Building a hipaa readiness agenda
1 / 36

Building a HIPAA-Readiness Agenda - PowerPoint PPT Presentation

  • Uploaded on

Building a HIPAA-Readiness Agenda. Bob DeMarco Managing Principal Healthcare Business Solutions Compaq Global Services April 3, 2002. Introductions. Objectives. Learn about the Health Insurance Portability and Accountability Act (HIPAA) Discuss HIPAA components

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Building a HIPAA-Readiness Agenda' - fayola

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Building a hipaa readiness agenda

Building a HIPAA-Readiness Agenda

Bob DeMarco

Managing Principal

Healthcare Business Solutions

Compaq Global Services

April 3, 2002


  • Learn about the Health Insurance Portability and Accountability Act (HIPAA)

  • Discuss HIPAA components

    • Electronic standards, code sets and identifiers

    • Procedures and policies regarding patient privacy

    • Security requirements

  • Discover HIPAA's effect on your environment

    • Budgets and organizational issues

  • Discuss how Compaq can help

Facts and fiction
Facts and fiction

  • Fiction

    • HIPAA laws will never be enforced

    • This is just like Y2K

    • The application vendors have already fixed this

    • A tool will repair any issues

    • An organization can be compliant

  • Facts

    • This is a business AND a technology issue

    • HIPAA is a complex business problem

      • But there are ways to justify the expense and reduce exposure

    • HIPAA is a 2-5 year process

You may have some questions
You may have some questions . . .

  • What is HIPAA anyway?

  • HIPAA is huge – what do I do first?

  • How do I fund HIPAA readiness activities?

  • Does this really affect me?

  • The dates seem to be changing.

    • What are they now?

    • What is due and when?

    • Will the dates change again?

  • How do I meet compliance dates?


  • How do I spell it?


U s hipaa goals
U.S. HIPAA goals

  • U.S. 2000 – health care costs 13.9% of GDP

    • Reduce overall costs

      • Transactions over the Internet

      • Standardize

    • Ensure privacy of patient information








Why hipaa

  • Improve efficiency and effectiveness of health care system

    • Standardize the electronic exchange of administrative and financial data

  • Reduce US healthcare costs

    • 13.9% of GDP; highest in world

  • Protect security and privacy of transmitted information

  • Goals:

    • Cut $73BB out of healthcare costs in U.S. (transactions)

    • Ensure patient privacy (privacy and security)

Whom does hipaa affect
Whom does HIPAA affect?

  • Providers

  • Nursing homes

  • Skilled Nursing Facilities (SNF’s)

  • Doctors and hospitals

  • Payers

  • Clearinghouses

  • Governments

  • Universities

  • Schools

  • Biotech (Pharmaceuticals – Life Sciences)

  • Your local drug store

  • Red Cross

  • Any entity that deals with body parts/fluids

  • Any entity that touches patient information

It s not just an it issue
It's not just an IT issue

  • Governing Body

  • Administration

  • Finance

  • Health Information Management

  • Patient Accounts

  • Physician Services

  • Admission

  • IT

  • Others

What are the milestones
What are the milestones?

  • Compliance plans

    • 10/15/2002

  • Security and privacy

    • 4/13/2003

  • Transactions and code sets

    • 10/16/2003

Educational Requirements

Transactions, Code Sets, Identifiers

Policies and Procedures


Compliance Planning

Gap Analysis

And the likelihood of these dates changing
And the likelihood of these dates changing?

  • Extremely slim

    • Transaction dates changed in response to September 11th tragedy


  • Per transaction

    • $100 per violation

    • Not to exceed $25,000 for violations of the same requirement in a calendar year

    • Violations can add up quickly!

  • Security and privacy

    • "Knowing disclosure"

      • $50,000 to $25,000 in fines

      • 1-10 years in prison

    • Failure to establish security/privacy program may be construed as wrongful or knowing disclosure!

What can you do now
What can you do now?

  • Put in place the right structures

    • HIPAA steering committee

    • HIPAA Privacy Officer, Privacy and Security Officer, etc.

    • HIPAA assessment, gap analysis and compliance plan

    • HIPAA educational teams, programs, etc.

    • A HIPAA management consultant/strategic partner

    • A HIPAA budget

What is in the plan
What is in the plan?

