1 / 38

Understanding HIPAA: Implementation Guide

Learn about HIPAA, its significance, and steps for development and management in healthcare enterprises. Covering HIPAA regulations, protected health information, compliance considerations, and project implementation strategies.

turco
Download Presentation

Understanding HIPAA: Implementation Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not constitute legal advice. If you require legal advice, you should consult with an attorney. Disclaimer

  2. HIPAA Health Insurance Portability and Accountability Actor HIPAA

  3. Developing the plan and managing the HIPPA “project” from an enterprise view

  4. Healthcare In Pain And Agony (again) What is HIPAA?

  5. Healthcare Information Sharing • Managed care organizations;  • Consulting physicians; • Health insurance companies  • Life insurance companies;  • Self-insured employers;  • Pharmacies;  • Pharmacy benefit managers;  • Clinical laboratories;  • State and Federal statistical agencies; and  • Medical information bureaus • Accrediting organizations;

  6. Health Information - Is any information gathered by a health care provider, including non-health related data Protected Health Information - Is Health Information that contains data that may be used to directly or indirectly identify the patient Also Described As: Identifiable Health Information Identifiable Patient Information What is Protected Health Information?

  7. Name Address E-mail address Telephone No. Finger or voice prints Social security number Vehicle/device serial no. Health plan number Certificate/license No. Names of relatives Names of employers Fax number Birth date Photographic images / X-rays Internet (IP) address Medical record number Account Number Web URL List of Data Elements that would make Health Information Identifiable!

  8. Examples: Database or Computer Stored Files E-mail Images or X-rays Conversations Word Documents PDA Stored Information Hand written notes Student Logs Academic Curriculum PHI is Covered by HIPAA, Regardless of Format

  9. The eight steps to HIPPA implementation: project sample time frame

  10. The Big Choices When to start? Centralized vs. Decentralized approach? Sponsorship / Executive Leadership E-commerce integration? Compliance vs. compliance plus significant benefits 1. THINK AND EDUCATE

  11. Create a HIPAA Vision Business office Financial performance Referral management Patient relations Billing / collections registration primary statement Relationship with key trading partners Define goals 1. THINK AND EDUCATE

  12. Proactive Vision E-commerce based Significant reduction in Business Office staff Increased cash flow Reduced bad debt User friendly security technologies HIPAA Security and Privacy aware staff Collaborative relationship with business partners Patient/subscriber friendly Positive consumer public relations Valued business partner relationships 1. THINK AND EDUCATE

  13. Compliance Focused Vision (Provider) HIPAA claims only transacted, forget the rest Increasing Business Office Staff Growing accounts receivable Increased bad debt Complex, hard to use security measures that interfere with patient care Staff have minimal HIPAA security and privacy awareness Adverse relationship with Business Partners Inadequate systems and administrative policies to support security and privacy 1. THINK AND EDUCATE

  14. Sponsors / Steering Committee CEO, CFO, CIO, COO Compliance Officer Risk Management Human Resources Government Relations Chief Information Security Officer General Counsel Privacy Officer 1. THINK AND EDUCATE

  15. Sponsors / Steering Committee Patient Representative Security (physical) Officer E-commerce Admitting / Registration Business Office Medical Records Workflow / Change Management 1. THINK AND EDUCATE

  16. HIPAA Education High level Management level Ongoing through all phases Three tier strategy In person Internet / Intranet Paper 1. THINK AND EDUCATE

  17. Project Management Organization (assume enterprise approach) Core staff (few or many) Dedicated project team vs. Shared resources Mix of staff and consulting resources Mix of HIPAA and operations knowledge Independent Verification and Validation (IVV) Protecting the information Security Protection from discovery 1. THINK AND EDUCATE

  18. HIPAA Scope Definition Suggested Initial Project HIPAA Regulation Scope Standard Transactions Employer (sponsor) Identifier Provider Identifier Payer Identifier Electronic Attachments Security (Privacy) Business Applications IS Applications Key Trading Partner identification 1. THINK AND EDUCATE

  19. Laboratory Pharmacy Radiology Registration (ADT) Orders Results Credentialling Data Warehouse Cost Accounting Materials Management Master Person (Patient) Index Patient Accounting Home Care Nursing home Physician practice Human Resources HIPAA training management HOSPITAL SYSTEMS EFFECTED BY HIPAABusiness Applications

