Security and Privacy Workgroup

SMALL PRACTICE IMPLEMENTATION

WEDI/SNIP Security and Privacy Workgroup

White PaperVersion 2.0 – Dated

April 2004

Security and Privacy Work Group

Background

White Paper based on Final Security Rule issued February 20, 2003

White Paper for education and awareness use only

Security and Privacy Work Group

Background White paper intended for use by trusted entities

– associations, consultants, and others – to inform small practices about HIPAA

Outlines awareness campaign to enable small practices to come into compliance with Security Rule

Two central goals:– Present strategy to inform small practices about

HIPAA Security Rule– Give guidance to small practices to enable them to

become compliant with Security Rule

Security and Privacy Work Group

Background

Important to keep in mind small practices need basics – not detailed discussion of the more esoteric points – Practices want simple, straightforward, and, to

extent possible, non-technical information– Recommended non-technical language be used

and practices be encouraged to keep implementation as simple as possible

– Technical language will make no sense to small practices

Security and Privacy Work Group

HIPAA and Small Practices

HIPAA applies to small provider practice if that practice submits claims electronically either directly or through a billing service or “clearinghouse”

Does not apply to practice that does not submit any standard transactions electronically

ASCA requires submission of electronic claims to Medicare, except if small practice with less than 10 full-time equivalent employees

Security and Privacy Work Group

Initial Information Version 1.0 of white paper reviews Security

Rule in detail – specification by specification Translates rule into language understandable

by small practices Provides specific guidance on how to proceed

in more complex areas– Future versions will provide more specific

guidance as industry consensus starts to continues to take shape around these issues

Security and Privacy Work Group

Specific Requirements

White paper reviews each requirement of Security Rule

Addresses administrative, physical, and technical security separately

Provides initial guidance on each of the 18 security “standards” in rule

Provides initial guidance on each of the 36 “implementation specifications” in rule

Security and Privacy Work Group

Future Direction

Future versions of white paper will provide more specific information regarding how to approach and implement each standard and implementation specification

Where appropriate, templates and other documents may be developed, similar to WEDI/SNIP Small Practice Privacy Implementation White Paper

Security and Privacy Work Group

Conclusion

Task of ensuring small practices come into compliance significant

Requires concerted effort by many individuals and organizations

White paper provides road map for trusted sources to provide consistent information

Information in white paper can be used by trusted sources to design specific guidance for their small practices

Security and Privacy Work Group

White Paper

Much more depth and guidance in White Paper

Download White Paper at snip.wedi.org– Go to Workgroups, Security and Privacy,

White Papers If you have questions, contact the Security

and Privacy Workgroup at snip@wedi.org

Security and Privacy Work Group

Acknowledgements

WEDI/SNIP thanks the following individual for preparing this presentation:

– Andrew Melczer, Ph.D., Illinois State Medical Society, melczer@isms.org