ‘livable’, ‘reasonable’ and ‘enforceable’. 4. All people who could come into contact with PHI must be trained in the procedures to be followed.

Copyright The Kearney Group LLC All Rights Reserved 22 The privacy “wall” stands firmly on the security “foundation.” PRIVACY SECURITY Privacy and Security

Copyright The Kearney Group LLC All Rights Reserved 23 Barriers for your new “CULTURE Of Caution” Physical security includes: 1. Off-hours building access. 2. Access to areas where “PHI” is readily available. 3. Restricted access file cabinets. 4. Secure waste disposal.

Copyright The Kearney Group LLC All Rights Reserved 24 Barriers for your new “CULTURE Of Caution” Technical security includes: 1. User authentication. 2. Access control. 3. Audit trails.

Copyright The Kearney Group LLC All Rights Reserved 25 What is “Privacy Compliance?” Never having a privacy complaint. Never having a privacy complaint. - OR – Successfully handling all privacy complaints. Successfully handling all privacy complaints. - OR – Correctly answering all questions during a compliance review. Correctly answering all questions during a compliance review.

Copyright The Kearney Group LLC All Rights Reserved 26 Top 10 Privacy Compliance Tasks 1. Assign responsibility for privacy and security. 2. Establish procedures for handling sensitive information. 3. Provide physical security. 4. Provide technical security. 5. Establish rules for protecting patient privacy.

Copyright The Kearney Group LLC All Rights Reserved 27 Top 10 Privacy Compliance Tasks 6. Allow patients access to medical records. 7. Respond to complaints. 8. Publish a notice of privacy practices. 9. Ensure that business associates protect patient privacy. 10. Train the workforce.

Copyright The Kearney Group LLC All Rights Reserved 28 HIPAA Privacy Penalties Civil Not more than $100 for each…violation No more than $25,000 for all violations of identical type during calendar year

Copyright The Kearney Group LLC All Rights Reserved 29 HIPAA Privacy Penalties Criminal Improper use of unique health identifiers, or improperly obtaining or disclosing individual health information, on the basis noted, are Improper use of unique health identifiers, or improperly obtaining or disclosing individual health information, on the basis noted, are subject to maximum of both: Knowingly $ 50,000 1 year False pretenses $100,000 5 years For profit, gain or harm $250, years

Copyright The Kearney Group LLC All Rights Reserved 30 Security 1320d-2 Safeguards 1320d-2 Safeguards Each person described in section 1320d-1(a) of this title who maintains or Each person described in section 1320d-1(a) of this title who maintains or transmits health information shall maintain reasonable and appropriate transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards – administrative, technical, and physical safeguards – (A) to ensure the integrity and confidentiality of the information; (A) to ensure the integrity and confidentiality of the information;

Copyright The Kearney Group LLC All Rights Reserved 31 Security 1320d-2 Safeguards (cont) 1320d-2 Safeguards (cont) (B) to protect against any reasonably anticipated – (B) to protect against any reasonably anticipated – (i) threats or hazards to the security or integrity of the (i) threats or hazards to the security or integrity of the information; and information; and (ii) unauthorized uses or disclosures of the information; and (ii) unauthorized uses or disclosures of the information; and (C) otherwise to ensure compliance with this part of the officers and employees of such person. (C) otherwise to ensure compliance with this part of the officers and employees of such person.

Copyright The Kearney Group LLC All Rights Reserved 32 Implications 40% Technical 40% Technical 60% Culture 60% Culture How we do business will change How we do business will change

Copyright The Kearney Group LLC All Rights Reserved 33 To Ponder 90% of HIPAA is 50% Mental

Copyright The Kearney Group LLC All Rights Reserved 34 HIPAA Acceptance Cycle Recoil Recoil Retaliation Retaliation Counteraction Counteraction Amusement Amusement Cooperation Cooperation Appreciation Appreciation

Copyright The Kearney Group LLC All Rights Reserved 35 Covered Entities Need … To effectively implement HIPAA by the compliance date, covered entities need to engage ASAP the following: Awareness Education Management as well as employees must buy in Transaction Compliance Privacy & Security Compliance Seek Assistance

Copyright The Kearney Group LLC All Rights Reserved 36 When do I start? N O W

Copyright The Kearney Group LLC All Rights Reserved 37 Where do I start? Workgroup for Electronic Data Interchange Workgroup for Electronic Data Interchange Strategic National Implementation Process Strategic National Implementation Process

Copyright The Kearney Group LLC All Rights Reserved 38 The HIPAA Sleeps Tonight Timothy Loewenstein October 7th, 2002

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.