Building a hipaa readiness agenda
Sponsored Links
This presentation is the property of its rightful owner.
1 / 36

Building a HIPAA-Readiness Agenda PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Building a HIPAA-Readiness Agenda. Bob DeMarco Managing Principal Healthcare Business Solutions Compaq Global Services April 3, 2002. Introductions. Objectives. Learn about the Health Insurance Portability and Accountability Act (HIPAA) Discuss HIPAA components

Download Presentation

Building a HIPAA-Readiness Agenda

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Building a hipaa readiness agenda

Building a HIPAA-Readiness Agenda

Bob DeMarco

Managing Principal

Healthcare Business Solutions

Compaq Global Services

April 3, 2002





  • Learn about the Health Insurance Portability and Accountability Act (HIPAA)

  • Discuss HIPAA components

    • Electronic standards, code sets and identifiers

    • Procedures and policies regarding patient privacy

    • Security requirements

  • Discover HIPAA's effect on your environment

    • Budgets and organizational issues

  • Discuss how Compaq can help

Facts and fiction

Facts and fiction

  • Fiction

    • HIPAA laws will never be enforced

    • This is just like Y2K

    • The application vendors have already fixed this

    • A tool will repair any issues

    • An organization can be compliant

  • Facts

    • This is a business AND a technology issue

    • HIPAA is a complex business problem

      • But there are ways to justify the expense and reduce exposure

    • HIPAA is a 2-5 year process

You may have some questions

You may have some questions . . .

  • What is HIPAA anyway?

  • HIPAA is huge – what do I do first?

  • How do I fund HIPAA readiness activities?

  • Does this really affect me?

  • The dates seem to be changing.

    • What are they now?

    • What is due and when?

    • Will the dates change again?

  • How do I meet compliance dates?


  • How do I spell it?


U s hipaa goals

U.S. HIPAA goals

  • U.S. 2000 – health care costs 13.9% of GDP

    • Reduce overall costs

      • Transactions over the Internet

      • Standardize

    • Ensure privacy of patient information








Why hipaa


  • Improve efficiency and effectiveness of health care system

    • Standardize the electronic exchange of administrative and financial data

  • Reduce US healthcare costs

    • 13.9% of GDP; highest in world

  • Protect security and privacy of transmitted information

  • Goals:

    • Cut $73BB out of healthcare costs in U.S. (transactions)

    • Ensure patient privacy (privacy and security)

Whom does hipaa affect

Whom does HIPAA affect?

  • Providers

  • Nursing homes

  • Skilled Nursing Facilities (SNF’s)

  • Doctors and hospitals

  • Payers

  • Clearinghouses

  • Governments

  • Universities

  • Schools

  • Biotech (Pharmaceuticals – Life Sciences)

  • Your local drug store

  • Red Cross

  • Any entity that deals with body parts/fluids

  • Any entity that touches patient information

It s not just an it issue

It's not just an IT issue

  • Governing Body

  • Administration

  • Finance

  • Health Information Management

  • Patient Accounts

  • Physician Services

  • Admission

  • IT

  • Others

What are the milestones

What are the milestones?

  • Compliance plans

    • 10/15/2002

  • Security and privacy

    • 4/13/2003

  • Transactions and code sets

    • 10/16/2003

Educational Requirements

Transactions, Code Sets, Identifiers

Policies and Procedures


Compliance Planning

Gap Analysis

And the likelihood of these dates changing

And the likelihood of these dates changing?

  • Extremely slim

    • Transaction dates changed in response to September 11th tragedy



  • Per transaction

    • $100 per violation

    • Not to exceed $25,000 for violations of the same requirement in a calendar year

    • Violations can add up quickly!

  • Security and privacy

    • "Knowing disclosure"

      • $50,000 to $25,000 in fines

      • 1-10 years in prison

    • Failure to establish security/privacy program may be construed as wrongful or knowing disclosure!

What can you do now

What can you do now?

  • Put in place the right structures

    • HIPAA steering committee

    • HIPAA Privacy Officer, Privacy and Security Officer, etc.

    • HIPAA assessment, gap analysis and compliance plan

    • HIPAA educational teams, programs, etc.

    • A HIPAA management consultant/strategic partner

    • A HIPAA budget

The compliance plan

The Compliance Plan

What is in the plan

What is in the plan?

  • Analysis on the extent and reason for HIPAA non-compliance

  • Budget, schedule, work plan and implementation strategy for compliance

  • Timeframe for transaction testing to begin by April 4, 2003

  • Documentation on plans to use vendors to assist with compliance

Privacy and security

Privacy and security

Relationship between privacy security

Relationship between Privacy & Security

  • Security

    • The ability to control access and protect information from

      • Accidental or intentional disclosure to unauthorized persons

      • From alteration, destruction or loss

  • Privacy

    • Controlling who is authorized to access information

      • The right of individuals to keep information about themselves from being disclosed

  • Some redundancy – Privacy reiterates the requirement for security safeguards

Purpose of hipaa privacy regulations

Purpose of HIPAA Privacy Regulations

  • Protect and enhance to rights of consumers

    • Provide them access to their health information

    • Control the inappropriate use of that information

  • Improve the quality of healthcare in the US

    • Restore trust in the healthcare system among consumers, healthcare professionals and the multitude of organizations and individuals committed to the delivery of care

