Download presentation
Presentation is loading. Please wait.
Published byKendal Sprouse Modified over 10 years ago
1
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006
2
Community Care Network of Virginia, Inc 2 Discussion Points Overview of HIPAA Regulations Administrative Simplification EDI Components Standard Transactions Standard Code Sets Unique Identifiers Privacy Rule Review Security Rule Overview
3
October 2006Community Care Network of Virginia, Inc 3 HIPAA-What’s in a Name? Health Insurance Portability and Accountability Act Implemented in 1996 Includes Titles I - V Portability -Title I Accountability - Title II Administrative Simplification
4
HIPAA Administrative Simplification Provisions
5
October 2006Community Care Network of Virginia, Inc 5 Who Oversees HIPAA Administrative Simplification? Department of Health & Human Services The Centers for Medicare and Medicaid Services (CMS) Oversees: Transactions & Code Sets Standard Unique Identifiers Security Rule NPI The Office for Civil Rights (OCR) Oversees: Privacy Rule
6
Administrative Simplification Provisions Time Table * Small Health Plans have 1 year longer
7
October 2006Community Care Network of Virginia, Inc 7 Why are HIPAA Electronic Standard Transactions Important? Standardize claim submission Fewer errors Standardize payment method Faster processing Reduces paperwork ( from~400 forms to ~4) Reduces postage costs Real-time patient eligibility and benefits Overall ~~ Less Administrative Burden
8
October 2006Community Care Network of Virginia, Inc 8 Current HIPAA Standard Transactions
9
October 2006Community Care Network of Virginia, Inc 9 Unique Identifiers for HIPAA EDI National Employer Identifier Standard Compliance Date = July 30, 2004 IRS Employer Identification Number (EIN) 9-digit number (Tax ID #) for all employers Number to be used on all claims to identify the Center (54-*******)
10
October 2006Community Care Network of Virginia, Inc 10 Unique Identifiers for HIPAA EDI National Provider Identifier (NPI) Compliance Date = May 23, 2007 {Small Health Plans = May 23, 2008} We will discuss details in Part 2….
11
Reviewing of the Privacy Rule
12
October 2006Community Care Network of Virginia, Inc 12 On To The Privacy Rule……... Purpose: Provides national standards to protect Protected Health Information (PHI) Gives patients increased control over their health information Sets limits on the use of and disclosure of health information Allows for a balance in disclosing PHI in some forms for public health reasons Establishes penalties for violations of a person’s privacy rights.
13
October 2006Community Care Network of Virginia, Inc 13 Areas Addressed in the Privacy Standards + Notice of Privacy Practice (NPP ) + Use & disclosure of PHI + T P O + Authorization for Release of PHI + Minimum Necessary Information + Incidental Uses Disclosures + Oral Communications + Accounting of Disclosures + Business Associates + Personal Representatives & Minors + Marketing & Health- Related Communications + Research + Government Access to PHI + Violations & Penalties
14
October 2006Community Care Network of Virginia, Inc 14 Review of Patient’s Rights... Receive a copy of Notice of Privacy Practices (NPP)/Signature of Receipt Review & request copies of/amendments to their medical records Need to be informed on how their PHI may be used/disclosed {stated in NPP} Any release of PHI will be held to the minimum necessary to achieve the task File grievance concerning privacy issues
15
October 2006Community Care Network of Virginia, Inc 15 What Should We Have in Place ? Policies & Procedures that address the requirements of the Standards Forms that support P &P NPP acknowledgement of receipt Restrictions on uses & disclosures of PHI Patient request to review & copy medical record Denial for access to the request Amendment of the medical record Accounting of disclosures log Patient Authorization for disclosure other than TPO Patient Grievance Form
16
October 2006Community Care Network of Virginia, Inc 16 How’s Privacy Compliance Going ? DHHS Reports the following: As of November 30, 2005- 16,625 privacy rule complaints received by the Office for Civil Rights since the effective date (April 14, 2003) 69% of the cases have been resolved/closed Covered entity corrected the problem Complaint was not a true violation of Privacy Rule 263 violations referred by the OCR to the Department of Justice for potential prosecution-- one case has been successfully prosecuted
17
October 2006Community Care Network of Virginia, Inc 17 How’s Privacy Compliance Going ? DHHS Reports the following: Top Five Complaints Against Providers 1. Impermissible use/disclosure of PHI 2. Lack of adequate safeguards in place 3. Refusal or failure to provide a patient access to records 4. Disclosure of more than minimally necessary information 5. Failure to obtain valid authorizations for disclosures that required them.
