Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA in 24 Hours Roy Rada, M.D., Ph.D. Professor, UMBC, Director, HIPAA-IT LLC,

Published byColin Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA in 24 Hours Roy Rada, M.D., Ph.D. Professor, UMBC, Director, HIPAA-IT LLC,"— Presentation transcript:

1 HIPAA in 24 Hours Roy Rada, M.D., Ph.D. Professor, UMBC, rada@umbc.edu Director, HIPAA-IT LLC, rada@hipaa-it.com

2 Dr Rada www.hipaa-it.com2 I Have a Dream I have a dream that similar entities will share HIPAA practices so as to agree common practices that proactively define compliant behavior for that entity type.

3 Dr Rada www.hipaa-it.com3 Wanted Practices that are the Lowest common-denominator and Compliant for an entity type.

4 Dr Rada www.hipaa-it.com4 Start Small For small health care entity, manual is 35 pages, is self-contained, and takes 24 person hours to implement. Then we scale to large entity manual.

5 Dr Rada www.hipaa-it.com5

6 6 24 Hour Compliance Week 1: Executive reads awareness essay & passes manual to office manager – 1 hr. Mission Accepted! Week 2: Office manager studies manual – 2 hrs. Week 3: Office manager does ecommerce part – 2 hrs. and convenes ‘privacy’ meeting of staff – 2 hrs. of manager, 1 hr. everyone else. Week 4: Privacy forms and policies distributed in facility and staff trained – 2 hrs. office manager, 0.5 hr. everyone else.

7 Dr Rada www.hipaa-it.com7 24 Hours (con’t) Week 5: Contracts with external entities collected and assessed – 2 hrs. office manager Week 6-7: Renegotiate business associate clauses – 2 hrs. per week over 2 weeks office manager. Weeks, 13, 26, 39, and 52 – review progress – 2 hrs. office manager. Assume facility has 1 executive, 1 office manager, 6 others. Total in first 7 weeks: executive 1 hr + office manager 14 hrs + assistants 9 hrs = 24 hrs

8 Dr Rada www.hipaa-it.com8 Life Cycle Begins Manual from sponsor (e.g., hospital) to small entity (e.g., physician) with request that executive read the awareness essay and pass manual to office manager.

9 Dr Rada www.hipaa-it.com9 Executive Awareness Awareness essay is 1,000 words. Gentle Reasonable Solution-filled Begins: The executive in a small facility is challenged by budget reforms and legal minefields. The latest challenge comes in the form of HIPAA’s Administrative Simplification provisions.

10 Dr Rada www.hipaa-it.com10 Ecommerce Gap Analysis Have youYesNo Analyzed business efficiency? Checked vendor compliance? Determined code gap?

11 Dr Rada www.hipaa-it.com11 Business Efficiency Spreadsheet 1.Number of claims per week: 215 2.Average claim value: $191 3.Time to prepare a manual claim: 6 minutes 4.Time to prepare an electronic claim: 0.5 minutes 5.Staff cost per hour: $14 6.Manual cost per year: #1 * #3 * #5 * (1 hr/60 min) * (52 wks/yr) = $15,652. 7.Electronic cost per year: #1 * #4 * #5 * (1 hr/60 min) * (52 wks/yr) = $1,304. 8.Labor saving is #6 - #7 = $14,348. 9.Bad debt now: 10 % 10.Bad debt after automation: 5% 11.Annual savings from debt change: #1 * #2 * (#9 - #10) * (52 wks/yr) = $106,769.

12 Dr Rada www.hipaa-it.com12 General Practice InformationYour Information Automated Process Number of Visits Per Week260x Average Claim Value ($)$191x Number of Visits with Insurance per week215x Staff Cost per hour ($/hr)$14x Average number of eligibility checks in a week33x Average number of claim follow-ups in a week44x Average number of referrals in a week25x Obtain eligibility on a patient Minutes110.5 Prepare a claim Minutes60.5 Post a Payment Minutes110.5 Obtain status of a claim Minutes180.5 Referral check Minutes132 Eligibility Verification Yearly Cost$4,404.40$ 200.20 Claims Preparation Yearly Cost$15,652.00$1,304.33 Account Posting Yearly Cost$28,695.33$1,304.33 Claim Status Follow-up Yearly Cost$9,609.60$ 266.93 Referral Prepared Yearly Cost$3,943.33$ 606.67 Total Estimated Yearly Costs$62,304.66$3,075.79 POTENTIAL YEARLY SAVINGS$59,228.87 Overall level of bad debt in the cell below in the first column. A guess as to your bad debt after you were to do more eligibility inquiries, claim status inquiries, and referral checks in the second column. 0.100.05 Increase in Potential Profits – Yearly ($)$129,116.00

