Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Policy & Procedure Strategies

Published bySydney Thornton Modified over 6 years ago

Similar presentations

Presentation on theme: "HIPAA Policy & Procedure Strategies"— Presentation transcript:

1 HIPAA Policy & Procedure Strategies
David J. Butler & Christopher E. Coleman Strategic Management Systems, Inc. The HIPAA Colloquium at Harvard University August 22, 2002 SMSInc. HIPAA Colloquium at Harvard University

2 Drafting Policies & Procedures
Privacy regulation requires that activities be documented Procedures must be carried out in accordance with regulatory standards Thus, policies and procedures should be developed that are 1. Practical and Operational for your Organization, and 2. Compliant with Federal, State, and Local Regulations SMSInc. HIPAA Colloquium at Harvard University

3 Drafting Policies & Procedures
Who will manage Policy & Procedure process? Establish a Project Manager Establish a Team for drafting and review How do Policies & Procedures get approval? Executive committee review and approval? Board review and approval? Departmental review and approval? Consider Time Management Prioritize roll-out of policies from most challenging to already existing SMSInc. HIPAA Colloquium at Harvard University

4 Policies vs. Procedures
Many of the Policies will be standard, as required by the HIPAA regulations Many Procedures should be TAILORED to your organization’s operations Both Policies & Procedures must be operational and practical for your organization IT MUST BE “DO-ABLE” SMSInc. HIPAA Colloquium at Harvard University

5 Privacy Policy Categories
Administrative Requirements Individual Rights Consents and Authorizations Uses and Disclosures - General PHI Uses and Disclosures - Specific Applications Uses and Disclosures - Authorization Not Required Forms SMSInc. HIPAA Colloquium at Harvard University

6 Administrative Requirements
Designating a Privacy Officer Non-retaliation Policy Sanctioning of Employees Policy Conducting Training Consider the following when drafting: many may already exist within Compliance Program leverage existing policies and procedures insert amendments to cover privacy requirements use as opportunity to audit and update existing policies and procedures SMSInc. HIPAA Colloquium at Harvard University

7 HIPAA Colloquium at Harvard University
Individual Rights Granting Access to Inspect and Obtain Copies Requesting Amendments to Information Requesting Accountings of Disclosures Confidential Communications Consider the following when drafting: Who will receive and process requests from patients? Who will supervise patient’s inspections? Who will review requests for amendments? Will we charge for copies? How much? SMSInc. HIPAA Colloquium at Harvard University

8 Consents and Authorizations
Consent for Use and Disclosure during Treatment, Payment, and Operations Authorization initiated by Provider, OR initiated by Patient Policies and Procedures should be consistent with Consent Form Identify Scenarios for when you would need to obtain Authorization SMSInc. HIPAA Colloquium at Harvard University

9 Uses & Disclosures - General PHI
Identifying Protected Health Information Verifying the Identity and Authority of Requestors Minimum Necessary Disclosures De-identifying PHI Consider the following when drafting: Do we treat all health information as protected? How should we classify employees for access to PHI? Do we ever need to de-identify PHI? Use professional judgement !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! SMSInc. HIPAA Colloquium at Harvard University

10 Uses and Disclosures - Specific Applications
Marketing Fundraising Notice of Privacy Practices Others involved in the Patient’s Care Consider the following when drafting: Do we conduct marketing or fundraising? Who will provide the Notice of Privacy Practices? How do we notify Next-of-Kin? SMSInc. HIPAA Colloquium at Harvard University

11 Uses and Disclosures - Authorization Not Required
Research review by IRB (in most cases) Subpoena Health oversight release (Medicare review) Public Health release (CDC, State) Consider the following when drafting: identify which situations will not apply to your organization identify which polices and procedures can be consolidated (i.e., lessen # of procedures) leverage existing procedures for release of information (e.g., complying with subpoena) SMSInc. HIPAA Colloquium at Harvard University

12 Security Policies & Procedures
Less in number than Privacy Written documentation for all aspects of Security Administrative Physical Technical Access Controls Data Integrity Disaster Recovery Documentation…..Documentation…..Documentation SMSInc. HIPAA Colloquium at Harvard University

13 HIPAA Colloquium at Harvard University
Forms Consent Authorization Request for Amendment Business Associate Contract Chain of Trust Agreements Consider the following when drafting: forms should be reviewed by legal counsel leverage procedures for existing forms (e.g., consent for treatment) will need to identify business associates (many vendors) SMSInc. HIPAA Colloquium at Harvard University

14 Coordinate Privacy and Security
Minimum Necessary De-identification Disclosure Accounting Breach of Privacy Business Associate Training SECURITY Access Controls Personnel Clearance Access Auditing Security Breaches Chain of Trust Training SMSInc. HIPAA Colloquium at Harvard University

15 HIPAA Colloquium at Harvard University
Take Home Message Policies & Procedures MUST BE TAILORED TO YOUR OPERATIONS COMPLY WITH REGULATORY STANDARDS WORK PRACTICALLY FOR YOUR FACILITY SMSInc. HIPAA Colloquium at Harvard University

Download ppt "HIPAA Policy & Procedure Strategies"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.

HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.

Similar presentations

Ads by Google