Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2002 - The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1,

Published byAmbrose Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright 2002 - The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1,"— Presentation transcript:

1 Copyright 2002 - The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1, 2002

2 Copyright 2002 - The Kearney Group LLC All Rights Reserved 2 Healthcare Initiative To Perplex and Agitate Americans

3 Copyright 2002 - The Kearney Group LLC All Rights Reserved 3 Healthcare Insurance Portability and Accountability Act

4 Copyright 2002 - The Kearney Group LLC All Rights Reserved 4 The Players Sue Miller, Moderator Sue Miller, Moderator The Kearney Group The Kearney Group Co-chair WEDI SNIP SPWG Co-chair WEDI SNIP SPWG Chair Advisory Committee, NCQA, Business Associate Privacy Certification Program Chair Advisory Committee, NCQA, Business Associate Privacy Certification Program Sharon King Donohue, General Counsel, NCQA Sharon King Donohue, General Counsel, NCQA Anthony J. Tirone, JD, Director, Federal Relations, JCAHO Anthony J. Tirone, JD, Director, Federal Relations, JCAHO

5 Copyright 2002 - The Kearney Group LLC All Rights Reserved 5 What is HIPAA ? Health Information Portability and Accountability Act Health Information Portability and Accountability Act aka “Kennedy-Kassebaum Act” aka “Kennedy-Kassebaum Act” Adopted August 21, 1996 Adopted August 21, 1996

6 Copyright 2002 - The Kearney Group LLC All Rights Reserved 6 Why HIPAA ? Improve efficiency and effectiveness of healthcare through standardization of all shared electronic information Improve efficiency and effectiveness of healthcare through standardization of all shared electronic information Protect the privacy and security of patient information stored and exchanged electronically Protect the privacy and security of patient information stored and exchanged electronically Reduce the cost of exchanging information among healthcare partners Reduce the cost of exchanging information among healthcare partners

7 Copyright 2002 - The Kearney Group LLC All Rights Reserved 7 What does HIPAA apply to? Health Insurance Portability Health Insurance Portability Standards for Electronic Claims Submission Standards for Electronic Claims Submission Privacy and Security Protection Privacy and Security Protection

8 Copyright 2002 - The Kearney Group LLC All Rights Reserved 8 Who does HIPAA apply to? Applies to Covered Entities Applies to Covered Entities Health care providers who transmit any health information in electronic form Health care providers who transmit any health information in electronic form Health plans Health plans Health care clearinghouses Health care clearinghouses

9 Copyright 2002 - The Kearney Group LLC All Rights Reserved 9 HIPAAeze (speak the language) PHI – Protected Health Information PHI – Protected Health Information CE – Covered Entity CE – Covered Entity BA – Business Associate BA – Business Associate OHCA – Organized Health Care Arrangement OHCA – Organized Health Care Arrangement P&P – Policies & Procedures P&P – Policies & Procedures NPP – Notice of Privacy Practices NPP – Notice of Privacy Practices TPO – Treatment, Payment and Health Care Operations TPO – Treatment, Payment and Health Care Operations

10 Copyright 2002 - The Kearney Group LLC All Rights Reserved 10 When did HIPAA Happen? Transaction and code sets published August 17 th, 2000 Transaction and code sets published August 17 th, 2000 Effective Date Transaction and Code Sets October, 2002 Effective Date Transaction and Code Sets October, 2002 With Extension October 2003 With Extension October 2003 Privacy Rules published Privacy Rules published December 28, 2000 December 28, 2000 August 14, 2002 August 14, 2002 Effective Date Privacy Rules April 14, 2003 Effective Date Privacy Rules April 14, 2003

11 Copyright 2002 - The Kearney Group LLC All Rights Reserved 11 When did HIPAA Happen? Data Security proposed August 12, 1998 Data Security proposed August 12, 1998 Final expected late 2002 Final expected late 2002 National Employer Identifier proposed June 16, 1998 National Employer Identifier proposed June 16, 1998 Final rule May 31, 2002 Final rule May 31, 2002 Effective July 30, 2002 Effective July 30, 2002

12 Copyright 2002 - The Kearney Group LLC All Rights Reserved 12 Yet to Come Claims Attachments Claims Attachments Unique Identifiers Unique Identifiers Nat’l Provider Identifier (NPI) Health Plan Identifier Enforcement Enforcement

