Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA – Developing an Understanding

Published byLouise Arleen Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA – Developing an Understanding"— Presentation transcript:

1 HIPAA – Developing an Understanding
Robert C. Bergin Ohio Department of Job and Family Services

2 Title I – Health Care Access, Portability, and Renewability
Title I of HIPAA protects health insurance coverage for workers and their families Limits exclusion for pre-existing conditions Prohibits discrimination based upon health factors Provides special enrollment rights Defines creditable coverage and significant breaks

3 Title II – Preventing Health Care Fraud and Abuse; Administrative Simplification; and Medical Liability Reform Title II is intended to combat waste, fraud, and abuse in health insurance and healthcare delivery Simplify the administration of health insurance Promote “Administrative Simplification”

4 Administrative Simplification
Goals of Administrative Simplification Protect privacy of “Protected Health Information” – PHI Standardize electronic exchanges to improve efficiency Secure data processing systems Implement standard identifiers Providers Employers Health Plans

5 HIPAA Rules Privacy Rule – 4/14/03
Transaction and Code Set Rule – 10/16/03 Security Rule – 4/21/05 Standard Identifiers National Employer Identifier Rule – 7/04 National Provider Identifier Rule - TBD National Health Plan Identifier- TBD

6 Who Must Comply? Covered Entities
Health Plans – An individual or group plan that provides or pays the cost of medical care Medicare Medicaid Health insurance issuer HMO VA health care system Others

7 Health Plan General Exclusions
Any government-funded program, other than those specifically included, whose principal purpose is other than providing or paying the cost of health care but which do incidentally provide such services For example, programs such as the Special Supplemental Nutrition Program for Women, Infants and Children (WIC) are not considered to be health plans

8 Health Plan General Exclusions Continued
Any government-funded program whose principal activity is the making of grants to fund the direct provision of health care to individuals For example, the Maternal/Child Health Block Grant Title V program

9 Health Plan General Exclusions Continued
An agency that “determines eligibility for or enrollment in a health plan that is a government program providing public benefits, when that agency is not the agency that administers the program”, is not a covered entity. -“ For example, an agency that is not otherwise a Covered Entity, such as a local welfare agency, is not considered to be a Covered Entity because it determines eligibility or enrollment or collects enrollment information as authorized by law.”

10 Is a private benefit plan a health plan?
Is the plan an individual or group plan, or combination thereof, that provides, or pays for the cost of, medical care? NO STOP! The plan is a health plan NO YES Does the plan have both of the following characteristics: (a) it has fewer than 50 participants, and (b) it is self-administered? Is the plan a group health plan? YES YES NO Is the plan a health insurance issuer? NO YES NO STOP! The plan is not a health plan Is the plan an issuer of a Medicare supplemental policy? Does the plan provide only nursing home fixed- indemnity policies? YES NO NO YES Is the plan an HMO? Is the plan a multi-employer welfare benefit plan? Is the plan an issuer of long-term care policies? Does the plan provide only excepted benefits? NO NO NO

11 Is a government-funded program a health plan?
Is the program one of the listed government health plans? STOP! The program is a health plan YES NO Does the program provide, or pay the cost of, medical care? YES NO Is the program a high risk pool? STOP! The program is not a health plan NO Is the plan an HMO? YES NO NO Is the principal activity of the program providing health care directly? NO Is the principal purpose of the program other than providing or paying the cost of health care (e.g., operating a prison system, running a scholarship or fellowship program)? Does the program provide only excepted benefits? Is the principal activity of the program the making of grants to fund the direct provision of health care (e.g., through funding a health clinic)? NO NO

12 Covered Entities - Continued
Health Care Providers - A health care provider who transmits any health information in an electronic form in connection with a defined transaction covered by the law is a covered entity Physician Dentist Pharmacist Physical Therapist Others

13 Are You a Health Care Provider Under HIPAA?
STOP! You are not a covered health care provider under HIPAA Do you furnish, bill, or receive payment for health care services in the normal course of business? (1) STOP! You are a covered health care provider under HIPAA NO YES YES Do you conduct covered transactions? Are any of the covered transactions transmitted in electronic form? YES

14 Covered Entities - Continued
Health Care Clearinghouses- An entity that processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data into standard data elements or a standard transaction Billing service Switch VAN

15 Are You a Health Care Clearinghouse?
Do you process, or facilitate the processing of, health information from a nonstandard format or content into standard format or content or from a standard format or content into nonstandard format or content? YES YES Do you perform this function for another legal entity? STOP! You are a health care clearinghouse NO STOP! You are not a health care clearinghouse NO

16 Hybrid Covered Entities
If “Covered Entity” functions are performed within a department or program, then the entity to which it belongs is a HIPAA hybrid entity HIPAA rules apply to the component that performs the covered entity function

