HIPAA
Download
1 / 40

Page 1 NC DHHS HIPAA OFFICE - PowerPoint PPT Presentation


  • 178 Views
  • Uploaded on

HIPAA Health Insurance Portability and Accountability Act. Presented to the NC Association on Aging Conference April 29, 2003 Sarah Brooks, MPA, RHIA, CPM Manager, NC DHHS HIPAA Office. AGENDA. What is HIPAA Who Must Comply with HIPAA Overview of Regulations Resources. What is HIPAA?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Page 1 NC DHHS HIPAA OFFICE' - khanh


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

HIPAAHealth Insurance Portability and Accountability Act

Presented to the

NC Association on Aging Conference

April 29, 2003

Sarah Brooks, MPA, RHIA, CPM

Manager, NC DHHS HIPAA Office

Page 1NC DHHS HIPAA OFFICE


Agenda
AGENDA

  • What is HIPAA

  • Who Must Comply with HIPAA

  • Overview of Regulations

  • Resources

Slide 2NC DHHS HIPAA OFFICE


What is HIPAA?

Page 3NC DHHS HIPAA OFFICE


Purpose of hipaa
Purpose of HIPAA

Health Insurance Portability & Accountability Act of 1996 [Public Law 104-191]

  • Improve portability and continuity of health insurance coverage in the group and individual markets;

  • To combat waste, fraud, and abuse in health insurance and health care delivery;

  • To promote the use of medical savings accounts;

  • To improve access to long-term care services and coverage; and

  • To simplify the administration of health insurance

    • HHS was charged with promulgating rules

Slide 4NC DHHS HIPAA OFFICE


How the law is structured
How the Law is Structured

  • HIPAA is divided into five titles - each addresses a unique aspect of health insurance reform.

  • Title II is also known as Administrative Simplification

  • If Congress did not adopt legislation to enact Administrative Simplification, HHS was charged with promulgating rules

  • HHS was limited to enacting rules based on statutory language

Slide 5NC DHHS HIPAA OFFICE


Administrative simplification
ADMINISTRATIVE SIMPLIFICATION

  • Establishes National Standards for

    • Electronic Transactions and Code Sets

    • Identifiers (Providers, Payers, Employers, Individuals)

    • Privacy

    • Security & Electronic Signature

    • Compliance

  • Provides Patients With Certain Rights

  • Cuts Administrative Costs

  • Preempts State Laws, Unless More Stringent

  • Potential Civil Monetary & Criminal Penalties

  • Potential Impacts on Business Continuity

Slide 6NC DHHS HIPAA OFFICE


Hipaa vs y2k
HIPAA vs. Y2K

  • Y2K impacted all information systems; HIPAA impacts health information systems that contain identifying patient data

  • Y2K did not require major business process changes; HIPAA will have major impacts on business practices in the healthcare industry

  • Once Y2K issues were resolved, consumers were not impacted; HIPAA will impact healthcare consumers

  • During Y2K, healthcare providers and payers relied on vendors, contractors or internal IS staff to resolve the Y2K issues; with HIPAA, the entire organization will be impacted by changes resulting from HIPAA implementation

Slide 7NC DHHS HIPAA OFFICE


Wishful thinking about hipaa
Wishful thinking about HIPAA

  • Congress will repeal HIPAA

  • There will be additional delays

  • There will be no HIPAA enforcement for many, many years

  • My vendor will take care of HIPAA

  • HIPAA is an IT project

Slide 8NC DHHS HIPAA OFFICE


Hipaa reality
HIPAA Reality

  • Not a “one shot deal”

  • Not solely a technology or systems fix

  • Affects the culture of handling health information

  • Not an easy “return to normal operations”

  • Major impacts on policy and training

  • Affects business relationships

Slide 9NC DHHS HIPAA OFFICE


Who Must Comply With HIPAA?

