hipaa exec brief 92002

8/3/2019 HIPAA Exec Brief 92002

1/17

1

Health Insurance Portability

and Accountability Act:An Executive Brief

The HIPAA Academy


2/17

Page 2

Objective

The Problem

HIPAA Legislation

HIPAA Impact:

Who?

What?

HIPAA and EDI

HIPAA Privacy Requirement

HIPAA Security Requirement

Getting Started

HIPAA Training: Next Step


3/17

Page 3

The Challenge 20 cents of every healthcare

dollar spent on administrative

overhead! 150 formats to conduct

healthcare transactions for

claims and payments

Using EDI could save the

healthcare industry $26B

annually


4/17


5/17

Page 5

Who Does HIPAA Impact?

Health plans

Clearinghouses Healthcare

providers

Employers Business

Associates


6/17


7/17

Page 7

RULE NPRM

PUBLISHED

FINAL RULE

PUBLISHED

COMPLIANCE

REQUIRED

Electronic Transaction & Code Sets 5/7/1998 8/16/200010/16/02

OR 10/16/03?

Privacy of Individually identifiable

Health Information 11/3/1999 2/26/2001 4/14/2003

Provider Identifier 5/7/1998

Employer Identifier 6/16/1998 5/31/2002 7/31/2004

Security & Electronic Signature 8/12/1998

Identifier for Health Plan

Standard Health Claim Attachments

HIPAA AS Timetable


8/17

Page 8

What Will HIPAA Impact?

Transactions and Code Sets Identifiers

Privacy

Security


9/17

Page 9

HIPAA Transaction and Code Sets

Requirements

Facilitates standardized information

exchange between providers and payers

ANSI ASC X12 is the standard for

representation of:

Healthcare claims

Eligibility inquiries

Enrollments
http://www.rebelartist.com/search/close-up?oid=1975423&a=PH&category_id=62H4&bl=%2Fsearch%2Findex%3Fa%3DPH%26b%3Dk%26t%3D8%26s%3D1%26category_id%3D62H4http://www.rebelartist.com/search/close-up?oid=1972535&a=PH&category_id=62H1&bl=%2Fsearch%2Findex%3Fa%3DPH%26b%3Dk%26t%3D4%26s%3D1%26category_id%3D62H1


10/17

Page 10

HIPAA Privacy Requirements

Privacy - defined as having policies and

procedures in place to control who has

access to protected health information

Health plans/providers must inform

patients of business practices re: use

Any patient identifiable information is

now Protected Health Information(PHI)

Patients entitled to disclosure history


11/17

Page 11

Security - defined as having security

controls and procedures to ensure the

protection of information assets andcontrol access to shared resources

Security and Electronic Signature

Standards Rule covers HIPAA security

HIPAA Security Rule enables organizations

to safeguard all medical information and

transactions

HIPAA Security Requirements


12/17

Page 12

HIPAA Security Requirements

CertificationChain of Trust

AgreementsContingency Plan

Formal PoliciesInfo Access ControlInternal AuditPersonnel SecuritySecurity ConfigurationSecurity Incident

Procedures

Security Mgmt.ProcessTermination

ProceduresTraining

Physical Safeguards

Assigned SecurityResponsibility

Media ControlsPhysical Access Controls

Policy - Workstation UseSecure Workstation

LocationSecurity Awareness

Training

Administrative

Technical SecurityServices

Access ControlsAudit ControlsAuthorization ControlsData AuthenticationEntity Authentication

& Biometrics

Electronic SignatureDigital Signature

Technical SecurityMechanisms

Communications/NetworkProtocols & Controls

Integrity ControlsMessage Authentication

Implementation Features Under Each Requirement


13/17

Page 13

HIPAA Privacy: 10 Key Steps1. Assign privacy responsibility

2. Identify and assess organization PHI

3. Assess privacy policies

4. Analyze gaps in current policies5. Adjust organizational processes

6. Identify Business Associates

7. Negotiate Business Associate Contracts

8. Develop Notice, Consent (optional) andAuthorization documents

9. Develop privacy training program

10. Document privacy policies


14/17

Page 14

HIPAA Security: 10 Key Steps1. Assign security responsibility

2. Drive security awareness

3. Establish security baseline

4. Gap analysis (HIPAA Current)

5. Risk assessment of health info.

6. Identify resources required

7. Revise security policy and processes

8. Roll-out security implementations

9. Establish administrative support

10. Establish audit mechanisms


15/17

Page 15

Your Enterprise HIPAA

Legislation

Business Driver

Transformation

Biz to E-Business

Technology Application Compliance and Opportunity
http://wtg.wharton.upenn.edu/communitech/images/medical.jpg


16/17


17/17

Page 17

uday o. ali [email protected]

HIPAA: A Rare Opportunity

HIPAA starts with PHI, ends with e-business.

Start with HIPAA projects and ensure allemployees are trained to respect PHI.

hipaa exec brief 92002

Documents