1 / 36

Building a HIPAA-Readiness Agenda

Building a HIPAA-Readiness Agenda. Bob DeMarco Managing Principal Healthcare Business Solutions Compaq Global Services April 3, 2002. Introductions. Objectives. Learn about the Health Insurance Portability and Accountability Act (HIPAA) Discuss HIPAA components

fayola
Download Presentation

Building a HIPAA-Readiness Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building a HIPAA-Readiness Agenda Bob DeMarco Managing Principal Healthcare Business Solutions Compaq Global Services April 3, 2002

  2. Introductions

  3. Objectives • Learn about the Health Insurance Portability and Accountability Act (HIPAA) • Discuss HIPAA components • Electronic standards, code sets and identifiers • Procedures and policies regarding patient privacy • Security requirements • Discover HIPAA's effect on your environment • Budgets and organizational issues • Discuss how Compaq can help

  4. Facts and fiction • Fiction • HIPAA laws will never be enforced • This is just like Y2K • The application vendors have already fixed this • A tool will repair any issues • An organization can be compliant • Facts • This is a business AND a technology issue • HIPAA is a complex business problem • But there are ways to justify the expense and reduce exposure • HIPAA is a 2-5 year process

  5. You may have some questions . . . • What is HIPAA anyway? • HIPAA is huge – what do I do first? • How do I fund HIPAA readiness activities? • Does this really affect me? • The dates seem to be changing. • What are they now? • What is due and when? • Will the dates change again? • How do I meet compliance dates? and • How do I spell it? ???

  6. U.S. HIPAA goals • U.S. 2000 – health care costs 13.9% of GDP • Reduce overall costs • Transactions over the Internet • Standardize • Ensure privacy of patient information Providers Standards Payers States Security Clearinghouses Privacy

  7. Why HIPAA? • Improve efficiency and effectiveness of health care system • Standardize the electronic exchange of administrative and financial data • Reduce US healthcare costs • 13.9% of GDP; highest in world • Protect security and privacy of transmitted information • Goals: • Cut $73BB out of healthcare costs in U.S. (transactions) • Ensure patient privacy (privacy and security)

  8. Whom does HIPAA affect? • Providers • Nursing homes • Skilled Nursing Facilities (SNF’s) • Doctors and hospitals • Payers • Clearinghouses • Governments • Universities • Schools • Biotech (Pharmaceuticals – Life Sciences) • Your local drug store • Red Cross • Any entity that deals with body parts/fluids • Any entity that touches patient information

  9. It's not just an IT issue • Governing Body • Administration • Finance • Health Information Management • Patient Accounts • Physician Services • Admission • IT • Others

  10. What are the milestones? • Compliance plans • 10/15/2002 • Security and privacy • 4/13/2003 • Transactions and code sets • 10/16/2003 Educational Requirements Transactions, Code Sets, Identifiers Policies and Procedures Security Compliance Planning Gap Analysis

  11. And the likelihood of these dates changing? • Extremely slim • Transaction dates changed in response to September 11th tragedy

  12. Penalties • Per transaction • $100 per violation • Not to exceed $25,000 for violations of the same requirement in a calendar year • Violations can add up quickly! • Security and privacy • "Knowing disclosure" • $50,000 to $25,000 in fines • 1-10 years in prison • Failure to establish security/privacy program may be construed as wrongful or knowing disclosure!

  13. What can you do now? • Put in place the right structures • HIPAA steering committee • HIPAA Privacy Officer, Privacy and Security Officer, etc. • HIPAA assessment, gap analysis and compliance plan • HIPAA educational teams, programs, etc. • A HIPAA management consultant/strategic partner • A HIPAA budget

  14. The Compliance Plan

  15. What is in the plan? • Analysis on the extent and reason for HIPAA non-compliance • Budget, schedule, work plan and implementation strategy for compliance • Timeframe for transaction testing to begin by April 4, 2003 • Documentation on plans to use vendors to assist with compliance

  16. Privacy and security

  17. Relationship between Privacy & Security • Security • The ability to control access and protect information from • Accidental or intentional disclosure to unauthorized persons • From alteration, destruction or loss • Privacy • Controlling who is authorized to access information • The right of individuals to keep information about themselves from being disclosed • Some redundancy – Privacy reiterates the requirement for security safeguards

