disclaimer
DESCRIPTION
This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not constitute legal advice. If you require legal advice, you should consult with an attorney. Disclaimer. HIPAA. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/1.jpg)
Disclaimer
This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not constitute legal advice. If you require legal advice, you should consult with an attorney.
![Page 2: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/2.jpg)
HIPAA
Health Insurance Portability and Accountability Act
or HIPAA
![Page 3: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/3.jpg)
Developing the plan and managing the HIPPA
“project” from an enterprise view
![Page 4: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/4.jpg)
What is HIPAA?
HealthcareInPain AndAgony (again)
![Page 5: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/5.jpg)
Healthcare Information Sharing
Managed care organizations; Consulting physicians;
Health insurance companies Life insurance companies; Self-insured employers;
Pharmacies; Pharmacy benefit managers; Clinical laboratories;
State and Federal statistical agencies; and Medical information bureaus Accrediting organizations;
![Page 6: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/6.jpg)
What is Protected Health Information?
Health Information - Is any information gathered by a health care provider, including non-health related data
Protected Health Information - Is Health Information that contains data that may be used to directly or indirectly identify the patientAlso Described As:
Identifiable Health InformationIdentifiable Patient Information
![Page 7: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/7.jpg)
List of Data Elements that would make Health Information Identifiable!
Name Address E-mail address Telephone No. Finger or voice prints Social security number Vehicle/device serial no. Health plan number Certificate/license No.
Names of relatives Names of employers Fax number Birth date Photographic images / X-rays Internet (IP) address Medical record number Account Number Web URL
![Page 8: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/8.jpg)
PHI is Covered by HIPAA, Regardless of Format
Examples: Database or Computer Stored Files E-mail Images or X-rays Conversations Word Documents PDA Stored Information Hand written notes Student Logs Academic Curriculum
![Page 9: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/9.jpg)
The eight steps to HIPPA implementation: project sample time frame
1. Think and Educate 1-3 months
2. Gather Current State Information 2-3 months
3. Risk and Cost/Benefits Analysis 3-6 month
4. Plan 2-3 months
5. Implement 12-24 months
6. Review 2-3 months
7. Certify and Go Live 3-6 months
8. Monitor Ongoing
Total Time 25-48 months
![Page 10: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/10.jpg)
1. THINK AND EDUCATE
The Big ChoicesWhen to start?Centralized vs. Decentralized approach?Sponsorship / Executive LeadershipE-commerce integration?Compliance vs. compliance plus significant benefits
![Page 11: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/11.jpg)
1. THINK AND EDUCATE
Create a HIPAA VisionBusiness officeFinancial performanceReferral managementPatient relations
Billing / collections registration primary statement
Relationship with key trading partners Define goals
![Page 12: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/12.jpg)
1. THINK AND EDUCATE
Proactive Vision E-commerce based Significant reduction in Business Office staff Increased cash flow Reduced bad debt User friendly security technologies HIPAA Security and Privacy aware staff Collaborative relationship with business partners Patient/subscriber friendly Positive consumer public relations Valued business partner relationships
![Page 13: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/13.jpg)
1. THINK AND EDUCATE
Compliance Focused Vision (Provider) HIPAA claims only transacted, forget the rest Increasing Business Office Staff Growing accounts receivable Increased bad debt Complex, hard to use security measures that interfere with
patient care Staff have minimal HIPAA security and privacy awareness Adverse relationship with Business Partners Inadequate systems and administrative policies to support
security and privacy
![Page 14: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/14.jpg)
Sponsors / Steering Committee CEO, CFO, CIO, COO Compliance Officer Risk Management Human Resources Government Relations Chief Information Security Officer General Counsel Privacy Officer
1. THINK AND EDUCATE
![Page 15: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/15.jpg)
1. THINK AND EDUCATE
Sponsors / Steering CommitteePatient RepresentativeSecurity (physical) OfficerE-commerceAdmitting / RegistrationBusiness OfficeMedical RecordsWorkflow / Change Management
![Page 16: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/16.jpg)
1. THINK AND EDUCATE
HIPAA EducationHigh levelManagement levelOngoing through all phasesThree tier strategy
In personInternet / IntranetPaper
![Page 17: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/17.jpg)
1. THINK AND EDUCATE
Project Management Organization (assume enterprise approach)Core staff (few or many)Dedicated project team vs. Shared resourcesMix of staff and consulting resourcesMix of HIPAA and operations knowledgeIndependent Verification and Validation (IVV)Protecting the information
SecurityProtection from discovery
![Page 18: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/18.jpg)
1. THINK AND EDUCATE
HIPAA Scope Definition Suggested Initial Project HIPAA Regulation Scope
Standard Transactions Employer (sponsor) Identifier Provider Identifier Payer Identifier Electronic Attachments Security (Privacy)