13 Dr Rada www.hipaa-it.com13 Letter to Clearinghouse Please explain: your timeline to address transaction changes and what you expect the practice to do and what code gaps to expect

14 Dr Rada www.hipaa-it.com14 Ecommerce Finished React to clearinghouse Prepare for longer-term computerization

15 Dr Rada www.hipaa-it.com15 Privacy Patient Rights Communication Administration

16 Dr Rada www.hipaa-it.com16 Patient Rights Checklist Do you have?YesNo Notice of Privacy Practices Authorization Access and Amend Policy Accounting and Restriction Policy

17 Dr Rada www.hipaa-it.com17 1-Page Notice of Privacy Practices THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED … AND HOW YOU CAN GET ACCESS … ………… ______________ Acknowledgement of receipt of Notice of Privacy Practices: Signature: _______________________

18 Dr Rada www.hipaa-it.com18 Authorization AUTHORIZATION for RELEASE of INFORMATION I hereby authorize the use or disclosure of my individually identifiable health information as described below.

19 Dr Rada www.hipaa-it.com19 Policy on Access Access Right We give you access to your health information... Exceptions to this access occur rarely... If we feel we need to deny access, we must provide an explanation. … You may request access verbally or in writing, and we have 30 days in which to provide the information. We will charge.. $0.20 per page.

20 Dr Rada www.hipaa-it.com20 Accounting of Disclosures The patient has a right to receive an accounting of certain disclosures of protected health information … Our accounting to the patient will: Include the dates of disclosure and to whom the information was sent, …

21 Dr Rada www.hipaa-it.com21 Restrictions The patient may request restrictions on our disclosure of the patient’s protected health information beyond those restrictions already imposed by the government. … if we accept the request, then we must ….

22 Dr Rada www.hipaa-it.com22 Communication Checklist Do you have policies for?YesNo Phone and face-to-face Email and fax Medical records

23 Dr Rada www.hipaa-it.com23 Email Policy Not required to have this per se. Ownership and User Privacy of E-Mail All e-mail originating within or received into is the property of. Confidentiality of Electronic Mail When e-mail is used for communication of individually identifiable health information, specific measures must be taken to safeguard confidentiality. These safeguards follow:

24 Dr Rada www.hipaa-it.com24 Fax Not required to have this per se. For each fax machine a specific staff person is responsible to  Remove documents promptly  Notify senders of problems  Follow the instructions on the cover page The office manager has oversight responsibility that all fax machines are appropriately monitored.

25 Dr Rada www.hipaa-it.com25 Patient Records deliver services front officeservicesback office registerhistory tests treatment code claim file people receptionist assistants chief information manager

26 Dr Rada www.hipaa-it.com26 Administration Checklist Do you have?YesNo Privacy Officer Business Associate Contracts Accountability Safeguards State pre-emptions Training

27 Dr Rada www.hipaa-it.com27 Business Associate Contract THIS CONTRACT is entered into on this _________ day of _________ between ______________ (“ENTITIY”) and ______________ (“ASSOCIATE”). WHEREAS, ENTITY will make available to ASSOCIATE certain Information that is confidential and must be afforded special treatment and protection.

28 Dr Rada www.hipaa-it.com28 Tracking Disclosures Exceptional Disclosures for J. Patient DateTo whom Sent What was Sent Purpose

29 Dr Rada www.hipaa-it.com29 Safeguards Physical safeguard – lock doors Technical mechanisms – encrypt Internet transmissions Technical procedures – do backups Administration – train and audit

30 Dr Rada www.hipaa-it.com30 Staff Training All staff are involved in protecting health information. Staff should be aware of the penalties that could be levied against them by the Federal government. Fines reaching $250,000 and imprisonment can be imposed on clinicians, receptionists, cleaning staff, or any others.