18
October 2006Community Care Network of Virginia, Inc 18 The Penalties………….. $100/incident up to ---- $25,000/person/year/ standard violated $50,000 and/or ONE year I prison for knowingly violating the Rule
19
October 2006Community Care Network of Virginia, Inc 19 The Penalties………….. False Pretense: Up to $100,000; 5 years in prison For Commercial Gain, Advantage, or Harm - $250,000; 10 years in prison
20
October 2006Community Care Network of Virginia, Inc 20 Suggestions for Compliance Ensure Policies & Procedures (P & P) cover standards in the Rule and are up-to-date with Center operations ANNUAL staff training on current Privacy P & P Continue to make the Center Notice of Privacy Practices (NPP) available to patients and obtain signatures of receipt for medical record. Ensure Privacy Officer is designated Ensure Business Associate Agreements (BAA), according to the Rule standards, are in place
21
October 2006Community Care Network of Virginia, Inc 21 Security Rule Compliance Date = April 21, 2005 Purpose: Ensure the integrity, availability, & confidentiality of EPHI {Electronic PHI} Protect against reasonably anticipated threats of security & improper use or disclosure of EPHI Ensure compliance by Center staff
22
October 2006Community Care Network of Virginia, Inc 22 What Does the Security Rule Include? Electronic Protected Health Information {EPHI} ONLY Privacy Rule covers all PHI in paper, oral, and electronic format. All stored data and transmitted data in systems All Covered Entities Standards to ensure that appropriate access to EPHI is addressed.
23
October 2006Community Care Network of Virginia, Inc 23 Security Rule Concepts Flexible & Scalable Works for small to large providers & health plans Technology Neutral Allows for future technology advances Comprehensive Administrative Safeguards (policies & procedures) Physical Safeguards (restricting access, providing back-up plans) Technical Safeguards (authentication, integrity controls, access)
24
October 2006Community Care Network of Virginia, Inc 24 Required vs. Addressable Specifications Required Implementation of specification is mandatoryAddressable Specification must be used if the risk analysis shows it is needed If a specification is not implemented, documentation must explain why & what else is being done in its place
25
October 2006Community Care Network of Virginia, Inc 25 Security Standards Flowchart
26
October 2006Community Care Network of Virginia, Inc 26 Implementing Security Risk Analysis should access security risks & vulnerabilities Consider Center size, capabilities, & costs of addressing the security areas Assign a Security Officer May have a “group” working together ~ responsibility must be assigned to an individual.
27
October 2006Community Care Network of Virginia, Inc 27 Implementing Security Develop P & P to address the security standards as appropriate and reasonable for Center operations. TRAIN staff on the P & P and the overall purpose of implementation Ensure proper language in BAAs to cover security standards. Evaluate Security P &P at least annually to ensure they are being followed & to update as appropriate
28
October 2006Community Care Network of Virginia, Inc 28 Relationships between Privacy & Security Privacy is the… Who What When Security is the… How
29
October 2006Community Care Network of Virginia, Inc 29 Relationships between Privacy & Security Privacy covers PHI on paper, orally, & electronic format Security covers electronic PHI ONLY Security enables Privacy by providing safeguards for proper access to data Business Associate Agreements(Privacy) need to detail how the integrity, confidentiality, & availability of the data exchange will take place (Security).
30
October 2006Community Care Network of Virginia, Inc 30 Tying It All Together----- Patient Registration Collecting PHI Handling PHI Encounter Diagnosis - All digits needed E & M Service - Based on Key Elements Procedures (Modifiers as appropriate) Documentation to support ALL CODES used
31
October 2006Community Care Network of Virginia, Inc 31 Tying It All Together----- Input data into Account Proper Log-in/Access to System Accuracy of Information Submit Claim Electronically Transmission process Request for Medical Record Information Minimum Necessary to complete the request
32
October 2006Community Care Network of Virginia, Inc 32 Tying It All Together----- Electronic Payment/Denial Input Data into Account Proper Access Accuracy Maintaining Integrity of Data Changes to be monitored ON A GOOD DAY---- The Process Works!
33
Patient is Happy ! Billing Staff is Happy Providers are Happy Center Management is Happy Board Members are Happy Everyone is HAPPY !!
34
October 2006Community Care Network of Virginia, Inc 34 Questions??
35
October 2006Community Care Network of Virginia, Inc 35 Thank You for Coming ! ! Stephanie Anderson, CPC Community Care Network of Virginia, Inc. 6802 Paragon Place Suite 630 Richmond, VA 23230 (T) (804) 237-7686 x 102 sanders@ccnva.com
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.