“ Technology Working For People” Intro to HIPAA and Small Practice Implementation
Dec 27, 2015
“ Technology Working For People”
Overview
What is HIPAA?
Transactions
Privacy
Security
Implementation Manual/Process
“ Technology Working For People”
Insurance Reform[Portability]
Insurance Reform[Portability]
Administrative Simplification[Accountability]
Health Insurance Portability and Accountability Act (HIPAA)
Transactions, Compliance
Date: 10/16/2003
Privacy Compliance
Date: 4/14/2003
Security Compliance
Date: 4/21/2005
What is HIPAA?
“ Technology Working For People”
Who is affected ?“Covered Entities” which include:
•Health Plans•Healthcare Clearinghouse•Healthcare Provider who transmits health information in electronic format
(Us )
“ Technology Working For People”
Is it Mostly ProcessOr Mostly “Things” to purchase?
20%
80%
Technical
Process
“ Technology Working For People”
HIPAA Compliance Deadlines
Transaction & Code Sets October 16, 2003 (with extension)
Privacy RegulationApril 14, 2003
Security RegulationsApril 21, 2005 or April 21, 2006 for
small health plans
“ Technology Working For People”
COMPLY?
$100 for each violation
Maximum of $25,000 per year per specific
provision
Penalties up to $250,000 Prison time up to 10 years
Non-Compliance
Unauthorized Disclosure or Misuse of Patient Information
“ Technology Working For People”
Transactions, Codes, & Identifiers
What are they, and why do we care ?
Is it something I control ?
How do we comply?
“ Technology Working For People”
Transaction, Codes, and Identifiers
Verify your vendor or clearinghouse has
been certified?
Tested your electronic claims submission for accuracy?
“ Technology Working For People”
Privacy Regulations Require Designating a Privacy
Officer Educate the Privacy Officer
Take this training moduleBecome familiar with helpful web
sites Begin Implementing the new
Procedures & Policies
“ Technology Working For People”
Privacy Regulation
The Privacy Rule has 3 General AreasPatient RightsCommunicationsAdministration
“ Technology Working For People”
Privacy Regulation
Patient RightsNotice of Privacy PracticeAuthorization FormAccess and Amendment PolicyAccounting and Restrictions Policy
“ Technology Working For People”
Privacy RegulationCommunications
Phone and Face-to-FaceEmail Policy (Optional)Fax PolicyMedical RecordsDe-Identification
“ Technology Working For People”
Privacy RegulationAdministration
Privacy OfficerBusiness Associate Privacy ContractTrackingSafeguardsPre-emption of State LawTraining
“ Technology Working For People”
Security Regulation
Three Categories of Security StandardsAdministrativePhysicalTechnical
“ Technology Working For People”
Security Regulation
In All 3 Categories, the Standards are:Required
orAddressable
“ Technology Working For People”
Security - General RuleEnsure the confidentiality, integrity and availability
of all EPHIProtect against any reasonably anticipated threat
or hazard to security or integrityProtect against reasonably anticipated uses or
disclosure that are nor permitted under the Privacy Rule
Ensure compliance by your workforce
“ Technology Working For People”
Security Flexibility•Size, complexity and capabilities of office
•Technical infrastructure, hardware and software security capability of office
•Costs of security measures
•Probability and criticality of potential risks
“ Technology Working For People”
Security – Administrative Security Management Responsibility Workforce Security Information Access Management Security Awareness & Training Incident Procedures Contingency Plan Evaluation Business Associate Contract
“ Technology Working For People”
Security - PhysicalFacility Access ControlWorkstation UseWorkstation SecurityDevice & Media Controls
“ Technology Working For People”
Security - TechnicalAccess ControlAudit Controls IntegrityEntitiy AuthenticationTransmission Security
“ Technology Working For People”
ImplementationThe Head of Practice Overview
Office Manager Steps
Transaction/Code Certification
Staff Training
Privacy
Security
Maintenance
“ Technology Working For People”
Office Manager Steps
Appointed Privacy & Security Officer
Studies the HIPAA Office Manual
Makes any modifications to the forms, policies and procedures for this specific practice
Calls a staff meeting for HIPAA training
“ Technology Working For People”
Transaction/Code Certification
Obtain certification of compliance from Billing/Admin software vendor
Obtain certification of compliance from all clearinghouse vendors
Confirm accuracy of transactions
“ Technology Working For People”
Staff Training
Staff read the awareness essay
Read and sign employee confidentiality form
Attend the HIPAA overview training
Attend Security Awareness Training
“ Technology Working For People”
Privacy
Post Privacy Notice
Process for patients receiving and signing Notice of Privacy Practice
Post Fax and Email Policies
Create “Entities” log
Issue/Collect Business Associate contracts
“ Technology Working For People”
SecurityVeroTek & Office Manager Produce:
Risk Assessment/Plan Access Control Workstation Security Staff Security Training Anti-Virus Procedures Backup Procedures Internet/Firewall System Disaster Recovery Plan
“ Technology Working For People”
Maintenance
Quarterly review by Office Manager for compliance
Bi-Annual Security Audit by VeroTek
“As Required” updates as regulations change
“ Technology Working For People”
Questions?Call VTSHelpDesk
@ 858-483-1692
or Email [email protected]