180 likes | 389 Views
HIPAA 101. A presentation by Harvey Nation Jan 23, 2003. HIPAA 101. What would a HIPAA presentation be without the obligatory hippo? Note how much of this hippo you can’t see!. What is HIPAA?. Health Insurance Portability and Accountability Act of 1996 One P, two A’s.
E N D
HIPAA 101 A presentation by Harvey Nation Jan 23, 2003
HIPAA 101 • What would a HIPAA presentation be without the obligatory hippo? • Note how much of this hippo you can’t see!
What is HIPAA? • Health Insurance Portability and Accountability Act of 1996 • One P, two A’s
Getting Started with HIPAA • The Administrative Simplification provisions of HIPAA were enacted by Congress to regulate and standardize information exchanges and establish standards for the privacy and security of individually identifiable health information.
Who's Covered • The first thing you must ask yourself with regard to HIPAA is: • Are you a covered entity? • Health Plans HMOs, health insurers, group health plans including employee welfare benefit plans • Health Care Clearinghouses - An entity that processes health information going from a health care provider to a payer. • Any healthcare provider who transmits any health information in electronic form in connection with a standard HIPAA transactions and described below.
HIPAA Provisions • The four key areas of Administrative Simplification are: • Transaction Standards and Code Sets • National Identifiers • Security • Privacy
Practical View of HIPAA • HIPAA is larger and more complex than Y2k • Y2K was strictly a technology issue with a defined ending and a limited and identifiable scope • The issues that HIPAA addresses not only involve technology, but requirements imposed on administration operations which effect everything from document storage, to medical procedures coding, to customer service • Compliance with HIPAA will be a constantly evolving process with no defined end
Assess All HIPAA Provisions • While they are being released in a staggered fashion, the HIPAA regulations are interdependent within the systems and operations of covered entities • None of the provisions of Administration Simplification should be assessed nor remediated in a vacuum • Later releases of the final rules will further effect changes already in progress as well as implemented solutions to meet earlier specifications
Many Factors will Influence HIPAA Effort • Complexity of the organization and number of business units or decentralized operations • Value of documented policies, procedures and programs • Culture toward confidentiality in business operations • The nature of your systems environment • Custom-developed versus vendor package software • Data architecture and current EDI capabilities • The degree of connectivity and e-business activity • The complexity of the existing security architecture and security administration
HIPAA Technology Provisions • Three Categories of Technology Requirements: • Transaction Standards • Addresses the key business transactions among health care providers, health plan payers and health plan sponsors (EDI – Electronic Data Interchange) • Code Sets • Define the data element values used in the standard transactions (ICD-9, CPT-4, HCPCS, etc.) • National Identifiers • Uniform data values used to uniquely identify the key participants in the standard transactions • Provider, Health Plan, Employer
HIPAA Security vs. Privacy • Security - an organization’s responsibility to control the means by which such information remains confidential • Administrative Procedures • Physical Safeguards • Technical Security Services • Technical Security Mechanisms
HIPAA Security vs. Privacy(continued) • Privacy - an individual’s rights to control access and disclosure of their protected or individually identifiable healthcare information (IIHI) • Establish authorization requirements • Establish administration requirements • Establish individual rights • Establish regulations for use or disclosure of Protected Health Information ("PHI")
Relationship between Privacy and Security • There is a direct relationship between security and privacy : • Security is the ‘how’.. privacy is the ‘what’ and often the ‘why’ • Security is the structure established to protect IIHI • One of the implementation barriers to privacy is the security infrastructure of the Covered Entity • Security awareness and education addresses ‘what’ is being protected
Good HIPAA Web Sites • www.hipaa.dhr.state.ga.us • aspe.hhs.gov/admnsimp/Index.htm • www.hcfa.gov/hipaa/hipaahm.htm • www.hhs.gov/ocr/hipaa/ • www.healthprivacy.org • www.hipaagives.org • www.sharpworkgroup.com/ • www.mhccm.org
HIPAA 101 • Questions & Answers
Parting Thoughts... • HIPAA is forever • One P, two A’s • Hopefully this won’t be our HIPAA
FOLLOW THESE DIRECTIONS TO RECEIVE CREDIT • ENSURE YOU VIEW THE HIPAA PRIVACY • OVERVIEW PRESENTATION • ENSURE YOU COMPLETE THE COMPETENCY • EXAM AND SEND TO HRD • ENSURE YOU COMPLETE A INSERVICE TRAINING • ROSTER AND SEND TO HRD