Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 25, 2002HIPAA Summit -- Roy Rada1 HIPAA Common Practices: Small vs. Large Entities Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore Co.

Published byAron Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "April 25, 2002HIPAA Summit -- Roy Rada1 HIPAA Common Practices: Small vs. Large Entities Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore Co."— Presentation transcript:

1 April 25, 2002HIPAA Summit -- Roy Rada1 HIPAA Common Practices: Small vs. Large Entities Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore Co. rada@umbc.edu

2 April 25, 2002HIPAA Summit -- Roy Rada2 What about best practices? Best practices should be quantifiably successful over a prolonged period and repeatable with modification in similar organizations.

3 April 25, 2002HIPAA Summit -- Roy Rada3 We are not there! Searched web for “HIPAA Best Practices” None were quantifiably successful None were over time None had been systematically reapplied

4 April 25, 2002HIPAA Summit -- Roy Rada4 Wanted Practices that are Common and Compliant The same for all entity types?

5 April 25, 2002HIPAA Summit -- Roy Rada5 Small treated like Large? Average HIPAA expenditure 2001 <100 beds100 to 400 beds >400 beds $3,000 per bed$900 per bed$300 per bed

6 April 25, 2002HIPAA Summit -- Roy Rada6 Recommend Different HIPAA Toolkits For small group physician practice 30 pages Self-contained Few hours of effort For multi-hospital network Thousands of pages Requires extra tools Person years

7 April 25, 2002HIPAA Summit -- Roy Rada7 Outline of 30-page manual for small group physician practice Privacy Patient Rights Communication Administration Training Ecommerce Benefits Letter to Vendors Codes Delay Application

8 April 25, 2002HIPAA Summit -- Roy Rada8 Patient Rights Checklist Do you have?YesNo Consent Authorization Notice of Privacy Practices Access and Amend Policy Accounting and Restriction Policy

9 April 25, 2002HIPAA Summit -- Roy Rada9 Example Consent Form Name of Provider Patient Consent Form Our Notice of Privacy Practices provides information about how we may use and disclose protected health information about you. You have the right to review our notice before signing this consent. As provided in our notice, the terms of our notice may change. If we change our notice, you may obtain a revised copy by ______________. You have the right to request that we restrict how protected health information about you is used or disclosed for treatment, payment or health care operations. We are not required to agree to this restriction, but if we do, we are bound by our agreement. By signing this form, you consent to our use and disclosure of protected health information about you for treatment, payment and health care operations. You have the right to revoke this consent, in writing, except where we have already made disclosures in reliance on your prior consent. ______________________________________ Signature of Patient or Personal Representative ______________________________________ Name of Patient or Personal Representative ___________________________ Date

10 April 25, 2002HIPAA Summit -- Roy Rada10 1-Page Information Practices Notice PROVIDER NOTICE OF INFORMATION PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Uses and disclosures of health information: We seek your consent to use health information about you for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care that you receive. You can revoke your consent.

11 April 25, 2002HIPAA Summit -- Roy Rada11 Physician Practice Policy on Access Access Right We give you access to your health information whether we or our business associates hold that information and whether or not we were the source of the information. Exceptions to this access occur rarely, such as when the information is deemed dangerous. If we feel we need to deny access, we must provide an explanation. Sometimes you can contest this denial, and then we will have a third party review the situation. You may request access verbally or in writing, and we will record your request in a log book. We typically have 30 days in which to provide the information. We will charge you the cost of reproducing and delivering the information; for photocopying this charge is $0.20 per page.

12 April 25, 2002HIPAA Summit -- Roy Rada12 Communication Checklist Do you have policies for?YesNo Phone and face-to-face Email and fax Medical records

13 April 25, 2002HIPAA Summit -- Roy Rada13 Email Policy Ownership and User Privacy of E-Mail Use of electronic mail is a part of business processes. All e-mail originating within or received into is the property of. Confidentiality of Electronic Mail When e-mail is used for communication of individually identifiable health information, specific measures must be taken to safeguard confidentiality. These safeguards follow:

14 April 25, 2002HIPAA Summit -- Roy Rada14 Administration Checklist Do you have?YesNo Privacy Officer Business Associate Contracts Auditing Safeguards State pre-emptions

15 April 25, 2002HIPAA Summit -- Roy Rada15 Business Associate Contract THIS CONTRACT is entered into on this _________ day of _________ between ______________ (“ENTITIY”) and ______________ (“ASSOCIATE”). WHEREAS, ENTITY will make available to ASSOCIATE certain Information that is confidential and must be afforded special treatment and protection.

16 April 25, 2002HIPAA Summit -- Roy Rada16 Auditing Disclosures based on Authorizations for Patient Named “__________” DateTo whom Sent What was Sent Purpose

17 April 25, 2002HIPAA Summit -- Roy Rada17 Training Checklist Privacy Training Person’s Name Date Completed Physician Essay Staff EssayEntire Manual

18 April 25, 2002HIPAA Summit -- Roy Rada18 Physician Awareness The independent physician in a small practice is challenged by budget reforms and legal minefields that make the practice of medicine not what it was in the good old days. The latest challenge comes in the form of HIPAA’s Administrative Simplification provisions.

