Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.

Published byPeter Tyrone Wells Modified over 8 years ago

Similar presentations

Presentation on theme: "Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future."— Presentation transcript:

1

2 Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future

3 Marti Arvin University of Louisville Privacy Officer Phone: 502-852-3803 Fax: 502-852-3855 Email: marti.arvin@louisville.edu

4 3 Past, Present, and Future BACKGROUND Two different institutional approaches Two different implementation models LESSONS LEARNED FUTURE STRATEGIES

5 4 BACKGROUND DIFFERENT COVERED ENTITY SETTINGS University of Pittsburgh Medical Center University of Louisville DIFFERENT IMPLEMENTATION MODELS UPMC Model U of L Model

6 5 University of Pittsburgh Medical Center Single covered entity for Medical Center 20 + hospitals 2 large physician practices Several smaller physician practices Home health Long term care Affiliation with, but separate from the University

7 6 University of Louisville Hybrid Covered Entity School of Medicine Faculty Practices University Contracted Clinics School of Dentistry School of Nursing

8 7 University of Louisville Department of Psychology Other Miscellaneous Clinical Settings Group Health Plan Four Hospitals as primary affiliates

9 8 Implementation Models UPMC model Started January 2002 Created and filled position of Director of HIPAA program office Created HIPAA workgroups based on segments of the regulation

10 9 UPMC Implementation Model Drafted singled notice to be used by all business units in the Medical Center Drafted system level general policies Allowed business units to draft policies and procedures specific to the business unit

11 10 UPMC Implementation Model Examples of business unit specific policies Distribution of Notice and recording acknowledgement Hospital Physician Offices Accounting for Disclosures Hospital (paper based) Physician Offices (web enabled tracking tool)

12 11 UofL Implementation Model Started Jan-Feb 2003 Separate organized efforts in various schools and programs Meeting at least minimal requirements by April 14, 2003 Created the position & hired me as university privacy officer June 2003

13 12 UofL Implementation Model Different groups based on area of focus Research Physician Practices Affiliated Hospitals Dental School

14 13 LESSONS LEARNED People tend to think in their own frame of reference While late is still better than never – late is problematic Central function is often better than decentralized Any legal document needs legal review

15 14 LESSONS LEARNED Customer service is critical A little knowledge is dangerous Use your PR staff Unlike Y2K, we are not done with HIPAA No one is perfect

16 15 People think in their own frame of reference Examples: The notice Notices drafted with references to specific type of business unit Solutions any reference to hospital was changed to “hospital or facility” Any reference to medical records department was changed to “doctor or place where you received care”

17 16 While late is still better than never – late is problematic A late start in preparing for HIPAA is better than no start at all Problems with late starts Everything is done in a panic No chance to scrutinize Advantage of late start Learn from others

18 17 Central function is often better than decentralized Centralized function allows for Better controls Consistent answers to questions Obtain economy of scale Decreases burden on individual business units Must be a coordinated effort

19 18 Any legal document needs legal review A little thing can make a big difference Legal review after wordsmithing A single word can change the meaning Notice language Acknowledgment states patient has read notice States patient has the right to amend their PHI Business Associate Agreement Indemnification clause that is not legally binding on state entity Authorization Does not include the required elements Does not include state law issues

20 19 Customer service is critical Good customer service can eliminate many issues Patients want to opt out of fundraising Patients do not want their information used or disclosed a certain way Patients think their rights have been violated

21 20 A little knowledge is dangerous Employees can go overboard on HIPAA To get PHI, promise your first born child Individuals mix up various sections of HIPAA Educate, Educate, Educate

22 21 Use your PR staff Notice plain language requirement User friendly documents Nothing in HIPAA prevents a little PR in your documents

23 22 Unlike Y2K, we are not done with HIPAA April 14, 2003 has come and gone, so we’re done TCS remains Security remains HIPAA’s ongoing compliance issues remain

24 23 No one is perfect Accept the fact that there will be mistakes Don’t beat yourself up Don’t beat others up

25 24 FUTURE STRATEGIES Coordinate with components of HCE for TCS Be better prepared for Security Continue development of a HIPAA compliance program

26 25 QUESTIONS

Download ppt "Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future."

Similar presentations

JCAHO –A HIPAA Business Associate National HIPAA Summit

JCAHO –A HIPAA Business Associate National HIPAA Summit
H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.

HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

Similar presentations

Ads by Google