1. HIPAA Update Randy Snyder

2. Topics Today  Security Primer  Electronic Transactions Clearinghouse Update  Secure Certificates

3. Where are we at with HIPAA?  Privacy Practices –Policies and Procedures available at ISAC website  Electronic Transactions –Electronic Transaction Clearinghouse –28E ETC via ISAC  Security Regulations (April 2005) –Policies and Procedures TBA

4. Privacy Practices  Implemented in April 2003  Changes in Policies and Procedures  Available via ISAC Website –http://www.iowacounties.orghttp://www.iowacounties.org

5. Electronic Transactions & Code Sets  October 2003 Implementation  Payers must be capable of accepting HIPAA Compliant Transactions if requested by Provider  28E ETC (Electronic Transaction Clearinghouse) administered by ISAC  https://etc.iowacounties.org https://etc.iowacounties.org

6. 28E ETC  Available to all counties currently 65 signed up  CPC, Jail, General Assistance typical initial HIPAA users (currently inbound only)  EDI Transactions capability  Future potential other uses could include electronic ordering, invoicing and payments for use by other departments

7. ETC Features  Internet Access –SSH FTP for Providers (Medical Practitioners) –Secure Website for Counties –Option for SSH FTP for file transmissions to counties  Support by ISAC’s Tammy Norman –Voice Phone: 515-244-7181 –E-mail: tnorman@iowacounties.orgtnorman@iowacounties.org  Secure Hosting Facility by Quilogy

8. ETC Features cont.  Processes –837/835 Claims –277/276 Eligibility –270/271 Status  Multiple Dept Capable –Requires separate Taxpayer Identification Number  Internal Process Independent  Printable Transactions  Auditable Transaction Numbers  E-Mail Notification  Future updates/ changes dependent on County input

9. Security Regulations Compliance  April 2005 Compliance Date  Policies and Procedures being developed by HIPAA Security Committee (Chaired by Jim Rice, Cerro Gordo)  To be published via ISAC Website

10. Security Action Plan  Assign Security Officer Role  Establish Policies and Procedures –Look for Boilerplates on ISAC Website  Perform Risk Assessment  Resolve Findings in Risk Assessment  Develop & Implement Risk Mgmt Plan –Continuity Plan Disaster Recovery Data Backup –Security Procedures Server/Workstation Network Infrastructure Physical/Logical

11. Components of Security  People –Awareness –Competency  Process –Policies –Procedures  Technology –Perimeter Hardening –Critical Core Strengthening

12. Resources  ISAC –www.iowacounties.orgwww.iowacounties.org  ICIT –www.icit.state.ia.uswww.icit.state.ia.us  SNIP –www.wedi.org/snip/www.wedi.org/snip/

13. Questions?