Page 10NC DHHS HIPAA OFFICE


Terms you should know
Terms You Should Know

  • To understand HIPAA, there are some important terms you must know

  • They are:

    • Covered Entity

    • Business Associate

    • Hybrid Entity

Slide 11NC DHHS HIPAA OFFICE


Who is impacted covered entities
Who is Impacted?Covered Entities

  • Health Plan(provides or pays the cost of medical care - e.g., Medicaid, HMOs, BC/BS, Medicare, Champus)

  • Health Care Clearinghouse(routes electronic data between payers & providers - e.g., billing services)

  • Health Care Provider who transmits any health information in an electronic transaction(e.g., Hospitals, Physicians, Public Health Departments, Group Homes, Home Health, Pharmacies, Laboratories)

Slide 12NC DHHS HIPAA OFFICE


Who is impacted business associates
Who is Impacted?Business Associates

  • Definition: Person who performsa function or activity on behalf of a covered entity, involving the use and/or disclosure of PHI.

  • Excludes person who is part of the Covered Entity’s workforce(e.g., Employees, Physicians with Staff Privileges)

  • Must protect PHI and help Covered Entity comply with its obligations under the Privacy Rule

  • DO NOT have to comply with HIPAA Privacy Rules

  • Must abide by Business Associate Agreement with covered entity

Slide 13NC DHHS HIPAA OFFICE


Who is impacted hybrid entities
Who is Impacted?Hybrid Entities

  • Defined as, “a single legal entity that is a covered entity and whose covered functions are not its primary functions.”

  • Most covered government agencies will be hybrid entities

  • Need to identify those health care components within the Hybrid Entity that perform covered functions and other components that would normally be a Business Associate

Slide 14NC DHHS HIPAA OFFICE


Statewide impact
Statewide Impact

  • Covered Entities

    • State Health Plan (includes HealthChoice for Children)

    • UNC Health Care

  • Business Associates

    • Department of Justice

    • Office of the State Auditor

    • Office of the Controller

  • Hybrid Entities

    • Dept of Administration

    • Dept of Correction

    • Dept of Health and Human Services

    • Office of Information Technology Services*

  • East Carolina University

  • University of NC at Chapel Hill

  • University of NC at Greensboro

Slide 15NC DHHS HIPAA OFFICE


Dhhs impact

Medicaid

Public health

State Lab

State Center for Health Statistics

Local health services

Children’s special health services

Developmental education clinics (13)

Education

School for the blind (1)

Schools for the deaf (2)

Mental health, substance abuse

State psychiatric hospitals, substance abuse, nursing (7)

Mental retardation centers (5)

Adolescent treatment (2)

Other divisions

Controller’s Office

Information Resource Mgmt

Public Affairs

Internal Auditor

Research, Demonstrations, and Rural Health Development

DHHS Impact

Slide 16NC DHHS HIPAA OFFICE


Division of aging impacts
Division of Aging Impacts

  • Not a Health Care Provider - AAA’s may be providers but not the Division of Aging

  • Not a Health Plan - regulations exclude government funded programs whose primary purpose is not provision of health care

  • ARMS Implications - since Aging is not a Health Plan or Health Care Provider, ARMS does not have any HIPAA impacts

Slide 17NC DHHS HIPAA OFFICE


Impact of not complying
Impact of Not Complying

  • Possible litigation

  • Potential withholding of federal Medicaid and Medicare funds

    • Federal Medicaid Share in NC in @ 4.5 billion

    • In DHHS, more than $300 million in revenues at risk

  • Penalties

    • Civil Monetary for violations of each standard

    • Wrongful disclosure of protected health information

Slide 18NC DHHS HIPAA OFFICE


Overview of Regulations

Page 19NC DHHS HIPAA OFFICE


Final regulation transactions code sets
Final RegulationTRANSACTIONS & CODE SETS

  • Electronic Health Transactions Standards (45 CFR Parts 160 & 162)

  • Compliance originally required 10/16/02

  • With a plan filed, compliance extended to 10/16/03

  • Revisions could be made on annual basis with 180 days to comply

Slide 20NC DHHS HIPAA OFFICE


What do standard transactions cover
What Do Standard Transactions Cover?