17 Hybrid Entity - Implications
The importance of being a hybrid entity is that HIPAA requires the entity to build walls between the covered functions and the rest of the entity, so that the non-covered portions do not have access to PHI

18 Business Associates Business Associate is a person or entity who on behalf of a covered entity performs a function or activity that involves the use or disclosure of Protected Health Information (PHI) A covered entity may disclose PHI to its Business Associates if it obtains a written contract specifying that the Business Associate will appropriately safeguard the information

19 Privacy Rule - Background
Traditionally, health information has been “private” not because it is secure but because it has been difficult to access As the ease of exchanging Protected Health Information (PHI) increases, there is a corresponding need to increase privacy protection The privacy rule defines what information you must protect, as contrasted with the security rule which defines how you must protect information

20 Privacy Rule - Definitions
“Protected Health Information” (PHI) is individually-identifiable health information that is transmitted or maintained in any form or medium “Health Information” includes any information, oral or recorded, relating to the health of an individual, the health care provided, or payment for services rendered to the individual

21 Privacy Rule – Definitions Continued
“Privacy Notice”describes how an individual’s medical information may be used and disclosed, and of the individual’s rights and the covered entity’s duties with respect to that medical information “Patient Authorization”is required for the use of information not related to treatment, payment, or health care operations

22 Privacy Rule – Definitions Continued
“Public Health Authority” is an agency that is responsible for public health matters as part of its official mandate Limited use and disclosure are permitted without consent or authorization when there is an overriding public interest Generally, the rule does not apply to de-identified information as long as there is no mechanism for re-identification

23 Privacy Rule – Patient Rights
Right to adequate notice of privacy practices Right to access health information Right to request amendment of health information Right to an accounting of disclosures Right to request restriction of uses and disclosures

24 Privacy Rule – Administrative Requirements
A designated privacy official A privacy contact person A defined complaint process Individuals can request additional restrictions – entities must have a process for responding, but are not required to agree to the request Entity must verify the identity and legal authority of any person requesting PHI

25 Privacy Rule – Administrative Requirements Continued
Employer must provide training on privacy policies and procedures to each person who has contact with PHI Covered entities are required to document that training requirements have been satisfied Employees and Business Associates who violate policies and/or HIPAA regulations must be subject to defined sanctions

26 Standard Transactions
Transaction and Code Set Rule compliance October 16, 2003 ( Public Law ) Health Care Claim or Encounter (837) Health Care Claim Payment and Remittance (835) Health Care Claim Status Inquiry/Response (276, 277) Health Care Eligibility Inquiry/Response(270, 271) Enrollment and Disenrollment in a Health Plan (834) Referral Certification and Authorization (278) Health Plan Premium Payments (820)

27 Code Sets HIPAA has mandated the use of national standard code sets
Elimination of Level III local codes and the limited expansion of Level II HCPCS codes Nationally, Medicaid programs are being forced to “crosswalk” local codes into limited Level II HCPCS codes

28 HIPAA Security Regulations
Security regulations require: Covered Entity (CE) must ensure the confidentiality, integrity, and availability of electronic PHI that the CE creates, receives, maintains, or transmits CE must protect against any reasonably anticipated threats or hazards to the security or integrity of PHI under its control CE must protect against reasonably anticipated uses or disclosures that are not permitted or required by the privacy rule CE must ensure compliance by its workforce

29 Security – Physical Safeguards
Facility access controls Policies governing the receipt and removal of hardware and electronic media that contains PHI into and out of the facility, as well as movement within the facility Policies on workstation area control and workstation use

30 Security – Administrative Safeguards
Documented security management process Assigned security responsibility Workforce security policies Information access controls Emergency contingency plans Security awareness and training programs Security incident reporting procedures Periodic evaluations

31 Security – Technical Safeguards
Technical access controls limiting access to authorized persons or software Audit controls to examine activity in information systems Policies and procedures to protect PHI from improper alteration or destruction Person or entity authentication procedures Technical transmission security measures to protect against unauthorized access

32 Preemption of State Law
Federal regulations preempt all “contrary” state laws, unless a state law is more stringent State law is more stringent if it: Further limits the use or disclosure of PHI Provides individuals with greater rights of access, or more information about their rights Enhances protections afforded by an authorization Imposes greater record keeping requirements Otherwise enhances privacy protection

33 HIPAA Resources Web Sites www.nhvship.org www.hhs.gov/ocr/hipaa

34 Questions?

Download ppt "HIPAA – Developing an Understanding"

Similar presentations

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Dr. Yaseen Hayajneh Health Insurance Portability and Accountability Act Yaseen HayajnehYaseen Hayajneh RN, MPH, PhD.

Dr. Yaseen Hayajneh Health Insurance Portability and Accountability Act Yaseen HayajnehYaseen Hayajneh RN, MPH, PhD.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Similar presentations

Ads by Google