Beruflich Dokumente
Kultur Dokumente
An Executive Brief
The HIPAA Academy
Objective
The Problem HIPAA Legislation HIPAA Impact: Who? What? HIPAA and EDI HIPAA Privacy Requirement HIPAA Security Requirement Getting Started HIPAA Training: Next Step
Page 2
The Challenge
20 cents of every healthcare dollar spent on administrative overhead! 150 formats to conduct healthcare transactions for claims and payments Using EDI could save the healthcare industry $26B annually
Page 3
HIPAA Legislation
Page 4
Healthcare providers
Employers
Business Associates
Page 5
HIPAA Penalties
Violation of patient confidentiality standards include monetary fines and possible imprisonment Civil: Up to $25,000 per person per violation of a single standard per calendar year Criminal: Up to $250,000 and 10 years in prison
Page 6
HIPAA AS Timetable
RULE Electronic Transaction & Code Sets Privacy of Individually identifiable Health Information Provider Identifier Employer Identifier Security & Electronic Signature Identifier for Health Plan Standard Health Claim Attachments
Page 7
NPRM FINAL RULE COMPLIANCE PUBLISHED PUBLISHED REQUIRED 5/7/1998 11/3/1999 5/7/1998 6/16/1998 8/12/1998 5/31/2002 7/31/2004 8/16/2000 2/26/2001 10/16/02 OR 10/16/03? 4/14/2003
Page 8
Page 9
Privacy - defined as having policies and procedures in place to control who has access to protected health information Health plans/providers must inform patients of business practices re: use Any patient identifiable information is now Protected Health Information (PHI) Patients entitled to disclosure history
Page 10
controls and procedures to ensure the protection of information assets and control access to shared resources
Security and Electronic Signature
Physical Safeguards
Assigned Security Responsibility Media Controls Physical Access Controls Policy - Workstation Use Secure Workstation Location Security Awareness Training
Electronic Signature
Digital Signature
Page 12
2.
3. 4. 5. 6. 7. 8. 9. 10.
Assign privacy responsibility Identify and assess organization PHI Assess privacy policies Analyze gaps in current policies Adjust organizational processes Identify Business Associates Negotiate Business Associate Contracts Develop Notice, Consent (optional) and Authorization documents Develop privacy training program Document privacy policies
Page 13
5.
6. 7. 8. 9. 10.
Assign security responsibility Drive security awareness Establish security baseline Gap analysis (HIPAA Current) Risk assessment of health info. Identify resources required Revise security policy and processes Roll-out security implementations Establish administrative support Establish audit mechanisms
Page 14
Legislation
Transformation
Technology Application
IT Pr o f essio n a l s
w w w . H I P A A a c a d e my . N e t
877.899.9974 x20&22
The HIPAA Academy is a Proud Supporter of the
Page 16
Page 17