Download presentation
Presentation is loading. Please wait.
Published byHoward Peters Modified over 9 years ago
3
“HIPAA -- -- Beyond April 14, 2003” n “BUILDING HIPAA COMPLIANCE” Beyond April 14, 2003”
4
Health Insurance Portability and Accountability Act of 1996 n Presented For: CAHF Quarterly n Location: Sacramento, California –Date: May 20, 2003
5
Presented by Rhonda Anderson, RHIA –Anderson Health Systems, Inc. –email: office@ahis.net –Phone: 714-558-3881 –Fax.714-558-1302 –Web Site: www.ahis.netwww.ahis.net
6
Q & A by: Juliana Glydon Horizons West, Inc. Phone and emai: –916.624.6230 / info@horizonwest.coml
7
HIPAA TRANSACTION
8
n Who is involved: Administrator, Business Office Manager, HIM/Record Director, Nursing Management, IT resource, Business Associates
9
COMPLIANCE DATES n Electronic Transactions Standards Standardized Code Sets – 10/16/02 or 10/16/03 published
10
COMPLIANCE DATES n Privacy Standards – 4/14/03 n Security Standards – Due February, 2005 n Enforcement Proposed ‘date final??’
11
TRANSACTIONS AND CODE SET
12
DESIGNATED CODE SETS n ICD-9-CM n HCPCS - Health Care Financing Administration Common Procedural Coding System (eliminates level III codes) n CPT is required for Physician’s and ancillary services n HCPCS- health care supplies, etc. n J-Codes used for drugs – (from HCPCS Codes)
13
WHAT DO THESE MEAN TO YOU? n NDC - National Drug Codes – Commercial Pharmacies Billing and other systems will need to be modified to include new standard IDs n UB - 92 will be replaced with 837- new claims form n Computer systems need to accommodate the required codes/changes
14
WHAT DO THESE MEAN TO YOU? - 2 n Compare current code sets to HIPAA standards –Must use standard code sets and code “by the book” –May require modifications or upgrades to computerized coding systems –Accuracy of coding is an issue!!!
15
WHAT DO THESE MEAN TO YOU? - 3 n Follow the Fiscal Intermediary Guidelines…..Be aware of the AHA Coding Clinic & AHIMA Coding recommendations n Watch for CMS Electronic Transmittals for guidance (No more paper transmittals)
16
TCS TESTING… n Testing of the Standardized Transactions required –Must begin testing by April 16, 2003 –May begin testing sooner
17
PRIVACY
18
“SIX NEW PRIVACY RIGHTS” n Notice of Organizations “PHI” Privacy Practices n Request Restrictions on Disclosures to Others of their “PHI” n Request alternative means of communicating “PHI”
19
“SIX NEW Resident RIGHTS”- 2 n May (access) inspect and get a copy of “PHI” n May request Amendments to their “PHI” Must be given an accounting of organization’s disclosures of their “PHI”
20
PRIVACY RULE: WHAT DOES IT DO? HIPAA regulates the use or disclosure of Protected Health Information (PHI)
21
PRIVACY: KEY COMPONENTS n PHI n Notice of Privacy Practices n Acknowledgement n Uses & Disclosures n Authorization n Minimum Necessary n Patient Rights
22
PRIVACY: KEY COMPONENTS -2 n Amendment of Records n Access To Records n Accounting of Disclosure
23
PRIVACY: KEY COMPONENTS -3 n Business Associates n Marketing, Fundraising, and Research n Interaction with State privacy and confidentiality laws-Preemption
24
PRIVACY: KEY COMPOENENTS -4 n Administrative Requirements – Staff, Privacy Officer, Contact Department/Person. Security Officer, Training, Monitoring Penalties
25
WHAT IS PHI? Health and demographic information about an individual that is transmitted or maintained in any medium where the information: Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and Copyright 2002 HIPAA COW
26
WHAT IS PHI? Relates to the past, present, or future Physical or mental health condition of an individual, or Provision of health care to an individual, or Payment for the provision of health care to an individual
27
PRIVACY NOTICES AND BEYOND HIPAA DOES NOT END ON APRIL 14,2003 HIPAA DOES NOT END ON APRIL 14,2003 THE ONLY THING YOU CAN COUNT ON IS CHANGE THE ONLY THING YOU CAN COUNT ON IS CHANGE
28
COMMON HIPAA MANDATES? Notice of Privacy Practices Acknowledgement Accounting of Disclosures Minimum Necessary Standard Access to Records
29
COMMON HIPAA MANDATES? -2 Amendment to Records Disclosure under authorizations Sanctions Audit Trails
30
WHAT IS COMMON? Requests for PHI Requests for PHI Uses of PHI Uses of PHI Disclosures of PHI Disclosures of PHI “Minimum Necessary” – and can it be consistent? Over – dramatization – over correction. REMEMBER RESIDENT CARE AND TREATMENT!! “Minimum Necessary” – and can it be consistent? Over – dramatization – over correction. REMEMBER RESIDENT CARE AND TREATMENT!!
31
REQUESTING PHI – request/or receive PHI Do you ever request/or receive PHI from outside the organization –Is the information for treatment –Is the information for payment –Is the information for operations If not for TPO, why is the information used? have you mapped who?
32
ACCESSING PHI WITHIN Do you know who has access to PHI within the organization and do you know who uses it. Do you know who has access to PHI within the organization and do you know who uses it.