31 Dr Rada www.hipaa-it.com31 Tracking Training Privacy Training Person’s Name Date Completed Executive Essay Staff EssayEntire Manual

32 Dr Rada www.hipaa-it.com32 Set of Tables A few MS Word or paper tables could accommodate the range of expected behavior documentation.

33 Dr Rada www.hipaa-it.com33 Costs for Small Facility Easy: 24 Hours or $2000 Ecommerce: clearinghouse Privacy: Notice (1 pg), Authorization (1 pg), Rights Policy (2 pg), Communication Policy (4 pg), Business Associate Contract (2 pg), Tracking (5 tables), Training two essays (3 pages)

34 Dr Rada www.hipaa-it.com34 As Entities Get Larger More roles. More policy specifics. More existing infrastructure to match. An opportunity to further harmonize or a bigger headache.

35 Dr Rada www.hipaa-it.com35 Staffing Executive passes ecommerce to CFO or CIO and privacy to Legal Counsel or CCO. In hospital, departments represented include administration, information systems, finance, legal, compliance, inpatient, ambulatory, and medical records.

36 Dr Rada www.hipaa-it.com36 Microsoft Project

37 Dr Rada www.hipaa-it.com37 Ecommerce Alternatives larger: 1. rely on clearinghouse, 2. translate on the border, or 3. internally integrate. As go from 1 to 3 the short-term costs rise but long-term costs drop.

38 Dr Rada www.hipaa-it.com38 Short-term Costs Clearinghouse free Translators purchased for $ tens of thousands but tailoring to work costs $ hundreds of thousands, and Internal integration is $ millions.

39 Dr Rada www.hipaa-it.com39 Long-term Costs Workflow analyses reveal increasing FTE savings as further integrate Bad debt reduces as integrate

40 Dr Rada www.hipaa-it.com40 Privacy Notice of Privacy Practices longer Retrieving designated medical record set is more complicated Number and complexity of policies grows as size grows Administration involves more roles

41 Dr Rada www.hipaa-it.com41 For example, training Section ‘§ 164.530 Administrative requirements’ includes this sentence: (b)(1) Standard: training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart, as necessary and appropriate for the members of the workforce to carry out their function within the covered entity.

42 Dr Rada www.hipaa-it.com42 Roles to be Trained Roles Ri in clinics plus health plan R1 Medical Doctors. R2 Medical Assistants. R3 Clinic Regional Administrator. R4 Claims Examiners. R5 Provider Information Analyst. R6 Application Operations Analyst. R7 Member Services Representatives R8 Authorizations Specialist. R9 Billing Representative. R10 Enrollment Representative.

43 Dr Rada www.hipaa-it.com43 Content to Roles for Training Privacy Rule Component Pi (like Notice) to Role Ri Pi to Ri need-to-know of ++, +, 0 R1R2R3R4R5R6R7R8R9R10 P1++ +00 00..

44 Dr Rada www.hipaa-it.com44 Costs for Hospitals Based on HIPAAdvisory Survey: $1600 per bed for small hospital $800 per bed for large hospital Thus for 500 bed is $400,000

45 Dr Rada www.hipaa-it.com45 Conclusion What works differs from small to large entities. Entities should share and define the standard for their entity type.

46 Dr Rada www.hipaa-it.com46 How to Share? The government should help. Events like this HIPAA Summit help. Emphasize being reasonable and flexible.

47 Dr Rada www.hipaa-it.com47 Think ‘Hip’ not ‘Hippo’

48 Dr Rada www.hipaa-it.com48 I have a dream that small entities share a small manual and large entities, a large manual. in the eyes of government those entities will be compliant! I would like to work with you to realize this dream.

Download ppt "HIPAA in 24 Hours Roy Rada, M.D., Ph.D. Professor, UMBC, Director, HIPAA-IT LLC,"

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.

Similar presentations

Ads by Google