HIPAA Compliance within DHH - PowerPoint PPT Presentation

Sophia
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
HIPAA Compliance within DHH PowerPoint Presentation
Download Presentation
HIPAA Compliance within DHH

play fullscreen
1 / 28
Download Presentation
HIPAA Compliance within DHH
329 Views
Download Presentation

HIPAA Compliance within DHH

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

    1. HIPAA Compliance within DHH HIPAA Awareness Training for Louisiana Office of Public Health Ruth Kennedy, Medicaid Deputy Director Department of Health & Hospitals June 21, 2002

    2. 12/9/2011 La Department of Health & Hospitals 2

    3. 12/9/2011 La Department of Health & Hospitals 3 Dispelling Some HIPAA Myths Myth #1 HIPAA will go away. Myth #2 They wont enforce it; if they intended to, they would have funded it. Myth #3 It doesnt include me. Myth #4 Its just like Y2K. Myth #5 Its just not that important to justify the expense. Myth #6 We still have time.

    4. 12/9/2011 La Department of Health & Hospitals 4 DHHs HIPAA Related Lessons Learned To Date HIPAA supercedes/pre-empts anything contrary to it Standards are being set by the private sector. DHHS, DHH, nor Medicaid has any special clout! A business process issue rather than an MMIS or system issue Far more complex/far greater impact than Y2K Case by case exceptions related to the standard formats and codes have been put to a very high test. It was initially difficult for states to understand that they are health plans and must comply to the same extent as everyone else.Case by case exceptions related to the standard formats and codes have been put to a very high test. It was initially difficult for states to understand that they are health plans and must comply to the same extent as everyone else.

    5. 12/9/2011 La Department of Health & Hospitals 5 A Historical Look at the Conception of HIPAA 1992Clinton Health Plan Focus: Increasing access and decreasing health care costs 1994Republican Congress Focus: Medicare crisis; fighting health care fraud and abuse 1996Kennedy-Kassebaum Act also known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) What is now referred to as HIPAA all started a decade ago, long before we got our first e-mail accounts. In fact, we were just beginning to use fax machines to transmit data. The Health Care World as it existed in 1992 New technology such as smart cards just being developed; increasing demand for more information in less time. Opportunities for using the new technology were inconsistent with reality. Internally, great systems could be developed but major barriers across institutuions. No single entity had the market power to standardize. At the time, 12 states had laws making electronic billing illegal. Standardization was requested by the private sectorthey were the driver Legislation introduced in 1993 was a simple billestablish standards and require of these standards by all. It was originally about increasing access and decreasing costs. Administrative Simplification was seen as a means of achieving that as part of the Clinton Health Plan. The bill evolved into a bitter fight about whether all the data would be stored locallly or centrally, because of the major focus at that time on RESEARCH. The orgiinal sponsors of the bill actually abandoned it. By 1995, the Republicans had taken control of Congress and balancing the federal budget was agenda item A. Administrative Simplification was seen as a major means of fighting fraud and abuse. Flash forward to 1996Senators Kennedy and Kassabaum were crafting bi-partisan health care legislation which addressed insurance portability among other issues, and Administrative Simplification was incorporated into that legislation, known as the Health Insurance Portability & Privacy or HIPAA. HIPAA is somewhat of a misnomer because Administrative Simplification has nothing to do with portability. The key is that Administrative Simplification maintained private support thought two bitter, partisan battles in Congress and the current version is fairly intact from the 1993 original framework. It is a bi-partisan effort which maintains the public-private partnership and creates a national systemWhat is now referred to as HIPAA all started a decade ago, long before we got our first e-mail accounts. In fact, we were just beginning to use fax machines to transmit data. The Health Care World as it existed in 1992 New technology such as smart cards just being developed; increasing demand for more information in less time. Opportunities for using the new technology were inconsistent with reality. Internally, great systems could be developed but major barriers across institutuions. No single entity had the market power to standardize. At the time, 12 states had laws making electronic billing illegal. Standardization was requested by the private sectorthey were the driver Legislation introduced in 1993 was a simple billestablish standards and require of these standards by all. It was originally about increasing access and decreasing costs. Administrative Simplification was seen as a means of achieving that as part of the Clinton Health Plan. The bill evolved into a bitter fight about whether all the data would be stored locallly or centrally, because of the major focus at that time on RESEARCH. The orgiinal sponsors of the bill actually abandoned it. By 1995, the Republicans had taken control of Congress and balancing the federal budget was agenda item A. Administrative Simplification was seen as a major means of fighting fraud and abuse. Flash forward to 1996Senators Kennedy and Kassabaum were crafting bi-partisan health care legislation which addressed insurance portability among other issues, and Administrative Simplification was incorporated into that legislation, known as the Health Insurance Portability & Privacy or HIPAA. HIPAA is somewhat of a misnomer because Administrative Simplification has nothing to do with portability. The key is that Administrative Simplification maintained private support thought two bitter, partisan battles in Congress and the current version is fairly intact from the 1993 original framework. It is a bi-partisan effort which maintains the public-private partnership and creates a national system