  • The exchange of data between two parties to carry out financial or administrative activities related to health care. It includes the following types of information exchanges:

  • Health Care claims or equivalent encounter information.

  • Health Care payment and remittance advice.

  • Coordination of benefits.

  • Health Care claim status.

  • Enrollment and disenrollment in a health plan.

  • Eligibility for a health plan.

  • Health plan premium payments.

  • Referral certification and authorization.

  • First report of injury.

  • Health claims attachments.

  • Other transactions that the Secretary may prescribe by regulation.

Slide 21NC DHHS HIPAA OFFICE


What do code set regulations cover
What Do Code Set Regulations Cover?

  • Establishes standard code sets used to identify diagnoses, procedures, etc. Standard Code Sets are:

    • International Classification of Diseases, Ninth Edition, Clinical Modification (ICD-9-CM )

    • Health Care Procedural Coding System (HCPCS)

    • Current Procedural Terminology, Fourth Edition (CPT-4)

    • Current Dental Terminology (CDT)

    • National Drug Codes (NDC)

Slide 22NC DHHS HIPAA OFFICE


Final regulation privacy
Final RegulationPRIVACY

  • Privacy Standards (45 CFR Parts 160 & 164)

  • Final Regulations published 12/28/00

  • Modifications published 4/14/01

  • Significant legal interpretation required

  • Ongoing compliance monitoring

  • Compliance 4/14/03

Slide 23NC DHHS HIPAA OFFICE


Scope of privacy regulations
Scope of Privacy Regulations

  • Includes all medical records and other health information maintained by a health care provider, clearinghouse or a health plan.

  • Covers information in any format

    • Paper

    • Electronic

    • Oral

  • Affects use and disclosure of all client health information

Slide 24NC DHHS HIPAA OFFICE


What do the privacy regulations cover
What Do The Privacy Regulations Cover?

  • Establishes federal ‘floor’ for Privacy-Preempts state law unless state laws are more stringent

  • Permits use or disclose of Individually Identifying Health Information (IIHI) for treatment, payment, health care operations (without client consent)

  • Limits the amount of information to be used or disclosed to what is minimally necessary

  • Identifies use and disclosure for which an authorization is or is not required

  • Establishes requirements for de-identification of health information or limited data sets

Slide 25NC DHHS HIPAA OFFICE


What do the privacy regulations cover1
What Do The Privacy Regulations Cover?

  • Establishes client rights

    • Right to request access to their health information with limitations on denial of such request

    • Right to request amendment to health information

    • Right to receive an accounting of disclosures

    • Right to receive a Notice of Privacy Practices

  • Requires appropriate administrative, technical and physical safeguards to protect health information

  • Establishes a protocol for using protected health information for marketing and fundraising

  • Requires designation of a privacy official and a contact person for complaints

Slide 26NC DHHS HIPAA OFFICE


What do the privacy regulations cover2
What Do The Privacy Regulations Cover?

  • Requires identification of workforce members needing access to health information limiting access to the minimum necessary

  • Requires training of all staff members

  • Establishes content or documentation requirements for policies, procedures, notices, authorizations, amendments, accounting of disclosures, complaints and compliance

  • Addresses penalties for unauthorized disclosures

Slide 27NC DHHS HIPAA OFFICE


Final regulation security
Final RegulationSECURITY

  • Security Standards (45 CFR Parts 160, 162 & 164)

  • Final Regulations published 2/20/03

  • Compliance 4/21/05

  • Written to conform to Privacy Regulations

Slide 28NC DHHS HIPAA OFFICE


Scope and purpose of security regs
Scope and Purpose of Security Regs

  • Scope: Electronic Protected Health Information (in motion and at rest)

  • Purpose:

    • Ensure integrity, confidentiality and availability of electronic protected health information

    • Protect against reasonably anticipated threats of hazards, and improper use or disclosure

Slide 29NC DHHS HIPAA OFFICE


What do security regulations cover
What Do Security Regulations Cover?

