E N D
2. FRAMING HIPAA Under the Title of . . . Bob DeGrand will do this slideBob DeGrand will do this slide
3. The HIPAA Mountain Patty will discuss
At IHS we put together a Task Team with members from each affiliate which includes our physician clinics and started to tackle HIPAA on our own.
We broke the Task Team into 3 teams, one for EDI/Privacy and Security. Each team started to review the regulations.
We kept thinking we could do on our own. We worked on putting together a database of HIPAA questions we needed to ask departments.
Each team member was putting in a lot of time.
Dave and Deb please add to yours here on how you have scaled the HIPAA mountainPatty will discuss
At IHS we put together a Task Team with members from each affiliate which includes our physician clinics and started to tackle HIPAA on our own.
We broke the Task Team into 3 teams, one for EDI/Privacy and Security. Each team started to review the regulations.
We kept thinking we could do on our own. We worked on putting together a database of HIPAA questions we needed to ask departments.
Each team member was putting in a lot of time.
Dave and Deb please add to yours here on how you have scaled the HIPAA mountain
4. By Breaking The HIPAA Mountain Into Wisconsin-Sized Hills Patty will do this slide
Finally our IHS team decided we needed some help, we just felt we could do it on our own, but maybe we could find a consultant that had it figured out that could provide us with help as we were expending lots of employee resources.
SO our team interviewed 3 different consultants and decided that American Express met our needs. American Express would work with our current teams they would allow us to incorporate some of our tools into the process(so our time was not wasted) and American Express would provide us with a project plan and their tools.
We would have one consultant Bob DeGrand Bob had done this project at other large and small hospitals.
He kept telling us that HIPAA should not be allowed to interfere with patient care: where compromises need to be made they should not be made at the expense of patient care.
CIHS was chosen to be the pilot for the project because of the diversity of services available at our facility. The team thought that this way all bases would be HIPAA covered and then we would roll it out to the affiliates and our managed rural hospitals.
Dave and Deb feel free to add herePatty will do this slide
Finally our IHS team decided we needed some help, we just felt we could do it on our own, but maybe we could find a consultant that had it figured out that could provide us with help as we were expending lots of employee resources.
SO our team interviewed 3 different consultants and decided that American Express met our needs. American Express would work with our current teams they would allow us to incorporate some of our tools into the process(so our time was not wasted) and American Express would provide us with a project plan and their tools.
We would have one consultant Bob DeGrand Bob had done this project at other large and small hospitals.
He kept telling us that HIPAA should not be allowed to interfere with patient care: where compromises need to be made they should not be made at the expense of patient care.
CIHS was chosen to be the pilot for the project because of the diversity of services available at our facility. The team thought that this way all bases would be HIPAA covered and then we would roll it out to the affiliates and our managed rural hospitals.
Dave and Deb feel free to add here
5. FRAMING HIPAA The GOOD
The BAD
The UGLY Transactions Stds
Security
Privacy Bob DeGrand will do this slide
Patty will say that IHS Task Team had 2 days of training with Bob. We went over all the regulations to become familiar with them. Bob presented us with our tool kit, which included the regulations in an easy to read format, a basic workplan that we would take and develop further. We discussed how we would utilize the tools and how they could also work for our rural hospitals.
It all made sense and the team left after 2 days of training feeling overwhelmed but happy that we now had a good plan and it was scaleable.
Dave and Deb feel free to addBob DeGrand will do this slide
Patty will say that IHS Task Team had 2 days of training with Bob. We went over all the regulations to become familiar with them. Bob presented us with our tool kit, which included the regulations in an easy to read format, a basic workplan that we would take and develop further. We discussed how we would utilize the tools and how they could also work for our rural hospitals.
It all made sense and the team left after 2 days of training feeling overwhelmed but happy that we now had a good plan and it was scaleable.
Dave and Deb feel free to add
6. Framing HIPAA HIPAA Compliance is Scalable (One Law but many ways to Comply)
Physician Offices, Hospitals, and Insurance Companies Covered by the Same Regulations Patty will do:
So we had our team and a work plan. The work plan was scaleable to large or small facilities and physician offices.