13 Copyright 2002 - The Kearney Group LLC All Rights Reserved 13 Privacy vs Security Privacy Rule - The right of an individual to withhold his or her individual healthcare information from public scrutiny Privacy Rule - The right of an individual to withhold his or her individual healthcare information from public scrutiny Security Rule - The protection of individual healthcare information held by a healthcare entity, or the infrastructure that makes privacy possible Security Rule - The protection of individual healthcare information held by a healthcare entity, or the infrastructure that makes privacy possible

14 Copyright 2002 - The Kearney Group LLC All Rights Reserved 14 HIPAA Covers Paper Paper Oral Oral Electronic Transmissions Electronic Transmissions

15 Copyright 2002 - The Kearney Group LLC All Rights Reserved 15 WARNING: Dangerous HIPAA! Please Keep Her Quiet By Keeping All Health Information Confidential

16 Copyright 2002 - The Kearney Group LLC All Rights Reserved 16 Responsibility for your new “CULTURE Of Caution” Each covered entity must designate a privacy official who is responsible for development and implementation of privacy policies and procedures. Each covered entity must assign security responsibility to one or more individuals. Each covered entity must designate a privacy official who is responsible for development and implementation of privacy policies and procedures. Each covered entity must assign security responsibility to one or more individuals.

17 Copyright 2002 - The Kearney Group LLC All Rights Reserved 17 Roadmap for your new “CULTURE Of Caution” Complete a “PHI” inventory. Complete a “PHI” inventory. Understand the purposes of all uses and disclosures of “PHI”. Understand the purposes of all uses and disclosures of “PHI”. Start “looking for leaks.” Start “looking for leaks.”

18 Copyright 2002 - The Kearney Group LLC All Rights Reserved 18 Roadmap for your new “CULTURE Of Caution” HIPAA Compliance is impossible without knowing which particular items of PHI your organization uses, and the various forms in which it appears. HIPAA Compliance is impossible without knowing which particular items of PHI your organization uses, and the various forms in which it appears.

19 Copyright 2002 - The Kearney Group LLC All Rights Reserved 19 “CULTURE of Caution” Protected Health Information (PHI) Protected Health Information (PHI) All individually identifiable information in ANY form or media All individually identifiable information in ANY form or media Names Names Geo-codes less than state Geo-codes less than state All dates All dates Phone, fax, e-mail, Phone, fax, e-mail, SSN SSN Medical Record, Medical Record, Beneficiary Beneficiary Account # Account # Certificate / License # Certificate / License # Vehicle IDs Vehicle IDs Device IDs Device IDs URLs, IP Addresses URLs, IP Addresses Biometrics Biometrics Full Face Photo Full Face Photo Any Other Unique ID or Character ID Code Any Other Unique ID or Character ID Code

20 Copyright 2002 - The Kearney Group LLC All Rights Reserved 20 ‘Warning Sign” for your new “CULTURE Of Caution” PHI is protected regardless of its form. Protected health information includes written documents, spoken words, data stored on computers, telephone conversations, charts and diagrams, information transmitted via data networks, etc. PHI is protected regardless of its form. Protected health information includes written documents, spoken words, data stored on computers, telephone conversations, charts and diagrams, information transmitted via data networks, etc.

21 Copyright 2002 - The Kearney Group LLC All Rights Reserved 21 Rules for your new “CULTURE Of Caution” 1. Establish Rules for Protecting Patient Privacy 2. These rules become your organizations “privacy policy.” 3. Create them ‘livable’, ‘reasonable’ and ‘enforceable’. 4. All people who could come into contact with PHI must be trained in the procedures to be followed.

22 Copyright 2002 - The Kearney Group LLC All Rights Reserved 22 The privacy “wall” stands firmly on the security “foundation.” PRIVACY SECURITY Privacy and Security

23 Copyright 2002 - The Kearney Group LLC All Rights Reserved 23 Barriers for your new “CULTURE Of Caution” Physical security includes: 1. Off-hours building access. 2. Access to areas where “PHI” is readily available. 3. Restricted access file cabinets. 4. Secure waste disposal.

24 Copyright 2002 - The Kearney Group LLC All Rights Reserved 24 Barriers for your new “CULTURE Of Caution” Technical security includes: 1. User authentication. 2. Access control. 3. Audit trails.

25 Copyright 2002 - The Kearney Group LLC All Rights Reserved 25 What is “Privacy Compliance?” Never having a privacy complaint. Never having a privacy complaint. - OR – Successfully handling all privacy complaints. Successfully handling all privacy complaints. - OR – Correctly answering all questions during a compliance review. Correctly answering all questions during a compliance review.