  18. Purpose of HIPAA Privacy Regulations • Protect and enhance to rights of consumers • Provide them access to their health information • Control the inappropriate use of that information • Improve the quality of healthcare in the US • Restore trust in the healthcare system among consumers, healthcare professionals and the multitude of organizations and individuals committed to the delivery of care • Improve the efficiency and effectiveness of healthcare delivery • Create a national framework for health privacy protection • Build on efforts by states, health systems and individual organizations and individuals

  19. Application • Who • Health Plans • Health Care Providers • Health Care Clearinghouses • Anyone who electronically transmits health information in connection with a standard transaction named in HIPAA • What • Individually identifiable health information transmitted or maintained in any form or medium (electronic or non-electronic) that is held or transmitted by a covered entity

  20. Permitted Uses and Disclosures • To an Individual • With Proper Consent • Without Consent If: • Indirect Relationship • Inmate • Valid Authorization • With Oral Consent for: • Facility Directories • To Next of Kin

  21. Where it is NOT applied • Required by Law • Public Health Activities • Victims of Abuse • Health Oversight Activities • Judicial and Administrative Proceedings • Law Enforcement Purposes • About Decedents • Organ Donation Purposes • Research (with a list provisions) • To Avert Serious Threat of Health Safety • Specialized Government Functions • Worker’s Compensation

  22. Required disclosures • When an individual requests access to their records (with exceptions) • When an individual requests an accounting of disclosures (with exceptions) • When requested by the Secretary to investigate compliance • Entities are required to limit disclosure to "just what's necessary"

  23. Some key administrative requirements • Must designate Privacy Official • Must designate contact person/office for complaints • Must document and train policies and procedures, job titles, etc. • Document retention requirements • Many others

  24. Security standards • Comprehensive framework of security requirements • Scalable requirements to meet small to large business needs at reasonable cost • Technology-neutral implementation features

  25. Security overview • Administrative Procedures, for example: • Certification (Internal or External) • Chain of Trust Agreement • Contingency Plan • Formal Mechanism for Processing Records (Documented) • Information Access Control and Audits • Etc. • Physical Safeguards • Assigned Security Responsibility • Formal, Documented Policies and Education • Technical Security Services • Access, Audit, and Authorization Control • Data and Entity Authentication • Technical Security Mechanisms • Integrity Controls • Message Authentication • Access Controls or Encryption • Abnormality Alarm • Audit Trail • Entity Authentication • Event Reporting

  26. Transactions and code sets

  27. Covered Transactions • Claims – Professional, Institutional and Dental • 837 4010x098 • 837 4010x096 • 837 4010x097 • Coordination of Benefits – in above • Remittance Advice – Including EFT • 835 4010x091 • Enrollment • 834 4010x095 • Eligibility • 270/271 4010x092 • Claim Status • 276/277 4010x093 • Premium Payment • 820 4010x061 • Health Care Services Review • 278 4010x094

  28. Identifiers • Employers • Providers • Plans • Individuals – On Hold

  29. Standardized Code Sets • Major code sets • Impact of Standardized Code Sets

  30. Proposed impacts • Lower cost of software development and maintenance • Assure purchasers that software will work with all payers and plans • Lower cost of administrative transactions by eliminating time and expense of handling paper • Pave way for cost-effective, uniform, fair and confidential health information practices • Pave the way for standards which can do the same for electronic medical records systems • Pave the way for high quality health care

  31. How Compaq can help • Health and human services team • Team members 20+ years of practical health care and government experience • Clinical, management, financial, operational • Nationally recognized providers and governmental entities • Complex technology, business and financial health care management • HIPAA experience since 1998 • Partners • Nationally branded HIPAA experts • Health care expertise and technologies • Capabilities • Technology and program management • Customer, managed and consulting/SI services • Compaq Financial Services • CGS product • Hardware and platforms • CGS experience in health care

  32. What we bring • A suite of business and technology services, provided by: • Experts in health care, pharmaceuticals and life sciences • Providing a “just enough” solution • Architected for technical agility • Reducing overall costs • Unsurpassed architectural and program management skills • Providing • The single source for health care solutions • Consulting and systems integration services • Hardware and software • Enabling regulatory and governmental compliance Plus • The right mix of health care systems and technology partners • A vendor who can quickly create and assemble a team A vendor who innovates . . .

  33. HIPAA acceleration services

  34. Helping remove cost barriers – CFS • What do you get? • Flexible payment structures and fixed rates for the term of the lease • Variable end-of-lease options • Inclusion of "soft costs" in total cost of lease • Customer benefits • More technology and services • Conserve capital • Preserve established credit lines • Contacting CFS • See your sales representative

  35. Questions and answers . . . ???

More Related