Hipaa Compliance
-
Upload
harshvardhan1 -
Category
Healthcare
-
view
49 -
download
0
Transcript of Hipaa Compliance
Health Insurance Portability and Accountability Act
HIPAA
PROGRESSIVE CORPORATE SERVICES
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
HIPAA
It is a Federal law passed in 1996.
It specifies what is required to protect the privacy of personally identif iable health care information.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Time Lines for HIPAA Compliance
Three separate and independent timelines required for HIPAA compliance.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Time Lines for HIPAA Compliance
Three separate and independent timelines required for HIPAA compliance.
Privacy Rule compliance required by April 14, 2003
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Time Lines for HIPAA Compliance
Transaction Code Set Rules (TCS) compliance required by October 16, 2002 or October 16, 2003 if you fi led for an extension
Three separate and independent timelines required for HIPAA compliance.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Time Lines for HIPAA Compliance
Security Rule compliance
deadline Apri l 21, 2005
Three separate and independent timelines required for HIPAA compliance.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Covered Entities
To be considered a covered entity, the organization must be either a health care provider, a health plan, or a health care clearinghouse.
Covered entit ies provide services directly to the patient.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
An ambulance service is considered to be a health care provider.
Covered Entities
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Covered Entities
To be considered a covered entity, you must engage in electronic transactions.This includes bil l ing.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Protected Health Information (PHI)
When PHI enters an organization, whether it is from a patient, a bystander, a fr iend, a family member or a dispatch agency, all privacy and security rules apply.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
What is PHI?
Individually identif iable information
Information regarding past, present, or future physical or mental health
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
What is PHI? Information regarding
provision or payment of care to an individual. Includes any material that is
written, verbal, electronic, scanned, photographic, etc.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Examples of PHIPatient care reports (PCRs)
Dispatch records
Bil l ing information Incident reports with
patient information.Physician Certif ications
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Three Allowed Uses of PHI
Treatment
Payment
Health Care OperationsThese are allowed without prior patient authorization.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Treatment You may share PHI with other health care providers involved in treating the patient.
First Responders may share patient information while on the scene.
You may share information with emergency department personnel without the patient’s permission.
Facil i t ies may share information to providers for treatment purposes.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Payment
Providers may use PHI to send invoices and fi le claims.
Emergency Departments may supply “face sheet” information to services for bil l ing purposes.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Operations
QA/CQI, Internal Audits
Patient names and addresses must be omitted if using PHI for research or education.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Business Associates
A business associate is a person or an entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Business Associates
Covered entities must have formal “business associate” agreements in place with business associates to meet compliance guidelines under HIPAA.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Business Associates
Examples of business associates are: Collection Agencies Billing Companies Computer Software Companies that
may have access to PHI Legal Counsel, etc.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Business Associates
In other words, business associates are those entities that do not perform services directly to the patient but instead provide services to covered entities
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Privacy Rule-What Is Required?
• Designation of a privacy officer
• Securing of patient records and l imiting access so that they are not available to those personnel who do not have a “need to know”
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Examples of Security Safeguards
Include a confidentiality statement on all e-mails, fax cover sheets and web pages.
Web page notices must be printable.
Keep patient care reports restricted.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Keep fax machines which receive PHI in a secure location and l imit access. Obtain reasonable assurances that those who receive your faxes do the same.
Examples of Security Safeguards
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
What is the Transaction Code Set Rule? (TCS)
Requires providers to submit electronic claims in an approved format.Requires payers to accept transactions that are submitted in the standard formats.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Conduct a “gap analysis”.
Identify existing privacy related policies and procedures and review them for accuracy and compliance.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Adopt a formal privacy practice.You may use samples from any source, but make sure you have all policies, forms, and agreements reviewed by your attorney.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Develop and provide a notice to each patient concerning your privacy practices and make good faith effort to obtain a signed acknowledgement from the patient that he or she has received it.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Develop a policy that protects PHI and distribute only the necessary parts of the PHI to entit ies that have a “need to know”.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Identify all members of your organization who need to access Protected Health Information (PHI) by their job descriptions and identify what parts of PHI they need to access. Develop a policy that contains this specific information.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Develop a policy that allows patients or their designated representatives access to their PHI
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Develop a Designated Record Set which wil l determine what information is released when it is requested.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Develop a policy that identif ies the method by which a patient or designee may amend their PHI.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Identify business associates.
Develop and execute business associate agreements.
Coordinate with vendors.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Appoint a privacy officer. This person may have other duties within the organization.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Ensure that al l required HIPAA policies, procedures and agreements have been developed.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
The Steps to HIPAA Compliance
Provide HIPAA training to al l members of the organization by Apri l 14, 2003. These members may include, but are not l imited to: crew members, office personnel, board of directors, administrative personnel, etc.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Continued Compliance
Monitor and revise policies as needed.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
Very Important
You must not only safeguard written PHI, but also verbal PHI!
There must be a written policy banning all inappropriate banter about specif ic patients. Penalt ies for such behavior must be included in the policy.
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
What You Must Have!
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
- Notice of Privacy Practices
- Business Associate Agreements
- Accounting Log-“Minimum Necessary” Policies- Who needs access to what?
You MUST Have
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
- Designated Record Set Policy- Policy regarding uses and disclosures
- Training documents
You MUST Have
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
- Amendment forms
- Written designation of privacy off icials- Documents regarding any penalties given for privacy violations
You MUST Have
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
What Would It Be Nice to Have?
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
- Privacy Officer Job Description
- Request for Access form
- Request for Amendment form
- Request for Restriction form
You Should Have
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES
You Should Have
-Complaint Policy
-Password Authorization form
-Record Release Policy
-Confidentiali ty Policy
101-102, Sheraton House, Ambavadi, Ahmedabad, Gujarat, India - 380015
PROGRESSIVE CORPORATE SERVICES