Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Officers Forum The HIPAA COLLOQUIUM AT HARVARD UNIVERSITY AUGUST 21, 2002 Elliot M. Stone, CEO Massachusetts Health Data Consortium www.mahealthdata.org.

Published byTheresa Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Officers Forum The HIPAA COLLOQUIUM AT HARVARD UNIVERSITY AUGUST 21, 2002 Elliot M. Stone, CEO Massachusetts Health Data Consortium www.mahealthdata.org."— Presentation transcript:

1 Privacy Officers Forum The HIPAA COLLOQUIUM AT HARVARD UNIVERSITY AUGUST 21, 2002 Elliot M. Stone, CEO Massachusetts Health Data Consortium www.mahealthdata.org

2 Privacy Officers Forum Mission Statement Encouraged by the Massachusetts Governor’s Health Care Task Force Administrative Simplification Workgroup to assist Privacy Officers & their organizations to comply with HIPAA Privacy Regulations by April 14, 2003 via: Convening Bi-monthly meetings Facilitating consensus on “reasonable & appropriate” implementation of HIPAA Policies, Procedures, Forms and Templates Seeking clarifications as a Community from DHHS and state officials

3 Privacy Officers Forum Mission Statement (con’t.) Educating Privacy Officers through: -Regular Meetings -Panel Discussions and Case Studies -Reports from Forum Subgroups and Other Privacy Entities -Consortium’s Web Site FAQs – www.mahealthdata.org A Community Resource: encouraging open sharing of work products, policies, and opinions to: -Save Time and Speed Compliance -Define Community Standards

4 Privacy Officers Forum Privacy Officers Forum Co-Chairs: Anne E. Doyle MBA, Compliance & Privacy Officer, Tufts Health PlanAnne E. Doyle MBA Karen G. Grant, RHIA, Chief Privacy Officer, Partners Healthcare SystemKaren G. Grant, RHIA

5 Payers & Govt (16): Beacon Health Strategies, Blue Cross Blue Shield of MA, BMC HealthNet, CIGNA, Delta Dental Plan of MA, Division of Medical Assistance (Medicaid), Executive Office of Health & Human Service, Fallon Healthcare System, Group Insurance Commission, Harvard Pilgrim Health Care, Harvard University Health Services, Health New England, MIT Medical Department, Neighborhood Health Plan, Tufts Health Plan, United HealthCare Providers (17): Baystate Health Systems, Boston Medical Center, Cambridge Health Alliance, CareGroup Healthcare System, Caritas Christi, Children’s Hospital, East Boston Neighborhood Health Center, Emerson Hospital, Lahey Clinic, Mass. Medical Society, New England Medical Center, Partners HealthCare, Risk Management Foundation, Southcoast Health System, South Shore Hospital, UMass Memorial Health Care, Winchester Hospital IT Partners (9) : Cap Gemini Ernst & Young, Computer Sciences Corp., Fidelity Employer Services, IDX Systems Corp., Medco Health Solutions, Novell, Inc., OpenReach Inc., Pricewaterhouse Coopers, WebMD Members

6 Privacy Officers Forum Original Topic Priorities* Discussed: Consents Authorizations Business Associate Contracts Chain of Trust Accreditation Organizations (JCAHO, NCQA) State Law Preemption Minimum Necessary Research: IRBs Employer/Health Plan Sponsors Training Employers as Covered Entities Notice of Privacy Practices Upcoming: Role Based Needs De-Identification Verification of Identity Final Privacy Rules Designated Record Sets State Law Pre-emption * Survey #1: October 2001

7 Privacy Officers Forum Updated Topic Priorities* Definitions of Designated Record Sets Accounting of Disclosures Employer and HIPAA Right to Request Privacy Protection for PHI Policy and Procedure Review/Approval Processes Verification of Identity Role Based Needs Opportunity to Agree or Object to Disclosure Access and Amend PHI Personal Representatives Interface with IT Dept. De-Identification Group Health Plans and Plan Sponsors Uses and Disclosures for Research Marketing Fundraising *Survey #2: June 2002 ranking

8 Other Suggested Topics* State Jurisdiction-by patient residence vs. treatment location Budgeting Mitigation if breach occurs Suggested safeguards when using PHI Hybrid entity designation Confidential communication Patient Rights and requirements *Survey #2: June 2002

9 “Ah-Ha” - Lessons Learned: Privacy Officers Forum A Reasonable & Appropriate Community Approach to Compliance Professional Judgment: The Rules were NOT designed: To put anyone out of Business To override the professional judgment of the covered entity Providers and insurers can assume that each covered entity is making reasonable judgments when requesting PHI, minimum necessary information…let’s not demonize other covered entities Business Associates: In MOST instances: Provider Organizations are NOT Business Associates of the Health Plans Brokers are Business Associates of Employers NOT the Health Plans Pre-Emption: Federal and State Mental Health Law conflicts identified: Boston Bar Association will make recommendations to the MA State Legislature

10 “Ah-Ha” - Lessons Learned: Privacy Officers Forum (con’t.) Minimum Necessary: An “expanded consciousness” not an adversarial state: Can build on “Need to Know” standard, already practiced in many institutions Does not require that all risk of incidental use or disclosure be eliminated Explicitly provides for use and disclosure that cannot be reasonably prevented, is limited in nature, and that occurs as a by-product of an otherwise permitted use or disclosure Some covered entities’ (e.g. providers, health plans, etc.) abilities to implement “role- based access” are currently limited by their “legacy” systems All automated applications do not have to be replaced in order to comply Some Insurers are considering eliminating “release of info/consent” language from subscriber’s enrollment forms Reminder: There are many different opinions on how to implement “minimum necessary,” but most would agree, it is more than a presumptive “what-we-currently-do” as the minimum necessary stance - i.e. proclaiming that minimum necessary is nothing but “what I say it is”

11 “Ah-Ha” - Lessons Learned: Privacy Officers Forum (con’t.) Training: Providers & Insurers are sharing Training Tips! For example: Use actual taped calls (with permission)– case studies work! Use real examples of breaches: large & small – case studies Explain impact on daily work (optional to mention HIPAA) Try to predict which changes will result in improvement Make privacy visible (pens, badges, signs etc..) Administer pre-training HIPAA surveys Internet & CD ROM not accessible to all providers Include other compliance messages with HIPAA Privacy Training

12 Privacy Officers Forum Resources

13 Multiple inter-organizational collaborative bodies  CIO Forum - focus on inter-organizational health data issues  Operations Forum - focus on claims process and HIPAA transactions  HECC - HIPAA Educational Coordinating Committee  Privacy Officers Forum - focus on HIPAA privacy/compliance  Security Officers Forum - focus on HIPAA security (kick-off 4/12/02)  Webmaster Group - quarterly meetings Current Forums www.mahealthdata.org

Download ppt "Privacy Officers Forum The HIPAA COLLOQUIUM AT HARVARD UNIVERSITY AUGUST 21, 2002 Elliot M. Stone, CEO Massachusetts Health Data Consortium www.mahealthdata.org."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.

Similar presentations

Ads by Google