    6. 12/9/2011 La Department of Health & Hospitals 6 1996 HIPAA Legislation Passes; Administrative Simplification Tags Along

    7. 12/9/2011 La Department of Health & Hospitals 7 Health Insurance Reform Title I of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects health insurance coverage for workers and their families when they change or lose their jobs. Womens Health Rights Mental Health Parity Hospital Stays for Mothers & Newborns

    8. 12/9/2011 La Department of Health & Hospitals 8 Administrative Simplification Intended to reduce the costs and administrative burdens of health care by making possible the standardized, electronic transmission of many administrative and financial transactions that are currently carried out manually on paper.

    9. 12/9/2011 La Department of Health & Hospitals 9 The Purpose of Administrative Simplification To improve the efficiency and effectiveness of the health care system by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.

    10. 12/9/2011 La Department of Health & Hospitals 10 What are the Causes of the Administrative Burden? Different billing forms for different payers Different codes Different claims attachments NO STANDARDS! Manual, electronic processing

    11. 12/9/2011 La Department of Health & Hospitals 11 How Cost Reduction Will (Eventually) Be Achieved Reduce overall health care costs by reducing administrative costs Reduce human intervention Reduce errors Reduce processing time Reduce Fraud Make EDI viable and preferred to manual processing

    12. 12/9/2011 La Department of Health & Hospitals 12 Administrative Simplification Reality Save money by setting standards and requirements for electronic transmissions. Public responsibility imposed additional purpose: protect security and privacy of individually identifiable health information.

    13. 12/9/2011 La Department of Health & Hospitals 13 Impact of Individual HIPAA Components on DHH Enterprise

    14. 12/9/2011 La Department of Health & Hospitals 14 HIPAA EDI Extension Law Administrative Simplification Compliance Act, aka H.R. 3323. May file a compliance plan with HHS by 10/16/2002 Testing must be planned to start by 4/16/2003 For those who file plans new compliance date for transactions 10/16/2003. No delay for privacy compliance 4/14/2003. All Medicare claims must be in standard electronic form by 10/16/2003 exception for very small providers.

    15. 12/9/2011 La Department of Health & Hospitals 15 HIPAA: The race to compliance is on!

    16. 12/9/2011 La Department of Health & Hospitals 16 Scope: Who is a HIPAA Covered Entity? A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter. Providers get a choice; made by conducting electronic transactions (or getting a business associate to). A health plan. Explicitly including government plans such as Medicaid & Medicare, VA, DoD, CHAMPUS, IHS, etc. All health plans are covered (or $ cannot be saved). Exceptions for some not primarily health plans. e.g., Workers Comp, property & casualty. A health clearinghouse

    17. 12/9/2011 La Department of Health & Hospitals 17 Use of Electronic Billing Transactions in Medicaid Louisiana Medicaid began electronic billing in 1991 More that 85% of Louisiana Medicaid claims are submitted electronically Even before 1991, some very large Louisiana providers were using magnetic tape billing.Even before 1991, some very large Louisiana providers were using magnetic tape billing.