Business Applications IS Applications Key Trading Partner identification
![Page 19: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/19.jpg)
HOSPITAL SYSTEMS EFFECTED BY HIPAABusiness Applications
Laboratory Pharmacy Radiology Registration (ADT) Orders Results Credentialling Data Warehouse Cost Accounting
Materials Management Master Person (Patient)
Index Patient Accounting Home Care Nursing home Physician practice Human Resources
HIPAA training management
![Page 20: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/20.jpg)
HOSPITAL SYSTEMS EFFECTED BY HIPAABusiness Applications
Medical Records Coding and Abstracting Chart Tracking Document Imaging
Electronic Medical records
Clinical Data Repository
Demand Management Patient Scheduling Referral Management Other
Not Impacted Payroll General Ledger Accounts Payable
![Page 21: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/21.jpg)
HOSPITAL SYSTEMS EFFECTED BY HIPAABusiness Applications
Department Systems with Patient Specific Information (e.g., Cath lab)
Telecommunication systems that contain patient identifiers, e.g., appointment call system
Any special purpose database or application which includes patient specific information -- e.g. tumor registry
![Page 22: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/22.jpg)
HOSPITAL SYSTEMS EFFECTED BY HIPAAIS Applications
Internet and point-to-point data communications Interface Engine(s) EDI Engine(s) Infrastructure
Firewall Network Security Physical Security Security Policies and Procedures Security Audit Systems Security Technology and Technology Mechanisms
![Page 23: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/23.jpg)
1. THINK AND EDUCATE
Get Involved / Share with PeersHIPAA RegulationsStrategic Implementation Plan (SIP)
Professional AssociationsKey Trading PartnersLocal Networking
![Page 24: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/24.jpg)
2. GATHER CURRENT STATE INFORMATION
Inventory Everything Effected by HIPAA Risk Level Impact Assessment
Categorize risk levelBusiness riskSecurity risk
Flag high cost remediation items
![Page 25: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/25.jpg)
2. GATHER CURRENT STATE INFORMATION
Use Electronic Tools to Document and Manage the ProcessImpact Assessment Inventory databaseTransaction Implementation Guides(Business) Risk / Compliance Management
tracking and documentationProject Management
![Page 26: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/26.jpg)
2. GATHER CURRENT STATE INFORMATION
Cross Reference Regulations Business applications IS applications Work processes Administrative policies and procedures Physical security issues Other
Develop HIPAA Project Plan Eight Steps Develop a mid-level plan with 100-150 tasks Phase by regulation timing Basis for three year plus budget and resources plan
![Page 27: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/27.jpg)
3. RISK AND COST BENEFIT ANALYSIS
Staff Up Technical Legal Workflow Optional development and analysis Change management
Increase Education Activity Think Outside the Box Independent advisors
![Page 28: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/28.jpg)
3. RISK AND COST BENEFIT ANALYSIS
GAP Analysis Quantify Risks
Probability of incidentsImpact per incident
Fines and jail Legal defense/insurance premiums Loss/delayed revenues and staff to rework “Urgent” fix cost and staff time Public image
![Page 29: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/29.jpg)
3. RISK AND COST BENEFIT ANALYSIS
Identify Options to Reduce Each Risk Level of risk reduction (probability) Cost to achieve risk reduction Dependency factors
Cost / Benefit Analysis Identify greatest risk items Identify benefit to cost ratio Analyze items that are interrelated
![Page 30: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/30.jpg)
3. RISK AND COST BENEFIT ANALYSIS
Assess Current Vendors’ HIPAA Readiness Plans and Assurances
Recommendations to Sponsors/Steering Committee Rationale By level of investment
![Page 31: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/31.jpg)
4. PLAN
Develop a Detailed Implementation Plan Include Current HIPAA Knowledge
Internal External
Coordinate with E-Commerce Initiatives Technology Strategy Administrative Strategy
![Page 32: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/32.jpg)
4. PLAN
Issue RFPs to Acquire New Systems if Needed Educate Assure Availability of Implementation Resources Coordinate with Trading Partners
![Page 33: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/33.jpg)
5. IMPLEMENTATION
Implement Changes Transactions and Code Sets Identifiers Security -- Physical Security -- Administrative Security -- Technology and Technology Mechanisms
![Page 34: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/34.jpg)
5. IMPLEMENT
Training Independent Assessment of ongoing project
Budget Timeliness Goal achievement
![Page 35: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/35.jpg)
5. IMPLEMENT
Testing Unit testing Integration testing Testing with trading partners
Document the Risk Mitigation
![Page 36: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/36.jpg)
6. REVIEW
Readiness Review Include Knowledge Gained Since the Plan was
Developed Update to Address Changes in HIPAA Regulations
![Page 37: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/37.jpg)
7. CERTIFY AND GO LIVE
Independent Review Certification Likely Only for Some Components
![Page 38: Disclaimer](https://reader035.vdocuments.us/reader035/viewer/2022062722/56813a23550346895da20220/html5/thumbnails/38.jpg)
8. MONITOR
HIPAA Regulations New Revisions
Security Audit and Monitoring Business Risk Monitoring Measure Goal Achievements Feedback to Phase 3 Report to Leadership Measure Business Partner Relationships