PricewaterhouseCoopers 1 Administrative Simplification: Strategic Thinking in Compliance National HIPAA Summit V Baltimore, MD October 31, 2002 William.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA TRANSACTIONS HIPAA Summit IV 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.
Copyright Fleisher & Associates A HIPAA PRIMER FOR PUBLIC HEALTH PEOPLE CPHA-N Conference 2003 January 30, 2003 Presented by: Steven M. Fleisher,
Health Insurance Portability and Accountability Act (HIPAA)
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
1 Integrating Privacy and Security HIPAA Summit/WEDI Security Baltimore, MD September 14, 2004 William R. Braithwaite, MD, PhD “Doctor HIPAA”
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
HIPAA TRANSACTIONS 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and Human Services.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
PricewaterhouseCoopers Administrative Simplification Overview HIPAA Summit West II San Francisco, CA March 14, 2002 William R. Braithwaite, MD, PhD “Dr.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.
PricewaterhouseCoopers 1 Administrative Simplification: Strategic Thinking in Compliance National HIPAA Summit Washington, DC April 25, 2002 William R.
Standard Unique Health Identifier for Health Care Providers April 9, th Annual HIPAA Summit Gail Kocher Highmark.
HIPAA Privacy for Pharma Audioconference 5/29/2002 pwC.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy, Security, and Compliance NCHCC Washington, DC February 6, 2003 William R. Braithwaite,
Systems, Data and HIPAA from a Medicaid Perspective Rick Friedman, Director Division of State Systems Center for Medicare and Medicaid US Dept Health &
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
1 Administrative Simplification: The Last Word National HIPAA Summit 8 Baltimore, MD March 9, 2004 William R. Braithwaite, MD, PhD “Doctor HIPAA”
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
© 2014 By Katherine Downing, MA, RHIA, CHPS, PMP.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
April 14, 2003 – HIPAA Privacy Audioconference The Importance of April 14, 2003: Where you should be regarding HIPAA privacy policies and procedures and.
HIPAA Privacy Rule Training
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
Privacy Project Framework & Structure
Disability Services Agencies Briefing On HIPAA
HIPAA Administrative Simplification
HIPAA Security Standards Final Rule
National Congress on Health Care Compliance
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Privacy and Security Update - 5 Years After Implementation
Presentation transcript:

PricewaterhouseCoopers 1 Administrative Simplification: Strategic Thinking in Compliance National HIPAA Summit V Baltimore, MD October 31, 2002 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA

PricewaterhouseCoopers 2 Purpose of Administrative Simplification “To improve the efficiency and effectiveness of the health care system by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.”

PricewaterhouseCoopers 3 HHS Required to Adopt Standards: Electronic transmission of specific administrative and financial transactions (including data elements and code sets) List includes claim, remittance advice, claim status, referral certification, enrollment, claim attachment, etc. Others as adopted by HHS. Unique identifiers (including allowed uses) Health care providers, plans, employers, & individuals. For use in the health care system. Security and electronic signatures Safeguards to protect health information. Privacy For individually identifiable health information.

PricewaterhouseCoopers 4 Philosophically Speaking …

PricewaterhouseCoopers 5 HIPAA Standards Philosophy To save money: every payer must conduct standard transactions. no difference based on where transaction is sent. Standards must be industry consensus based (whenever possible). national, scalable, flexible, and technology neutral. Implementation costs must be less than savings. Continuous process of rule refinement: Annual update maximum (for each standard) to save on maintenance and transitions.

PricewaterhouseCoopers 6 Identifiers Identifiers should contain no ‘intelligence’. Characteristics of entities are contained in databases, not imbedded in construction of identifier. Identifiers should be all numeric. For easy telephone and numeric keypad data entry. Identifiers should incorporate an ANSI standard check digit to improve accuracy. Exception for Employer Identification Number [EIN]. –Already exists and supported.

PricewaterhouseCoopers 7 5 Principles of Fair Info Practices Openness [Notice] Existence and purpose of record-keeping systems must be publicly known. Individual Participation [Access] Individual right to see records and assure quality of information. –accurate, complete, and timely. Security [Safeguards] Reasonable safeguards for confidentiality, integrity, and availability of information. Accountability [Enforcement] Violations result in reasonable penalties and mitigation. Limits on Collection, Use, and Disclosure [Choice] Collected only with knowledge and permission of subject. Used only in ways relevant to the purpose for which the data was collected. Disclosed only with permission or overriding legal authority.

PricewaterhouseCoopers 8 Rule #1: Don’t surprise the patient!!!

PricewaterhouseCoopers 9 Key Security Philosophy Identify & assess risks/threats to: Confidentiality Integrity Availability Take reasonable steps to reduce risk, and keep it low.

PricewaterhouseCoopers 10 Expected Security Final Rule Definitions and applicability harmonized with privacy. Requirements clarified and redundancies removed. Same philosophy as NPRM. Organization specific risk analysis and documentation of decisions. Only applies to electronically maintained and transmitted health information. Continues to be technology neutral. No electronic signature standard.

PricewaterhouseCoopers 11 General Security Rule Structure Rule composed of standards, each of which may have required and addressable implementation specifications. CE must assess, and document, whether each addressable implementation specification is a reasonable and appropriate safeguard in its environment, … taking into account the following factors:

PricewaterhouseCoopers 12 Assessment Factors The technical capabilities of record systems used to maintain electronic protected health information; The costs of security measures; The need for training persons who have access to electronic protected health information; The value of audit trails in computerized record systems; and The size, complexity, and capabilities of the covered entity, and Implement the specification where reasonable and appropriate; or document the rationale behind a decision to implement alternative measure(s) to meet the standard.