Our work plan was broken into strategies based on the regulations.Patty will do:
So we had our team and a work plan. The work plan was scaleable to large or small facilities and physician offices.
Our work plan was broken into strategies based on the regulations.
7. Framing HIPAA HIPAA is One-Sided in that it Does Not Balance Patient Confidentiality with the Quality of Care (DHHS Guidelines Do)
Lets Be Reasonable
Patty will do:
We knew we had to be careful and not compromise patient care or our customer service initiative, but we knew we had to comply. Adminstratively we decided we would not compromise patient care for HIPAA.
Bob keeps reminding us and our nursing staff love to hear this: HIPAA should not be allowed to interfere with patient care; where compromises must be made they should not be at the expense of patient care.Patty will do:
We knew we had to be careful and not compromise patient care or our customer service initiative, but we knew we had to comply. Adminstratively we decided we would not compromise patient care for HIPAA.
Bob keeps reminding us and our nursing staff love to hear this: HIPAA should not be allowed to interfere with patient care; where compromises must be made they should not be at the expense of patient care.
8. FRAMING HIPAA Patty
We need to know and to document what PHI is used/disclosed, by whom, to whom, why and how. That alone is an overwhelming task.Patty
We need to know and to document what PHI is used/disclosed, by whom, to whom, why and how. That alone is an overwhelming task.
9. Dates for Required Compliance
Transaction Standards - 10/16/03*
Privacy - 4/14/03
Security - Mid-2004
Patty will explain, so our work plan is geared for us to reach compliance by these dates.Patty will explain, so our work plan is geared for us to reach compliance by these dates.
12. Major HIPAA Sub-Projects Software Compliance for Transactions and Code Sets
Health Plan Readiness Business Associate Agreements
Privacy Policies and Procedures
Patient Rights and Forms
Training
Bob left side
Patty right side
Our IHS strategy team developed detailed workplans for Privacy to meet compliance by dates.
Then each affiliate team meets and is responsible to do the workplan.
Our CIHS team got organized, defined our roles and responsibilities and reviewed the workplan and tools.
Team leaders were assigned to strategies.
An awareness program was initiated at each affiliate. Education was performed at the Manager level and above. Bob left side
Patty right side
Our IHS strategy team developed detailed workplans for Privacy to meet compliance by dates.
Then each affiliate team meets and is responsible to do the workplan.
Our CIHS team got organized, defined our roles and responsibilities and reviewed the workplan and tools.
Team leaders were assigned to strategies.
An awareness program was initiated at each affiliate. Education was performed at the Manager level and above.
13. Compliance Action Plan
Software Development Project
- Identify affected software
- Communicate w/ software vendors
- Understand development plans and
delivery projections
- Develop test plans and determine
criteria for acceptance
- Develop contingency plans BobBob
14. Compliance Action Plan
Payer Readiness Project
- Identify and prioritize by major payers
- Understand payers compliance plans and time lines
- Develop test plans and determine
criteria for acceptance (by Transaction Type)
- Assess potential process changes
- Develop contingency plans BobBob
15. H. I. P. A. A. BobBob
16. Compliance Action Plan
Business Associate Agreements
- Identify BAs that require Agreements
- Review current contracts
- Identify contractual gaps
- Develop BA contract addendum and
stand-alone BA Agreement
- Deploy BA Agreement execution strategy Patty
We went to our managers with a definition and asked to prioritize based on criteria of A B C. As are major/B-intermediate/C- Minor and asked them fill in a tool called a BA sheet. They forwarded to compliance electronically and then we now have a access database with all of our BAs. We want a meaningful list by January1. We will use this database to access our contractual gaps.
We have developed a contract addendum for any new contracts that may go beyond 2003, but will have our law office develop the stand alone agreement
We then will send a LOE to all BAs.
