Download presentation
Presentation is loading. Please wait.
Published byClaire Roberts Modified over 10 years ago
1
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 http://www.ocius.biz Health Insurance Portability and Accountability Act General Overview for Software Vendors
2
Background Originally proposed in 1996 as part of a comprehensive set of reforms targeting health insurance Administrative Simplification section created in response to the commercialization of health information and the potential for abuse with the increased use of electronic systems Prior to HIPAA, there were no federal regulations to govern the use of personal health information (PHI)
3
Some Significant Abuses Marketing Employment Screening Inappropriate release of private information
4
Legislative Authority Department of Health and Human Services –Defines requirements –Educates and inspects (Office of Civil Rights) –Fines for minor offences Department of Justice –Criminal prosecution
5
What is HIPAA? Four Components –Transaction Standards –Privacy Regulations –Security Regulations –National Provider ID Regulation of individually identifiable health information
6
What is HIPAA? Covers electronic systems –Billing –EMR –Scheduling Impacts –Health plans –Health care providers –Health care clearing houses
7
HIPAAs Goals Reduce administrative burdens Protect the privacy of individually identifiable health information Ensure the security, integrity and availability of health information
8
Transaction Standards Creates standard transaction sets for communicating health information via electronic interfaces Creates a standard definition of data elements Impacts billing, enrollment, disenrollment and authorization transactions Final rule published in August 2000 Requires implementation within 24 months
9
Privacy Standards Requires a covered entity to make a reasonable effort to obtain a patients permission to use their PHI for Treatment, Payment and Healthcare Operations (TPO) Requires a covered entity to obtain a patients permission for any non-TPO use of health information Defines the approved uses of health information Defines the process for gaining approval Gives patients the right to dispute information in their health records Defines the process for patient disputes
10
Security Standards Regulate integrity, confidentiality, unauthorized access, and availability Five components: –Administrative procedures –Physical safeguards –Technical security services –Technical security for networks –Electronic signature
11
Impact on Software Vendors Transaction Standards –Implementation by 10/2004 –Standard data elements and transaction formats Privacy Standards –Implementation by 4/2003 –Minimal impact on software vendors Security Standards –No implementation date (12 months from final rule date) –Largest impact on software vendors
12
Operational Issues Legal requirements –Business Associate Agreements Changes to policies and procedures –System Access –Training Software enhancements –Audit –Security
13
Client Issues Interpretation and implementation of three standards in a short period of time Developing appropriate polices and procedures Training, training, training
14
Regulatory Issues Enforcement –Office of Civil Rights –Department of Justice Fines and Penalties –Monetary fines for inappropriate disclosure of PHI –Potential jail time for willful misuse of PHI
15
Risk and Opportunities Timeline for implementation of security requirements Client focus during the implementation process Development of new policies and procedures Additional or upgraded network infrastructure
16
Got Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.