hipaa exec brief 92002
TRANSCRIPT
-
8/3/2019 HIPAA Exec Brief 92002
1/17
1
Health Insurance Portability
and Accountability Act:An Executive Brief
The HIPAA Academy
-
8/3/2019 HIPAA Exec Brief 92002
2/17
Page 2
Objective
The Problem
HIPAA Legislation
HIPAA Impact:
Who?
What?
HIPAA and EDI
HIPAA Privacy Requirement
HIPAA Security Requirement
Getting Started
HIPAA Training: Next Step
-
8/3/2019 HIPAA Exec Brief 92002
3/17
Page 3
The Challenge 20 cents of every healthcare
dollar spent on administrative
overhead! 150 formats to conduct
healthcare transactions for
claims and payments
Using EDI could save the
healthcare industry $26B
annually
-
8/3/2019 HIPAA Exec Brief 92002
4/17
-
8/3/2019 HIPAA Exec Brief 92002
5/17
Page 5
Who Does HIPAA Impact?
Health plans
Clearinghouses Healthcare
providers
Employers Business
Associates
-
8/3/2019 HIPAA Exec Brief 92002
6/17
-
8/3/2019 HIPAA Exec Brief 92002
7/17
Page 7
RULE NPRM
PUBLISHED
FINAL RULE
PUBLISHED
COMPLIANCE
REQUIRED
Electronic Transaction & Code Sets 5/7/1998 8/16/200010/16/02
OR 10/16/03?
Privacy of Individually identifiable
Health Information 11/3/1999 2/26/2001 4/14/2003
Provider Identifier 5/7/1998
Employer Identifier 6/16/1998 5/31/2002 7/31/2004
Security & Electronic Signature 8/12/1998
Identifier for Health Plan
Standard Health Claim Attachments
HIPAA AS Timetable
-
8/3/2019 HIPAA Exec Brief 92002
8/17
Page 8
What Will HIPAA Impact?
Transactions and Code Sets Identifiers
Privacy
Security
-
8/3/2019 HIPAA Exec Brief 92002
9/17
Page 9
HIPAA Transaction and Code Sets
Requirements
Facilitates standardized information
exchange between providers and payers
ANSI ASC X12 is the standard for
representation of:
Healthcare claims
Eligibility inquiries
Enrollments
http://www.rebelartist.com/search/close-up?oid=1975423&a=PH&category_id=62H4&bl=%2Fsearch%2Findex%3Fa%3DPH%26b%3Dk%26t%3D8%26s%3D1%26category_id%3D62H4http://www.rebelartist.com/search/close-up?oid=1972535&a=PH&category_id=62H1&bl=%2Fsearch%2Findex%3Fa%3DPH%26b%3Dk%26t%3D4%26s%3D1%26category_id%3D62H1 -
8/3/2019 HIPAA Exec Brief 92002
10/17
Page 10
HIPAA Privacy Requirements
Privacy - defined as having policies and
procedures in place to control who has
access to protected health information
Health plans/providers must inform
patients of business practices re: use
Any patient identifiable information is
now Protected Health Information(PHI)
Patients entitled to disclosure history
-
8/3/2019 HIPAA Exec Brief 92002
11/17
Page 11
Security - defined as having security
controls and procedures to ensure the
protection of information assets andcontrol access to shared resources
Security and Electronic Signature
Standards Rule covers HIPAA security
HIPAA Security Rule enables organizations
to safeguard all medical information and
transactions
HIPAA Security Requirements
-
8/3/2019 HIPAA Exec Brief 92002
12/17
Page 12
HIPAA Security Requirements
CertificationChain of Trust
AgreementsContingency Plan
Formal PoliciesInfo Access ControlInternal AuditPersonnel SecuritySecurity ConfigurationSecurity Incident
Procedures
Security Mgmt.ProcessTermination
ProceduresTraining
Physical Safeguards
Assigned SecurityResponsibility
Media ControlsPhysical Access Controls
Policy - Workstation UseSecure Workstation
LocationSecurity Awareness
Training
Administrative
Technical SecurityServices
Access ControlsAudit ControlsAuthorization ControlsData AuthenticationEntity Authentication
& Biometrics
Electronic SignatureDigital Signature
Technical SecurityMechanisms
Communications/NetworkProtocols & Controls
Integrity ControlsMessage Authentication
Implementation Features Under Each Requirement
-
8/3/2019 HIPAA Exec Brief 92002
13/17
Page 13
HIPAA Privacy: 10 Key Steps1. Assign privacy responsibility
2. Identify and assess organization PHI
3. Assess privacy policies
4. Analyze gaps in current policies5. Adjust organizational processes
6. Identify Business Associates
7. Negotiate Business Associate Contracts
8. Develop Notice, Consent (optional) andAuthorization documents
9. Develop privacy training program
10. Document privacy policies
-
8/3/2019 HIPAA Exec Brief 92002
14/17
Page 14
HIPAA Security: 10 Key Steps1. Assign security responsibility
2. Drive security awareness
3. Establish security baseline
4. Gap analysis (HIPAA Current)
5. Risk assessment of health info.
6. Identify resources required
7. Revise security policy and processes
8. Roll-out security implementations
9. Establish administrative support
10. Establish audit mechanisms
-
8/3/2019 HIPAA Exec Brief 92002
15/17
Page 15
Your Enterprise HIPAA
Legislation
Business Driver
Transformation
Biz to E-Business
Technology Application Compliance and Opportunity
http://wtg.wharton.upenn.edu/communitech/images/medical.jpg -
8/3/2019 HIPAA Exec Brief 92002
16/17
-
8/3/2019 HIPAA Exec Brief 92002
17/17
Page 17
uday o. ali [email protected]
HIPAA: A Rare Opportunity
HIPAA starts with PHI, ends with e-business.
Start with HIPAA projects and ensure allemployees are trained to respect PHI.