Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.

Similar presentations


Presentation on theme: "The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania."— Presentation transcript:

1 The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania

2 HIPAA Parts HIPAA: 6 of 11 Parts Released: Transactions & Code Sets [2002] Privacy [2003] Unique Identifier- Employer [2004] Security [2005] Enforcement [2006] Unique Identifier – Provider (NPI) [2007]

3 HIPAA Parts HITECH: Health Information Technology for Economic & Clinical Health Act [2/2010] HIPAA Compliance Audit Protocol [7/2012] HIPAA “MegaRule” [1/25/2013]

4 HIPAA Personnel Role Privacy Person [45CFR164.530(a)(1)(i)] Security Person [45CFR164.308(a)(2)] The Federal Government mandates that covered entities have both a privacy person and a security person. This person(s) implements and manages the previously mentioned policies

5 What Needs to Be Done For each of the policies, the HIPAA person will do the following 11 items. This is an ongoing process as an item is truly never done; just like your other work.

6 1. HIPAA Committee Representatives from health services and medical records, information technology, management, finance, and policy.

7 2. Policies & Procedures For the six HIPAA Rules to date, develop policies from the law, not secondary sources The laws are released in the Federal Register

8 3. Training & Awareness Live or on-line, but must be ongoing Staff meeting awareness Payroll stuffers/emails as awareness Integrate awareness to daily activities

9 4. Documentation Documentation must be retained for six years Critical with July 2012 HIPAA Compliance Audit Protocol & MegaRule

10 5. Risk Assessments & Audits Quarterly Authentication: most likely passwords Data integrity checks Have a policy and process to act on the findings

11 6. Complaint Process People need to be aware of how to file a complaint; thus, post process to file complaints Complaints are only to be HIPAA related Have a policy & process to act on the complaints

12 7. Sanction Process Sanction only for the HIPAA violation Internal investigation and/or OCR Civil and criminal penalties per Enforcement Rule Follow-up on the sanction and charge

13 8. Web Site If the covered entity has a web site, the Notice* of Health Information Privacy Practices must be prominently displayed on the web site. Keep the web site updated * Notice as of February 2009 & MegaRule – July 15, 2014

14 9. Formage Develop forms from the laws. May or may not be able to use from other covered entities (ie. addressable Security Rule policies) Educate staff on the formage

15 10. Business Associate Agreements Assess all those external to the workforce who have access to the covered entity’s PHI Both the Privacy Rule & the Security Rule cover BAA’s. HITECH & MegaRule brought tougher BAA requirements

16 11. Research Play an integral role with the covered entity’s Institutional Review Board Ensure minimum necessary standards for data used in research Look for changes in 2013 or 2014

17 Summary Position outlined by the Six Rules of HIPAA that have been released; stay informed on changes and upcoming Rules Communication Organization Keep current


Download ppt "The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania."

Similar presentations


Ads by Google