26 Copyright 2002 - The Kearney Group LLC All Rights Reserved 26 Top 10 Privacy Compliance Tasks 1. Assign responsibility for privacy and security. 2. Establish procedures for handling sensitive information. 3. Provide physical security. 4. Provide technical security. 5. Establish rules for protecting patient privacy.

27 Copyright 2002 - The Kearney Group LLC All Rights Reserved 27 Top 10 Privacy Compliance Tasks 6. Allow patients access to medical records. 7. Respond to complaints. 8. Publish a notice of privacy practices. 9. Ensure that business associates protect patient privacy. 10. Train the workforce.

28 Copyright 2002 - The Kearney Group LLC All Rights Reserved 28 HIPAA Privacy Penalties Civil Not more than $100 for each…violation No more than $25,000 for all violations of identical type during calendar year

29 Copyright 2002 - The Kearney Group LLC All Rights Reserved 29 HIPAA Privacy Penalties Criminal Improper use of unique health identifiers, or improperly obtaining or disclosing individual health information, on the basis noted, are Improper use of unique health identifiers, or improperly obtaining or disclosing individual health information, on the basis noted, are subject to maximum of both: Knowingly $ 50,000 1 year False pretenses $100,000 5 years For profit, gain or harm $250,000 10 years

30 Copyright 2002 - The Kearney Group LLC All Rights Reserved 30 Security 1320d-2 Safeguards 1320d-2 Safeguards Each person described in section 1320d-1(a) of this title who maintains or Each person described in section 1320d-1(a) of this title who maintains or transmits health information shall maintain reasonable and appropriate transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards – administrative, technical, and physical safeguards – (A) to ensure the integrity and confidentiality of the information; (A) to ensure the integrity and confidentiality of the information;

31 Copyright 2002 - The Kearney Group LLC All Rights Reserved 31 Security 1320d-2 Safeguards (cont) 1320d-2 Safeguards (cont) (B) to protect against any reasonably anticipated – (B) to protect against any reasonably anticipated – (i) threats or hazards to the security or integrity of the (i) threats or hazards to the security or integrity of the information; and information; and (ii) unauthorized uses or disclosures of the information; and (ii) unauthorized uses or disclosures of the information; and (C) otherwise to ensure compliance with this part of the officers and employees of such person. (C) otherwise to ensure compliance with this part of the officers and employees of such person.

32 Copyright 2002 - The Kearney Group LLC All Rights Reserved 32 Implications 40% Technical 40% Technical 60% Culture 60% Culture How we do business will change How we do business will change

33 Copyright 2002 - The Kearney Group LLC All Rights Reserved 33 To Ponder 90% of HIPAA is 50% Mental

34 Copyright 2002 - The Kearney Group LLC All Rights Reserved 34 HIPAA Acceptance Cycle Recoil Recoil Retaliation Retaliation Counteraction Counteraction Amusement Amusement Cooperation Cooperation Appreciation Appreciation

35 Copyright 2002 - The Kearney Group LLC All Rights Reserved 35 Covered Entities Need … To effectively implement HIPAA by the compliance date, covered entities need to engage ASAP the following: Awareness Education Management as well as employees must buy in Transaction Compliance Privacy & Security Compliance Seek Assistance

36 Copyright 2002 - The Kearney Group LLC All Rights Reserved 36 When do I start? N O W

37 Copyright 2002 - The Kearney Group LLC All Rights Reserved 37 Where do I start? Workgroup for Electronic Data Interchange Workgroup for Electronic Data Interchange http://www.wedi.org http://www.wedi.org Strategic National Implementation Process Strategic National Implementation Process http://www.snip.wedi.org http://www.snip.wedi.org

38 Copyright 2002 - The Kearney Group LLC All Rights Reserved 38 The HIPAA Sleeps Tonight Timothy Loewenstein October 7th, 2002

Download ppt "Copyright 2002 - The Kearney Group LLC All Rights Reserved 1 5th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, November 1,"

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Dr. Yaseen Hayajneh Health Insurance Portability and Accountability Act Yaseen HayajnehYaseen Hayajneh RN, MPH, PhD.

Dr. Yaseen Hayajneh Health Insurance Portability and Accountability Act Yaseen HayajnehYaseen Hayajneh RN, MPH, PhD.
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.

HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

Similar presentations

Ads by Google