    18. 12/9/2011 La Department of Health & Hospitals 18 Dealing with Ambiguity the Covered Entity Question DHH has certain programs and functions which may not legally be required to comply with EDI Medicaid is a named health planhealth plans are required to comply with Standard Codes and Transactions Programs offices have health care provider functions and also may have programs & functions that meet the HIPAA definition of a functional health plan (any program that pays for medical care or assists in joint administration of a plan) Clearinghouses are the third classification of covered entities named in the law Consideration must also be given to whether a program or function is a business associate of another covered entity and therefore required to comply with HIPAA principles

    19. 12/9/2011 La Department of Health & Hospitals 19 DHH Compliance Strategy: Were All in the Boat Together Legal opinion is that DHH is the covered entityDepartment wide compliance with privacy component is required Voluntary compliance even for those programs and functions not mandated to comply is good business practice

    20. 12/9/2011 La Department of Health & Hospitals 20 Possible DHH Approaches to HIPAA Implementation Option A Its a federal mandate Technically comply and nothing more Option B Evaluate and update business practices Update in a HIPAA compliant manner We are working to meet the real needs of our stakeholders and the statenot just minimally comply.We are working to meet the real needs of our stakeholders and the statenot just minimally comply.

    21. 12/9/2011 La Department of Health & Hospitals 21 HIPAA Opportunities for DHH Contain growth of health care administrative costs Better ability to aggregate and compare data Modernize outdated business practices Faster, more consistent claims payment & processing Why promote Electronic Data Interchange? It was estimated by the Clinton Health Care initiative that 15 22% of health care costs are attributable to administration. Use of standards will facilitate the development of benchmarks and evaluation that is currently not possible when youre not comparing apples to apples We are using the opportunity to update business processes, update provider manuals, and implement improvements in Medicaid administration.Why promote Electronic Data Interchange? It was estimated by the Clinton Health Care initiative that 15 22% of health care costs are attributable to administration. Use of standards will facilitate the development of benchmarks and evaluation that is currently not possible when youre not comparing apples to apples We are using the opportunity to update business processes, update provider manuals, and implement improvements in Medicaid administration.

    22. 12/9/2011 La Department of Health & Hospitals 22 Introducing Business Associates to the Equation Only covered entities are subject to the rules. this limit doesnt make sense because healthcare uses outsourcing extensively and these other entities would not be required by law to safeguard our health information so business associate agreements were invented to obligate outsource agents, vendors, and contractors to safeguard the health information they need to do their jobs.

    23. 12/9/2011 La Department of Health & Hospitals 23 Covered Entities for Purposes of HIPAA Applicability

    24. 12/9/2011 La Department of Health & Hospitals 24 Definition of a Business Associate A person who On behalf of DHH, Performs or assists in performance of healthcare activity involving the use of disclosure of individually identifiable health information DHH employee is not a Business Associate Health care provider who submits claims to DHH or Medicaid for payment is not a Business Associate

    25. 12/9/2011 La Department of Health & Hospitals 25 DHH Must Monitor Contract Compliance We would be found out of compliance with the privacy rule requirement if we knew of a pattern of activity or practice by a business associate that violated our contract, unless we were taking steps to end the violation If business associate cant cure the violation, we must-- Terminate the contract If not feasible to terminate the contract, report the problem to the Secretary of DHHS

    26. 12/9/2011 La Department of Health & Hospitals 26 What DHH Doesnt Have to Do for Business Associates Require them to appoint a privacy official Actively monitor how they safeguard PHI Oversee their other privacy processes or procedures Train their staff in the whys and wherefores of the privacy rule

    27. 12/9/2011 La Department of Health & Hospitals 27 HIPAA Challenges for DHH Rapidly approaching deadline for Standard Transactions & Codes Medicaid local codes must be replaced Cost issues Trending may be lost We are keenly aware that legislation is pending in both the U.S. SenateS 836 sponsored by Senator Larry Craig (R-Idaho) and the HouseH.R. 1975 sponsored by Representative John Shadegg (R-Arizona)which would provide for a more lengthy implementation schedule for HIPAA Administrative Simplification regulations. Our workplan assumes there will be no delay. Local codes are a real issue. We are keenly aware that legislation is pending in both the U.S. SenateS 836 sponsored by Senator Larry Craig (R-Idaho) and the HouseH.R. 1975 sponsored by Representative John Shadegg (R-Arizona)which would provide for a more lengthy implementation schedule for HIPAA Administrative Simplification regulations. Our workplan assumes there will be no delay. Local codes are a real issue.

