Professional Documents
Culture Documents
TOPICS COVERED:
What is HIPAA? HIPAA Overview Title II Administrative Simplification Provisions HIPAA Objectives Who Must Comply with HIPAA Covered Entities Penalties For Non-compliance / Enforcement Agency What information is protected by HIPAA Permitted Uses and Disclosures HIPAA Privacy Rule Key Elements
Rosie Callender, RHIA
WHAT IS HIPAA
HIPAA OVERVIEW
Health Insurance Portability and Accountability Act ( HIPAA)
(Accountability)
Administrative Simplification
Compliance by10/16/03
Security
Final Regulations Published on 2/20/03 Compliance Date: 4/20/2005
E le c tro n ic D a ta T ra n s m is s io n
D a ta P ro te c tio n
T ra n s a c tio n
C o d e S e ts
Id e n tifie rs
S e c u rity
P riv a c y
HIPAA Objectives
Insurance portability and
individuals
Administrative Simplification
to apply uniform standards to electronic data transactions in a confidential and secure environment.
Rosie Callender, RHIA
Electronic Transactions
What is HIPAA?
A Federal Law Created in 1996
Privacy
H I P A A
Administrative Simplification
Unique Identifiers
WHY HIPAA?
Rosie Callender, RHIA
Covered Entity
Provides health care Conducts one or more standard HIPAA transactions. Transmits or receives standard transactions in electronic form. Or Performed through a Business Associate.
Rosie Callender, RHIA
1. Claims or equivalent encounter Information 2. Payment and Remittance Advice 3. Claim Status Inquiry and Response 4. Eligibility Inquiry and Response 5. Referral Certification and Authorization Inquiry and Response 6. Enrollment and Disenrollment in a Health Plan 7. Health Plan Premium Payments 8. Coordination of Benefits
Rosie Callender, RHIA
Combination of HCPCS & CPT-4 Physician Services and other Health Care Services HCPCS Medical supplies, Orthotics & other equipment ICD-9-CM, Vols 1&2 Conditions and other health problems & manifestations Code on Dental Procedures and Nomenclature Dental services - CDT NDC National Drug Codes - Drugs/Biologics
Single violation of provision Multiple violations of identical requirement or prohibition made during the calendar year Wrongful disclosure of individually identifiable health information Wrongful disclosure of individually identifiable health information committed under false pretenses Wrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm
CRIMINAL PENALTIES
Up to $50,000
Up to one year
Up to $100,000
Up to five years
Up to $250,000
Up to 10 years
Enforcement Agency
Department of Health and Human Services Office of Civil Rights (OCR) will: will investigate complaints enforce compliance impose civil monetary penalties Department of Justice will: enforce criminal penalties Center for Medicare and Medicaid (CMS) will oversee compliance with Transaction Code Sets and Identifiers
Rosie Callender, RHIA
Employment records Family Educational Rights and Privacy Act (FERPA) records De-identified Records: Removal of certain identifiers so that the individual who is subject of the PHI will not longer be identified. Statistical expert determined that risk of identification is small
Facility may assign code of other means to allow for re- identification
Rosie Callender, RHIA
IMPACT ON PROVIDERS
OPERATIONAL
New Administrative and Clinical Procedures (EXAMPLE: Billing, Operations Coding, Claims
Processing)
MANAGERIAL
TECHNOLOGICAL
Reviewing the competence and qualifications of health care professionals Conduct training programs in which students, trainees learn under supervision Conducting medical reviews, legal services, and auditing functions Business planning and development Business management and general administrative activities Customer service Resolution of grievances Creating de-identified information or limited data set.
Rosie Callender, RHIA
Role-based access. In the work place access to health information should be on a need to know basis.
Rosie Callender, RHIA
Role-based access required under minimum necessary rule Verification and authentication of individuals and authorities requesting PHI Security required by Privacy Rule applies to PHI in all forms
Rosie Callender, RHIA
on removable/transportable digital memory medium (magnetic tape/disk) transported electronically via the internet, e-mail or other means.
YOUR RESPONSIBILITIES
1. 2. 3. 4. 5. 6. 7. 8. 9. Properly manage your password; Prevent the spread of viruses; Properly dispose of material with PHI (hard copy); Contact DITS to clear disks and hard drives of all PHI; before selling or giving computer to another user; Protect system from outside threats ( hackers, malicious software); Do not use unauthorized software or hardware; Follow the organizations policies regarding the use of PDAs and Laptops. Be familiar with the organizations Information Security policies. Use common sense-security
Rosie Callender, RHIA
QUESTIONS? QUESTIONS?
Rosie Callender, RHIA HIPAA Project Manager Morehouse School of Medicine Compliance Office 22 Piedmont Road Atlanta, GA 30303 (404) 756-1345 rcallend@msm.edu