  20. Medical Records Coding and Abstracting Chart Tracking Document Imaging Electronic Medical records Clinical Data Repository Demand Management Patient Scheduling Referral Management Other Not Impacted Payroll General Ledger Accounts Payable HOSPITAL SYSTEMS EFFECTED BY HIPAABusiness Applications

  21. Department Systems with Patient Specific Information (e.g., Cath lab) Telecommunication systems that contain patient identifiers, e.g., appointment call system Any special purpose database or application which includes patient specific information -- e.g. tumor registry HOSPITAL SYSTEMS EFFECTED BY HIPAABusiness Applications

  22. Internet and point-to-point data communications Interface Engine(s) EDI Engine(s) Infrastructure Firewall Network Security Physical Security Security Policies and Procedures Security Audit Systems Security Technology and Technology Mechanisms HOSPITAL SYSTEMS EFFECTED BY HIPAAIS Applications

  23. Get Involved / Share with Peers HIPAA Regulations Strategic Implementation Plan (SIP) Professional Associations Key Trading Partners Local Networking 1. THINK AND EDUCATE

  24. Inventory Everything Effected by HIPAA Risk Level Impact Assessment Categorize risk level Business risk Security risk Flag high cost remediation items 2. GATHER CURRENT STATE INFORMATION

  25. Use Electronic Tools to Document and Manage the Process Impact Assessment Inventory database Transaction Implementation Guides (Business) Risk / Compliance Management tracking and documentation Project Management 2. GATHER CURRENT STATE INFORMATION

  26. Cross Reference Regulations Business applications IS applications Work processes Administrative policies and procedures Physical security issues Other Develop HIPAA Project Plan Eight Steps Develop a mid-level plan with 100-150 tasks Phase by regulation timing Basis for three year plus budget and resources plan 2. GATHER CURRENT STATE INFORMATION

  27. Staff Up Technical Legal Workflow Optional development and analysis Change management Increase Education Activity Think Outside the Box Independent advisors 3. RISK AND COST BENEFIT ANALYSIS

  28. GAP Analysis Quantify Risks Probability of incidents Impact per incident Fines and jail Legal defense/insurance premiums Loss/delayed revenues and staff to rework “Urgent” fix cost and staff time Public image 3. RISK AND COST BENEFIT ANALYSIS

  29. Identify Options to Reduce Each Risk Level of risk reduction (probability) Cost to achieve risk reduction Dependency factors Cost / Benefit Analysis Identify greatest risk items Identify benefit to cost ratio Analyze items that are interrelated 3. RISK AND COST BENEFIT ANALYSIS

  30. Assess Current Vendors’ HIPAA Readiness Plans and Assurances Recommendations to Sponsors/SteeringCommittee Rationale By level of investment 3. RISK AND COST BENEFIT ANALYSIS

  31. Develop a Detailed Implementation Plan Include Current HIPAA Knowledge Internal External Coordinate with E-Commerce Initiatives Technology Strategy Administrative Strategy 4. PLAN

  32. Issue RFPs to Acquire New Systems if Needed Educate Assure Availability of Implementation Resources Coordinate with Trading Partners 4. PLAN

  33. Implement Changes Transactions and Code Sets Identifiers Security -- Physical Security -- Administrative Security -- Technology and Technology Mechanisms 5. IMPLEMENTATION

  34. Training Independent Assessment of ongoing project Budget Timeliness Goal achievement 5. IMPLEMENT

  35. Testing Unit testing Integration testing Testing with trading partners Document the Risk Mitigation 5. IMPLEMENT

  36. Readiness Review Include Knowledge Gained Since the Plan was Developed Update to Address Changes in HIPAA Regulations 6. REVIEW

  37. Independent Review Certification Likely Only for Some Components 7. CERTIFY AND GO LIVE

  38. HIPAA Regulations New Revisions Security Audit and Monitoring Business Risk Monitoring Measure Goal Achievements Feedback to Phase 3 Report to Leadership Measure Business Partner Relationships 8. MONITOR

More Related