Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy in 24 Hours: or 140,000 Hours Roy Rada, M.D., Ph.D. Prof. at UMBC, Publisher of

Published byHelen Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy in 24 Hours: or 140,000 Hours Roy Rada, M.D., Ph.D. Prof. at UMBC, Publisher of"— Presentation transcript:

1 Privacy in 24 Hours: or 140,000 Hours Roy Rada, M.D., Ph.D. Prof. at UMBC, rada@umbc.edu Publisher of www.hipaa-it.com

2 Dr Rada www.hipaa-it.com2 Start Small For 2-doctor office with 4 assistants, privacy manual is 25 pages, is self-contained, and takes 24 person hours to implement. Then scale to large.

3 Dr Rada www.hipaa-it.com3 24 Hour Compliance Phase 1: Executive reads awareness essay & passes manual to office manager – 1 hr. Phase 2: Office manager studies current policies, and information flows – 5 hrs. Phase 3: Policies tailored and business associates contacted – 3 hours

4 Dr Rada www.hipaa-it.com4 24 Hours (con’t) Phase 4a: Everyone trained – 5 hours Phase 4b: Procedures implemented – 3 hours Phase 4c: Business associate contracts signed – 4 hrs. Phase 4d: Administration by office manager – 3 hrs. Total 24 Hours

5 Dr Rada www.hipaa-it.com5 Privacy Manual for small entity Patient Rights, Communication, Administration Patient Rights Checklist: Do you have? YesNo Notice of Privacy Practices Authorization Access and Amend Policy Accounting and Restriction Policy

6 Dr Rada www.hipaa-it.com6 Notice THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED … AND HOW YOU CAN GET ACCESS … ………… [Further details is 3 pages] ### Acknowledgement of receipt of Notice of Privacy Practices: Signature: _______________________

7 Dr Rada www.hipaa-it.com7 Communication Checklist Do you have policies for?YesNo Phone and face-to-face Email and fax Medical records

8 Dr Rada www.hipaa-it.com8 Medical Record RoleInformation ChiefEverything Medical AssistantsHealth ReceptionistScheduling Information Manager Billing

9 Dr Rada www.hipaa-it.com9 Administration Checklist Do you have?YesNo Privacy Officer Business Associate Contracts Accountability Safeguards State pre-emptions Training

10 Dr Rada www.hipaa-it.com10 Executive Awareness Awareness essay is 1,000 words. Gentle Reasonable Solution-filled Begins: The executive in a small facility is challenged by budget reforms and legal minefields. The latest challenge comes in the form of HIPAA’s Administrative Simplification provisions.

11 Dr Rada www.hipaa-it.com11 Tables 5 electronic or paper tables could accommodate the range of expected behavior documentation. Exceptional Disclosures for John Doe DateTo whom Sent What was Sent Purpose

12 Dr Rada www.hipaa-it.com12 Requests Requests for access, amendment, or accounting of disclosures. ONE TABLE FOR CENTRAL OFFICE (not in each patient record) Patient Name Date of Request Date Satisfied Details of Request

13 Dr Rada www.hipaa-it.com13 As Entities Get Larger More roles. More policy specifics. More existing infrastructure to match. An opportunity to further harmonize or a bigger headache.

14 Dr Rada www.hipaa-it.com14 medical director, pharmacy consultant.. owner administrator marketing, admissions, billing, secretary activities and social work director of nursing certified nurse assistants (3 shifts with 3 FTEs per shift) dietary director cook, aide, dish- washer laundry, housekeeping maintenance financial activities health dietary RECORDRECORD Implementation time: Chief: 1 hour, Facility administrator: 13 hours, 34 other staff: 1 hour each. Total time commitment of 48 hours. Example: 48 Hours for Nursing Home

15 Dr Rada www.hipaa-it.com15 Model labelsymbolformula parts per entityn subparts per partm employees per subpartk total employeesempn*m*k Privacy Officer Hours in a month POmonth.04*emp+2 CEO awarenessCEO.0004*emp+1

16 Dr Rada www.hipaa-it.com16 Model (con’t) Phase 1CEO + ((n+m) *5) Phase 25*(n*m)+POmonth Phase 35*(n*m)+POmonth Phase 4 training1*emp+0.1*emp Phase 4 proceduresn*5 + m*3 Phase 4 BA(n+m)*8 Phase 4 adminPOmonth

17 Dr Rada www.hipaa-it.com17 Economies of scale ‘organizational complexity’ = n*m. organizational complexity at 30 employees from 450 to 900 to 1800 → hour cost from 1,042 to 1,590 to 2,690. employees at 900 organizational complexity from 2 to 30 to 450 → hour cost from 1,175 to 1,591 to 6,355. If 100,000 employees, then 145,000 hours.

18 Dr Rada www.hipaa-it.com18 Total Compliance Hours Halved by Reducing Training

19 Dr Rada www.hipaa-it.com19 Maintenance Costs 1-year Maintenance is a small fraction of Implementation Cost. Annual Maintenance Cost is approximately 0.1 of number of employees.

20 Dr Rada www.hipaa-it.com20 Risk Analysis Threats Remedies I2I3I4tI4pMrMcMpMt Recipe1020602090104020 Leak30103010 503020 Audit6030108030502050 benefit2.41.52.92.53.62.82.52.2 cost224 1980742339786 I=Implement and M=maintain. I2=collect information, I3=tailor policies, I4t=train, I4p=privacy office, M4=rights, Mc=communicate, Mp=privacy officer. Threats are Recipe, Leak, and Audit. Note: implementation training has worst cost/benefit ratio.

21 Dr Rada www.hipaa-it.com21 Conclusion Privacy compliance should be simple For small entity can be 24 hours Generally, training is the lion’s share of implementation Maintenance is low cost but best value.

Download ppt "Privacy in 24 Hours: or 140,000 Hours Roy Rada, M.D., Ph.D. Prof. at UMBC, Publisher of"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA Workforce Training

HIPAA Workforce Training
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.

August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.

Similar presentations

Ads by Google