33
“THE STUDY” Have you carried out any of the “due diligence” to the use and disclosure of PHI coming into the facility GOING OUT OF THE FACILITY??? MINIMUM NECESSARY use and disclosure? HOW CAN YOU ASSURE THE MINIMUM NECESSARY use and disclosure?
34
THE TEAM WHAT NEEDS TO BE DONE??? Assure you know who has, uses and discloses PHI Do you know which WorkForce Members access PHI, Use/Disclose PHI Have you got documents to show this information… Carried out “due diligence”
35
POLICIES AND PROCEDURES USE AND DISCLOSURE FOR USE AND DISCLOSURE FOR Treatment Treatment Payment Payment Health Care Operations Health Care Operations Commonly known as “TPO”
36
USE AND DISCLOSURE GENERAL POLICY AND PROCEDURES – ADMINISTRATIVE, CLINICAL RECORDS, OTHER DEPARTMENTS GENERAL POLICY AND PROCEDURES – ADMINISTRATIVE, CLINICAL RECORDS, OTHER DEPARTMENTS –Assure it meets your facility/agency requirement –Assure it meets your facility/agency requirement :
37
DESIGNATED RECORD SET NEW CONCEPT DRIVES POLICY PROCEDURE What is to be included? Medical Records Billing Records Payment Claims Case Management records (maintained for or by a health plan
38
NOTICE - PROCEDURE REQUIREMENTS n Post Notice at the site, on the web n Admission Policy and Procedure
39
USES & DISCLOSURES -1 n PHI can be used/disclosed without consent, authorization, or opportunity to agree/object in the following instances as defined in 164.512
40
USES & DISCLOSURES -2 n EXCEPTIONS include: –Required by law –Public Health activities –Victims of abuse, neglect or domestic violence –Health oversight activities –Law enforcement purposes
41
USES & DISCLOSURES -3 n EXCEPTIONS –cont. –Judicial and administrative proceedings –Decedents (coroners & medical examiners) –Cadaveric organ, eye or tissue donation –Research
42
USES & DISCLOSURES - 4 n EXCEPTIONS –cont. –Avert serious threat to health and safety –Specialized government functions –Correctional institutions & other law enforcement custodial situations –Worker’s compensation
43
USE/DISCLOSURE- MINIMUM NECESSARY n Requires reasonable efforts be made to limit disclosure of ‘PHI’ to minimum necessary to accomplish the intended purpose of the use, disclosure or request.
44
RULE - MAINTAIN RECORDS n The requirement to maintain records and titles of persons responsible for processing request for access for 6 years n These are for those specific authorizations for request of protected health information
45
HIPAA – BUSINESS ASSOCIATES Who is involved: Those person/s companies who are not a part of your work force AND DO NOT PROVIDE TREATMENT
46
BUSINESS ASSOCIATES B.A. ---who works with you and not your employee
47
ADMINISTRATIVE REQUIREMENTS
48
ADMINISTRATIVE n Designation of a Privacy Official n Designation of Contact Person n Employee Training H.O. #3 Training Grid n Safeguards n Complaint procedures n Employee Sanctions
49
ADMINISTRATIVE - 2 n Documentation Requirements n Refraining from intimidating or retaliatory acts n Policies and Procedures n Mitigation of risks n Waiver of rights n Retention period
50
POLICY & PROCEDURES See H.O. #1 Policy and Procedures
51
COMPLIANCE - PRIVACY n Refer to Attached. n H.O. #2
52
E-ISSUES n FAX – NOT addressed in HIPAA n E-Mail – encryption required n Internet vs. Intranet n Security –Or - PRIVACY n Or both??
53
IMPLEMENTATION STRATEGIES
54
IMPLEMENTATION n Understand the impact and liability in YOUR setting n Scalable solutions and applications n Track regulations n Review/Revise project plan n Coordinate with professionals Determine the gap between what is required and what you have
55
WHATS NEW – WHATS NOT n ENFORCEMENT
56
SECURITY IS NOT NEW, BUT FINALIZED Security will focus on certain areas,.
57
SECURITY n Applies to health information in manual or electronic form or information that had at one time been in electronic form. n Operationally difficult to separate security and privacy
58
SECURITY Covered Entities must maintain reasonable & appropriate administrative, physical, & technical safeguards to: Ensure the integrity & confidentiality of PHI Protect against unauthorized access, use, or disclosures by employees or external parties Protect the availability of PHI in emergency and disaster situations Demonstrate compliance by officers and employees
59
KEY TO SECURITY
60
SECURITY: KEY COMPONENTS Administrative Security Procedures Physical Safeguards Technical Security Services Communications Security Electronic Signature
61
ADMINISTRATIVE PROCEDURES n Contingency and Disaster Recovery Planning n Information Access Control n Internal Security Audit Procedures
62
ADMINISTRATIVE PROCEDURES n Personnel Security Transfers Termination procedures Management of authorization methods Personnel clearance procedures Training in security
63
PHYSICAL SAFEGUARDS n Assigned Security Responsibility n Media Controls n Physical Access Controls n Secure Workstation Location
64
TECHNICAL SECURITY SERVICES n Access Controls n Audit Controls n Authorization Controls n Data Authentication n Entity Authentication
65
BEGIN IMPLEMENTATION…
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.