1 / 24

HIPAA Transmission, Privacy and Nondiscrimination Rules 2007

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate. HIPAA Transmission, Privacy and Nondiscrimination Rules 2007. P RO P HARMA. P HARMACEUTICAL C ONSULTANTS , I NC. March 14, 2007. HIPAA Health Insurance Portability & Accountability Act of 1996.

binta
Download Presentation

HIPAA Transmission, Privacy and Nondiscrimination Rules 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate HIPAA Transmission, Privacy and Nondiscrimination Rules 2007 PRO PHARMA PHARMACEUTICAL CONSULTANTS, INC. March 14, 2007

  2. HIPAAHealth Insurance Portability & Accountability Act of 1996

  3. HIPAA Compliance • Issues • Portability • Nondiscrimination • Privacy • Electronic Transactions • Security

  4. Privacy – “Protected Health Information” • Individually identifiable Health Information • Created by “Covered Entity” or Employer • Health and Demographic Information • Relates to past, present, future physical or mental health or condition of Individual or Payment • Regardless of format, if Entity ever engages in covered transactions

  5. Who is Covered? • Covered entities • Health Plans • Health Care Providers • Health Care Clearinghouses • HHS has no authority to regulate many key stakeholders who receive PHI from a Covered Entity • Business Associates must comply

  6. Covered Entities Must • Provide information on Privacy Rights • Adopt Privacy Procedures • Appoint a Privacy Official • Establish Grievance Procedures • Amend plan to include specific provisions • Provide Privacy Training to Employees • Have safeguards to prevent disclosure

  7. Rule’s Limited Scope “…once PHI leaves a Covered Entity, the Department no longer has jurisdiction under the statue to apply protections to the information.”

  8. Claims Processing / Administration Data Analysis Processing or Administration Utilization Review Quality Assurance Billing Benefit Management Practice Management and Re-pricing Legal Actuarial Accounting Consulting Data aggregation Management services Administrative services Accreditation services Financial services Business Associates

  9. Business Associate Contract • Will not disclose PHI • Appropriate safeguards • Disclosure of non-contract PHI • Assure that agents / subcontractors agree to same restrictions • Accounting of all disclosures • Contract termination if Breach of Confidentiality

  10. Oversight of Business Associates • Training program • Reporting mechanism for violations • Corrective actions / Mitigate Damages • Contract termination • Policies & Procedures • Auditing annually • Government Fines: -up to $100/violation/person -up to $25K / year

  11. Consents and Authorizations • Not required for treatment, payment, health care operations (TPO) • Otherwise consent or authorization must be obtained for purposes other than TPO: • Marketing • To release medical records to life insurer

  12. Authorization Requirements • Must be very specific and written in plain language: • Describe PHI – “all Health Information” • Name or ID of person authorized to release • Name or ID of person/class to whom PHI goes • Expiration date or event • Individual’s right to revoke • PHI may be reused and is no longer protected

  13. “Minimum Necessary” • Covered entities must have policies/procedures to limit disclosures to minimum necessary • Doesn’t apply to: • PHI given to the individual or their personal representative • PHI authorized by the individual • Information for treatment purposes

  14. Security Standards

  15. Administrative Safeguards • Covered entities must adopt a written set of policies/procedures • Designate a privacy officer • ID employees who will have access to PHI • Ongoing training program • Contingency plan for emergencies or security breaches

  16. Physical Safeguards • Controlled access to media • Limit to authorized people • Keep away from plain sight or high traffic areas • Dispose of PHI properly

  17. Technical Safeguards • Controlled access • Encryption • Authentication • Employer ID number • National Provider ID • Unique Identifier (for individuals)

  18. Electronic Transactions • National standards to simplify and improve efficiencies • Transaction Inclusions: • Claims Submissions • Enrollment / Disenrollment • Coordination of Benefits • Patient Eligibility Request / Response • Claim Status Request / Response

  19. Electronic Transactions - Standards • ANSI ASC X12N, version 4010 • Providers • Disease Management • DME • NCPDP 5.1 • Product claims transactions • DUR

  20. Electronic Transactions – Coding Standards • ICD-9: Diagnoses & Inpatient Services • CPT-4: Professional Services • CDT-3: Dental Services • NDC: Drugs • HCPCS / J CODES: Injectables (Not Self-Administered) and Procedures • Providers: NPI

  21. Privacy Rule – A Summary • Notify patients about their privacy rights • Adopt and implement privacy procedures for a practice, hospital, or plan • Train employees   • Designate a Privacy Officer • Implement security standards for PHI

  22. HIPAAHealth Insurance Portability & Accountability Act of 1996

  23. HIPAA INFORMATION • http://www.hhs.gov/ocr/hipaa/ • http://www.hipaa.org/ • Guide to Medical Privacy & HIPAA, Thompson Publishing Group • HIPAA Portability & Privacy, EBIA • The Institute for Community Pharmacy: 818-549-2285

  24. PRO PHARMA PHARMACEUTICAL CONSULTANTS, INC. Any Questions?

More Related