Patty
We went to our managers with a definition and asked to prioritize based on criteria of A B C. As are major/B-intermediate/C- Minor and asked them fill in a tool called a BA sheet. They forwarded to compliance electronically and then we now have a access database with all of our BAs. We want a meaningful list by January1. We will use this database to access our contractual gaps.
We have developed a contract addendum for any new contracts that may go beyond 2003, but will have our law office develop the stand alone agreement
We then will send a LOE to all BAs.
17. Compliance Action Plan
Patient Rights / Forms Project
- Determine required changes to current forms and practices
- Manage current forms inventory and time line
- Revise current forms / develop new forms (Notice of Privacy Practices)
- Develop and implement comprehensive patient rights strategy Patty
We have 2 teams that are representatives from each affiliates including our physician offices.
Patient Rights Team
Consent/Admission/Registration Forms Team
They will develop Patient Rights brochures/ Privacy statement/HIPAA consents and associated policies and procedures. They will do inpatient and outpatient HIPAA consent forms.
They will develop distribution plan/order new brochures/consents
Develop the education and training piece and the competency testing.
Patty
We have 2 teams that are representatives from each affiliates including our physician offices.
Patient Rights Team
Consent/Admission/Registration Forms Team
They will develop Patient Rights brochures/ Privacy statement/HIPAA consents and associated policies and procedures. They will do inpatient and outpatient HIPAA consent forms.
They will develop distribution plan/order new brochures/consents
Develop the education and training piece and the competency testing.
18. Compliance Action Plan
Privacy Policy and Procedures
- Identify HIPAA P&P Requirements
- Review current P&Ps
- Identify P&P gaps
- Estimate magnitude of work effort and prioritize / schedule resources
- Spread work effort over time available Patty
Developing IHS System wide policies
Each Affiliates gathered and sent any HIPAA related policies to a main designee.
Gaps were identified by reviewing the regulations
5 policy teams were formed
Medical records
IT
Patient Rights
HR
General
Each Affiliate donated 2 people to these teams.These teams will review all current polices and take best and make them HIPAA compliant., These will be shared with our rural affiliates.
Goal is to spread the 20 polices over these 5 teams and have them completed by end of 2002 with education completed by 4/2003
These will then go through the compliance committee and their dissemination/education processPatty
Developing IHS System wide policies
Each Affiliates gathered and sent any HIPAA related policies to a main designee.
Gaps were identified by reviewing the regulations
5 policy teams were formed
Medical records
IT
Patient Rights
HR
General
Each Affiliate donated 2 people to these teams.These teams will review all current polices and take best and make them HIPAA compliant., These will be shared with our rural affiliates.
Goal is to spread the 20 polices over these 5 teams and have them completed by end of 2002 with education completed by 4/2003
These will then go through the compliance committee and their dissemination/education process
19. Positioning Concepts
Developing a HIPAA Plan
Managing the HIPAA Time Line
Properly Allocating Resources
Controlling Expenses (Spend No Money Before Its Time)
Staying Ahead of the Curve
BobBob
20. Risk Probability Assessment BobBob
21. H. I. P. A. A. Public Domain Information
Web Sites:
http://aspe.hhs.gov/admnsimp/ (general info)
http://ahima.org (general info - sample practices)
http://hipaadvisory.com (general info)
http://www.healthcare-informatics (general info)
http://www.hcfa.gov/security/isecplcy.htm (security regs)
http://www.jhita.org/ (joint h/c info tech info) BobBob
22. What You Should Do NOW
Name a HIPAA Officer
Study the Requirements (esp. Policies and Forms)
Develop a Project Plan
Communicate with your Billing Partners
Continue to get knowledgeable Patty, someone that cares about Privacy and Security and will be a champion
Dave and Deb addPatty, someone that cares about Privacy and Security and will be a champion
Dave and Deb add
23. What You Should Do NOW
Required Reading
Privacy Regulations (in some form)
DHHS Guidelines (7/6/01 Release)
Practice Briefs (AHIMA, other) BobBob
24. HIPAA Preparations Questions . . . .Answers Bob and Patty Dave and Deb
Bob and Patty Dave and Deb