  • Improve the efficiency and effectiveness of healthcare delivery

    • Create a national framework for health privacy protection

    • Build on efforts by states, health systems and individual organizations and individuals



  • Who

    • Health Plans

    • Health Care Providers

    • Health Care Clearinghouses

    • Anyone who electronically transmits health information in connection with a standard transaction named in HIPAA

  • What

    • Individually identifiable health information transmitted or maintained in any form or medium (electronic or non-electronic) that is held or transmitted by a covered entity

Permitted uses and disclosures

Permitted Uses and Disclosures

  • To an Individual

    • With Proper Consent

    • Without Consent If:

      • Indirect Relationship

      • Inmate

  • Valid Authorization

    • With Oral Consent for:

      • Facility Directories

      • To Next of Kin

Where it is not applied

Where it is NOT applied

  • Required by Law

  • Public Health Activities

  • Victims of Abuse

  • Health Oversight Activities

  • Judicial and Administrative Proceedings

  • Law Enforcement Purposes

  • About Decedents

  • Organ Donation Purposes

  • Research (with a list provisions)

  • To Avert Serious Threat of Health Safety

  • Specialized Government Functions

  • Worker’s Compensation

Required disclosures

Required disclosures

  • When an individual requests access to their records (with exceptions)

  • When an individual requests an accounting of disclosures (with exceptions)

  • When requested by the Secretary to investigate compliance

  • Entities are required to limit disclosure to "just what's necessary"

Some key administrative requirements

Some key administrative requirements

  • Must designate Privacy Official

  • Must designate contact person/office for complaints

  • Must document and train policies and procedures, job titles, etc.

  • Document retention requirements

  • Many others

Security standards

Security standards

  • Comprehensive framework of security requirements

  • Scalable requirements to meet small to large business needs at reasonable cost

  • Technology-neutral implementation features

Security overview

Security overview

  • Administrative Procedures, for example:

    • Certification (Internal or External)

    • Chain of Trust Agreement

    • Contingency Plan

    • Formal Mechanism for Processing Records (Documented)

    • Information Access Control and Audits

    • Etc.

  • Physical Safeguards

    • Assigned Security Responsibility

    • Formal, Documented Policies and Education

  • Technical Security Services

    • Access, Audit, and Authorization Control

    • Data and Entity Authentication

  • Technical Security Mechanisms

    • Integrity Controls

    • Message Authentication

    • Access Controls or Encryption

    • Abnormality Alarm

    • Audit Trail

    • Entity Authentication

    • Event Reporting

Transactions and code sets

Transactions and code sets

Covered transactions

Covered Transactions

  • Claims – Professional, Institutional and Dental

    • 837 4010x098

    • 837 4010x096

    • 837 4010x097

  • Coordination of Benefits – in above

  • Remittance Advice – Including EFT

    • 835 4010x091

  • Enrollment

    • 834 4010x095

  • Eligibility

    • 270/271 4010x092

  • Claim Status

    • 276/277 4010x093

  • Premium Payment

    • 820 4010x061

  • Health Care Services Review

    • 278 4010x094



  • Employers

  • Providers

  • Plans

  • Individuals – On Hold

Standardized code sets

Standardized Code Sets

  • Major code sets

  • Impact of Standardized Code Sets

Proposed impacts

Proposed impacts

  • Lower cost of software development and maintenance

  • Assure purchasers that software will work with all payers and plans

  • Lower cost of administrative transactions by eliminating time and expense of handling paper

  • Pave way for cost-effective, uniform, fair and confidential health information practices

  • Pave the way for standards which can do the same for electronic medical records systems

  • Pave the way for high quality health care

How compaq can help

How Compaq can help

  • Health and human services team

    • Team members 20+ years of practical health care and government experience

      • Clinical, management, financial, operational

      • Nationally recognized providers and governmental entities

      • Complex technology, business and financial health care management

      • HIPAA experience since 1998

  • Partners

    • Nationally branded HIPAA experts

    • Health care expertise and technologies

  • Capabilities

    • Technology and program management

    • Customer, managed and consulting/SI services

    • Compaq Financial Services

  • CGS product

    • Hardware and platforms

  • CGS experience in health care

What we bring

What we bring

  • A suite of business and technology services, provided by:

    • Experts in health care, pharmaceuticals and life sciences

    • Providing a “just enough” solution

    • Architected for technical agility

    • Reducing overall costs

    • Unsurpassed architectural and program management skills

  • Providing

    • The single source for health care solutions

      • Consulting and systems integration services

      • Hardware and software

    • Enabling regulatory and governmental compliance


  • The right mix of health care systems and technology partners

  • A vendor who can quickly create and assemble a team

    A vendor who innovates . . .

Hipaa acceleration services

HIPAA acceleration services

Helping remove cost barriers cfs

Helping remove cost barriers – CFS

  • What do you get?

    • Flexible payment structures and fixed rates for the term of the lease

    • Variable end-of-lease options

    • Inclusion of "soft costs" in total cost of lease

  • Customer benefits

    • More technology and services

    • Conserve capital

    • Preserve established credit lines

    • Contacting CFS

      • See your sales representative

Questions and answers

Questions and answers . . .


  • Login