    28. 12/9/2011 La Department of Health & Hospitals 28 HIPAA &Public Health Data Collection/Reporting Issues Format and definitions of reported information could change data being collected Real and perceived risk of penalties for wrongful disclosure could result in refusals to report Absence of clear and specific legal authority for public health data reporting could jeopardize surveillance programs

    29. 12/9/2011 La Department of Health & Hospitals 29 Potential Indirect Effects of HIPAA on Public Health Public Health may need to provide assurances to their reporters and the public that data sharing for public health purposes is still appropriate Public Health may need improved documentation, policies, and procedures, to demonstrate that data falls within the public health purposes exception

    30. 12/9/2011 La Department of Health & Hospitals 30 Local Codes Issue for Medicaid (and OPH) La Medicaid gap analysis revealed more than 1200 local codes (X and Z codes) Impacts Medicaids ability to customize coverage and reimbursement policy Codes will dictate policy, rather than vice versa(e.g., family planning) DHH cannot electronically process a claim for service if standard code does not exist Over $11M in local code Medicaid billings by OPH X codes and Y codes must be crosswalked or mapped to standard code Medicaid provides services not includes in other health plans, for example the various waiver services, and EPSDT Could require amendments to our Medicaid State PlanX codes and Y codes must be crosswalked or mapped to standard code Medicaid provides services not includes in other health plans, for example the various waiver services, and EPSDT Could require amendments to our Medicaid State Plan

    31. 12/9/2011 La Department of Health & Hospitals 31 November 2003 Worst Imaginable Scenario Great confusion among providersinternal as well as external Providers elect to submit paper claims rather than bill electronically, overwhelming the Medicaid claims system Paper claims Cost more Take longer Intensify provider frustration We clearly recognize and appreciate the value of electronic billing and are working diligently to keep this scenario from becoming a reality.We clearly recognize and appreciate the value of electronic billing and are working diligently to keep this scenario from becoming a reality.

    32. 12/9/2011 La Department of Health & Hospitals 32 Philosophy for Future of Privacy Privacy is the right to be unknown. Ability to remain unknown in big city environments. Real fear of discrimination based on misuse of information. Increasing risk to privacy as more information is collected. Information more sensitive - Genetics only the beginning.

    33. 12/9/2011 La Department of Health & Hospitals 33 HIPAA Privacy is Primarily About Organizational Change Privacy behavior must be habit. Confidentiality has been an important part of the social contract with healthcare providers for over 2000 years. Dispersion of information and responsibility to hundreds of people without such historical values increases risk. Privacy (and security) rules seem onerous because they require us to change and document what we do. Eventually (soon), confidentiality will become ingrained habit, not onerous.

    34. 12/9/2011 La Department of Health & Hospitals 34 HIPPA Privacy Compliance-- DHHs Partial To Do List Design new forms Privacy Policy Disclosure Notice Consent Form Authorization Form Designate Privacy official(s) Revise our written Privacy policy Determine minimum necessary Arrange for initial and ongoing privacy training for our employees Modify systems to track all PHI disclosures for six years as required by the regulation. Modify contracts with business associates

    35. 12/9/2011 La Department of Health & Hospitals 35 HIPAA Enforcement ? Watching and Listening

    36. 12/9/2011 La Department of Health & Hospitals 36 Some Last Words of Wisdom on Privacy Common sense and reasonable behavior can take you a long way We intend to be able to demonstrate we have shown due diligence. We have arranged for an independent validation and verification assessment in early 2002.We intend to be able to demonstrate we have shown due diligence. We have arranged for an independent validation and verification assessment in early 2002.

    37. 12/9/2011 La Department of Health & Hospitals 37 BE REASONABLE!

    38. 12/9/2011 La Department of Health & Hospitals 38 Working Together

    39. 12/9/2011 La Department of Health & Hospitals 39 DHH HIPAA Compliance Project Team

    40. 12/9/2011 La Department of Health & Hospitals 40 DHH HIPAA Implementation Primary Contacts

    41. 12/9/2011 La Department of Health & Hospitals 41 Helpful HIPAA Websites www.hipaagives.org www.wedi.org www.sharpworkgroup.com www.cms.gov www.hipaadvisory.com

    42. 12/9/2011 La Department of Health & Hospitals 42 Dont get left behind