  • Standards to Guard Data Integrity, Confidentiality, and Availability

    • Administrative Safeguards (Policies/Procedures)

    • Physical Safeguards

    • Technical Safeguards

  • Flexible, Scalable

  • Technology Neutral

  • Consistency with Privacy Regulations (Requires Business Associate Agreements)

Slide 30NC DHHS HIPAA OFFICE


Security vs privacy
Security vs. Privacy

  • Privacy and Security go hand-in-hand

  • Privacy - What

    • Defines who is authorized to access information (the right of individuals to keep information about themselves from being disclosed)

  • Security - How

    • Ability to control access to and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction, or loss

Slide 31NC DHHS HIPAA OFFICE


Final regulation national employer identifier
Final RegulationNational Employer Identifier

  • National Standard Employer Identifier (45 CFR Part 160 and 162)

  • Final Regulations published 5/31/02

  • Compliance 7/30/04

  • Utilizes Employer Tax ID

  • Required in any standard transactions that transmit employer-related information

Slide 32NC DHHS HIPAA OFFICE


Hipaa proposed rules published
HIPAAProposed Rules Published

  • Electronic Signature Standards (45 CFR Part 142)

    • Draft published August 12, 1998 with Security rules draft

    • Not included in final Security rule - will be sent out as separate regulation

  • National Standard Health Care Provider Identifier (45 CFR Part 142)

    • Draft published May 7, 1998

Slide 33NC DHHS HIPAA OFFICE


Hipaa proposed rules not published
HIPAAProposed Rules Not Published

  • National Health Plan Identifier (Payer ID)

  • Claims Attachments

  • Enforcement

  • First Report of Injury

  • National Individual Identifier

  • NOTE: Once published, 26 months to comply

Slide 34NC DHHS HIPAA OFFICE


HIPAA Resources

Page 35NC DHHS HIPAA OFFICE


Dhhs hipaa website http dirm state nc us hipaa
DHHS HIPAA Websitehttp://dirm.state.nc.us/hipaa/

Slide 36NC DHHS HIPAA OFFICE


Nchica
NCHICA

  • NC Healthcare Information and Communications Alliance, Inc.

  • Membership is from public and private sectors

  • HIPAA Workgroups in areas of Privacy and Confidentiality; Security; Training; Transactions/Code Sets

Slide 37NC DHHS HIPAA OFFICE


Nchica deliverables
NCHICA Deliverables

  • www.nchica.org

    • Privacy and Security Training Modules

    • HIPAA EarlyView™ Security

    • HIPAA EarlyView™ Privacy

    • Security Policy and Procedures Matrix

    • Privacy Models (Notice of Privacy Practices, Authorization, Business Associate Agreement, Data Use Agreement)

    • Minimum Necessary Decision Tree

    • Review of NC Statutes

    • Guidance for Identifying Designated Record Sets

    • HIPAA Privacy Checklists

Slide 38NC DHHS HIPAA OFFICE


Resources
Resources

  • US HHS / HIPAAaspe.hhs.gov/adminsimp

  • Office of Civil Rights http://www.hhs.gov/ocr/hipaa/

  • AHIMA www.ahima.org

  • Institute of Govt http://www.medicalprivacy.unc.edu/

  • HIPAA Privacy Joint Info Ctr http://www.bricker.com/hipaa/

  • Mass Health Data Consortium http://www.mahealthdata.org/

  • Administration on Aging http://www.aoa.dhhs.gov/

Slide 39NC DHHS HIPAA OFFICE


Questions
Questions

???????

Slide 40NC DHHS HIPAA OFFICE


ad