19 April 25, 2002HIPAA Summit -- Roy Rada19 Staff Training All staff are involved in protecting health information. Staff should be aware of the penalties that could be levied against them by the Federal government. Fines reaching $250,000 and imprisonment can be imposed on physicians, practice managers, receptionists, medical assistants, or nurses. Untrained staff may not realize that respecting privacy is important. All staff are required to undergo training on privacy.

20 April 25, 2002HIPAA Summit -- Roy Rada20 Ecommerce Checklist Have youYesNo Analyzed business efficiency? Checked vendor compliance? Determined code gap? Applied for delay?

21 April 25, 2002HIPAA Summit -- Roy Rada21 Business Efficiency Spreadsheet 1.Number of claims per week: 215 2.Average claim value: $191 3.Time to prepare a manual claim: 6 minutes 4.Time to prepare an electronic claim: 0.5 minutes 5.Staff cost per hour: $14 6.Manual cost per year: #1 * #3 * #5 * (1 hr/60 min) * (52 wks/yr) = $15,652. 7.Electronic cost per year: #1 * #3 * #4 * (1 hr/60 min) * (52 wks/yr) = $1,304. 8.Labor saving is #6 - #7 = $14,348. 9.Bad debt now: 10 % 10.Bad debt after automation: 5% 11.Annual savings from debt change: #1 * #2 * (#9 - #10) * (52 wks/yr) = $106,769.

22 April 25, 2002HIPAA Summit -- Roy Rada22 Letter to Clearinghouse Please explain: your timeline to address each of the transaction changes required by HIPAA and what you expect the practice to do in order to work effectively with you to achieve compliance with HIPAA?

23 April 25, 2002HIPAA Summit -- Roy Rada23 HHS Form for Delay 10. Please check the reason(s) that your organization will not be in compliance with the HIPAA standard for Electronic Transactions and Code Sets by October 16, 2002. Multiple boxes may be checked. Need more money Need more staff Need more information about the standards Waiting for vendor(s) to provide software

24 April 25, 2002HIPAA Summit -- Roy Rada24 Conclusion on Physician Practice Simple Consistent with sound business Graspable handle on entire operation

25 April 25, 2002HIPAA Summit -- Roy Rada25 Large Entity Compliance requires Many people Many deliverables Examples of complexity: Staffing Project management Transactions Training

26 April 25, 2002HIPAA Summit -- Roy Rada26 Hospital Staffing Departments: administration, information systems, finance, legal, compliance, inpatient, ambulatory, medical records. Leadership: Chief Compliance Officer, Information Officer, Finance Officer, and/or Legal Counsel.

27 April 25, 2002HIPAA Summit -- Roy Rada27 Microsoft Project

28 April 25, 2002HIPAA Summit -- Roy Rada28 Transactions You may 1. rely on clearinghouse, 2. translate on the border, or 3. internally integrate. As go from 1 to 3 the short-term costs drop but long-term costs rise.

29 April 25, 2002HIPAA Summit -- Roy Rada29 Costs without Clearinghouse translators can be purchased for $ tens of thousands but tailoring to work costs $ hundreds of thousands, and an internal integration is $ millions.

30 April 25, 2002HIPAA Summit -- Roy Rada30 Training Section ‘§ 164.530 Administrative requirements’ includes this sentence: (b)(1) Standard: training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart, as necessary and appropriate for the members of the workforce to carry out their function within the covered entity.

31 April 25, 2002HIPAA Summit -- Roy Rada31 Roles to be Trained Roles Ri in clinics plus health plan R1 Medical Doctors. R2 Medical Assistants. R3 Clinic Regional Administrator. R4 Claims Examiners. R5 Provider Information Analyst. R6 Application Operations Analyst. R7 Member Services Representatives R8 Authorizations Specialist. R9 Billing Representative. R10 Enrollment Representative.

32 April 25, 2002HIPAA Summit -- Roy Rada32 Content to Roles for Training Privacy Rule Component Pi (like consent) to Role Ri Pi to Ri need-to-know of ++, +, 0 R1R2R3R4R5R6R7R8R9R10 P1++ +00 00..

33 April 25, 2002HIPAA Summit -- Roy Rada33 Conclusion on Large Entities Many roles. Many policy specifics. Much existing infrastructure to match. An opportunity to further harmonize or a big headache.

34 April 25, 2002HIPAA Summit -- Roy Rada34 Conclusion Common practices are appearing. What works differs from small to large entities. Entities should share and define the standard for their entity type.

Download ppt "April 25, 2002HIPAA Summit -- Roy Rada1 HIPAA Common Practices: Small vs. Large Entities Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore Co."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Similar presentations

Ads by Google