PricewaterhouseCoopers 13 Administrative Requirements Apply to both privacy and security. Flexible & scalable (i.e., requires thought!). Covered entities required to: Designate a responsible official (privacy/security). Develop policies and procedures (P&P), –including on receiving complaints. Train workforce on HIPAA & entity’s P&P. Develop a system of sanctions for employees who violate the entity’s policies. Meet documentation requirements.

PricewaterhouseCoopers 14 Major Impacts of Privacy and Security New Patient Rights A written notice of information practices. Inspect and obtain a copy of their PHI. Obtain an accounting of disclosures. Amend their records. Accommodation of reasonable confidential communication requests. Policies, Procedures, and Practices Must be documented and workforce trained on them. Agents and contractors must agree to protect health information under business associate agreements. Security Required by Privacy e.g., role-based access.

PricewaterhouseCoopers 15 Enforcement Philosophy Enforcement by investigating complaints. not HIPAA police force -- OCR not OIG for privacy. Fines by HHS are unlikely (and small). Required by HIPAA to help people comply! Fines and jail time possible from DOJ. Where intent can be proven. BUT, real risk comes from Civil liability from private lawsuits. False claims act. Federal Trade Commission (Eli Lilly). New privacy laws (federal and state).

PricewaterhouseCoopers 16 Strategically speaking, don’t wait around…

PricewaterhouseCoopers 17 Participate! Represent your sector in SDO meetings. Monitor HIPAA rule making (listservs). Respond to NPRMs: reasoned, practical advice to HHS, about your environment. Personal responses as well as institutional. Participate in efforts to share knowledge. WEDI and regional/national SNIP. Professional associations. Attend/listen to NCVHS hearings. Read recommendations to HHS (web site).

PricewaterhouseCoopers 18 Implement Ahead of Requirements Primary focus on business drivers, secondary focus on regulatory drivers. Implement philosophy first, then details: Information protection is an emerging business imperative. Remove system dependencies on identifier ‘intelligence’. Standards based inter-system communication. Make early decisions about electronic systems to meet documentation requirements: e.g., Disclosure accounting, Designated record sets, Acknowledgement tracking.

PricewaterhouseCoopers 19 Implement Likely Regulations Expected rules often transparent before final: Security rule, Transaction rule implementation guide addenda, NDC code requirement rescission, etc. Implement as if you are COVERED ENTITY good BUSINESS ASSOCIATE practice; may fall under law in future (e.g., in Texas). Hold sales force to products (e.g. policies) that can be supported by standards. Don’t expect delays in privacy compliance dates. Waiting until last minute always costs more than tweaking solutions implemented ‘at leisure’.

PricewaterhouseCoopers 20 Understand & Control Your Data Flows Cost savings in TCI Requires process re-engineering of data flows (and reduction of labor) to get most ROI. Think about data flows and transactions not done electronically now: include them in strategic plans for future conversion. Privacy, security: Inventory of data flow is one of first steps. Use hyperlinked data flow diagrams to educate, index, locate and maintain policies and procedures.

PricewaterhouseCoopers 21 Consolidate Requirements Approach enforcement from risk management philosophy: Good faith efforts and documentation are essential to demonstrate compliance. Find commonality in lower level implementation projects. Structure of compliance effort: Privacy and security programs should be well coordinated (e.g., in an Information Protection program). Same structure, management team, and project support infrastructure: –Same mechanism to implement all training requirements. –Consider common responsibility & reporting – CPO, CSO. –Different experts and operational members. Integration of new programs into existing compliance effort. Partner with legal resources.

PricewaterhouseCoopers 22 Enable Technology Flexibility Rules will continue to be technology neutral Build/buy most cost-effective technology. Standards based implementations save money Not a place to compete; proprietary solutions will cost more in end than the revenue they may generate by coercion. Participating in SDO activity can give years of warning. Consistent, system-wide APIs for services such as security allows flexibility and change without rewrites. Eases buy/build decisions. Easier integration of disparate systems.

PricewaterhouseCoopers 23 Strategic Thinking Points Participate in Rule Making Implement Ahead of Requirements Implement Likely Regulations Understand & Control Your Data Flows Consolidate Requirements Enable Technology Flexibility Don’t Do It All Alone

PricewaterhouseCoopers 24 BE REASONABLE!

PricewaterhouseCoopers 25 The Cost, Quality, Standards Relationship Standards-based automation of routine functions lowers rate of rising costs (labor). Only possible if accompanied by process redesign. Standardized data increases its usefulness for quality improvement studies. –Knowing what’s best can improve quality, but doesn’t prevent error. –4 th leading cause of death: medical errors! Standards for clinical information will allow more cost-effective introduction of IT support at point of clinical decision making. Which in turn, will lead to fewer errors, higher quality care, and lower costs (e.g. e-Rx, CPOE, EMR). NCVHS recommendations for PMRI standards.

PricewaterhouseCoopers 26 The Future of HIPAA Photo by Jay Kossman, PwC

PricewaterhouseCoopers 27 Use HIPAA as a Catalyst for Change High Availability Greater ROI Adverse Drug Interactions Clinical Order Entry Individual E-HDb Privacy Security EDI Availability Connectivity Better Information Efficiency Lower Mortality EMR HIPAA

PricewaterhouseCoopers 28 Resources Centers for Medicare and Medicaid: posting of regulations. instructions to join Listserv to receive notification of events related to HIPAA regulations. submission of rule interpretation questions (except privacy). Office for Civil Rights: for privacy regulations and questions.

PricewaterhouseCoopers 29 Resources National Committee on Vital and Health Statistics ncvhs.hhs.gov Workgroup on Electronic Data Interchange snip.wedi.org Other useful stuff:

 Only 165 days left!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.