  • Analysis on the extent and reason for HIPAA non-compliance

  • Budget, schedule, work plan and implementation strategy for compliance

  • Timeframe for transaction testing to begin by April 4, 2003

  • Documentation on plans to use vendors to assist with compliance

Relationship between privacy security
Relationship between Privacy & Security

  • Security

    • The ability to control access and protect information from

      • Accidental or intentional disclosure to unauthorized persons

      • From alteration, destruction or loss

  • Privacy

    • Controlling who is authorized to access information

      • The right of individuals to keep information about themselves from being disclosed

  • Some redundancy – Privacy reiterates the requirement for security safeguards

Purpose of hipaa privacy regulations
Purpose of HIPAA Privacy Regulations

  • Protect and enhance to rights of consumers

    • Provide them access to their health information

    • Control the inappropriate use of that information

  • Improve the quality of healthcare in the US

    • Restore trust in the healthcare system among consumers, healthcare professionals and the multitude of organizations and individuals committed to the delivery of care

  • Improve the efficiency and effectiveness of healthcare delivery

    • Create a national framework for health privacy protection

    • Build on efforts by states, health systems and individual organizations and individuals


  • Who

    • Health Plans

    • Health Care Providers

    • Health Care Clearinghouses

    • Anyone who electronically transmits health information in connection with a standard transaction named in HIPAA

  • What

    • Individually identifiable health information transmitted or maintained in any form or medium (electronic or non-electronic) that is held or transmitted by a covered entity

Permitted uses and disclosures
Permitted Uses and Disclosures

  • To an Individual

    • With Proper Consent

    • Without Consent If:

      • Indirect Relationship

      • Inmate

  • Valid Authorization

    • With Oral Consent for:

      • Facility Directories

      • To Next of Kin

Where it is not applied
Where it is NOT applied

  • Required by Law

  • Public Health Activities

  • Victims of Abuse

  • Health Oversight Activities

  • Judicial and Administrative Proceedings

  • Law Enforcement Purposes

  • About Decedents

  • Organ Donation Purposes

  • Research (with a list provisions)

  • To Avert Serious Threat of Health Safety

  • Specialized Government Functions

  • Worker’s Compensation

Required disclosures
Required disclosures

  • When an individual requests access to their records (with exceptions)

  • When an individual requests an accounting of disclosures (with exceptions)

  • When requested by the Secretary to investigate compliance

  • Entities are required to limit disclosure to "just what's necessary"

Some key administrative requirements
Some key administrative requirements

  • Must designate Privacy Official

  • Must designate contact person/office for complaints

  • Must document and train policies and procedures, job titles, etc.

  • Document retention requirements

  • Many others

Security standards
Security standards

  • Comprehensive framework of security requirements

  • Scalable requirements to meet small to large business needs at reasonable cost

  • Technology-neutral implementation features

Security overview
Security overview

  • Administrative Procedures, for example:

    • Certification (Internal or External)

    • Chain of Trust Agreement

    • Contingency Plan

    • Formal Mechanism for Processing Records (Documented)

    • Information Access Control and Audits

    • Etc.

  • Physical Safeguards

    • Assigned Security Responsibility

    • Formal, Documented Policies and Education

  • Technical Security Services

    • Access, Audit, and Authorization Control

    • Data and Entity Authentication

  • Technical Security Mechanisms

    • Integrity Controls

    • Message Authentication

    • Access Controls or Encryption

    • Abnormality Alarm

    • Audit Trail

    • Entity Authentication

    • Event Reporting

Covered transactions
Covered Transactions

  • Claims – Professional, Institutional and Dental

    • 837 4010x098

    • 837 4010x096

    • 837 4010x097

  • Coordination of Benefits – in above

  • Remittance Advice – Including EFT

    • 835 4010x091

  • Enrollment

    • 834 4010x095

  • Eligibility

    • 270/271 4010x092

  • Claim Status

    • 276/277 4010x093

  • Premium Payment

    • 820 4010x061

  • Health Care Services Review

    • 278 4010x094


  • Employers

  • Providers

  • Plans

  • Individuals – On Hold

Standardized code sets
Standardized Code Sets

  • Major code sets

  • Impact of Standardized Code Sets

Proposed impacts
Proposed impacts

  • Lower cost of software development and maintenance

  • Assure purchasers that software will work with all payers and plans

  • Lower cost of administrative transactions by eliminating time and expense of handling paper

  • Pave way for cost-effective, uniform, fair and confidential health information practices

  • Pave the way for standards which can do the same for electronic medical records systems

  • Pave the way for high quality health care

How compaq can help
How Compaq can help

  • Health and human services team

    • Team members 20+ years of practical health care and government experience

      • Clinical, management, financial, operational

      • Nationally recognized providers and governmental entities

      • Complex technology, business and financial health care management

      • HIPAA experience since 1998

  • Partners

    • Nationally branded HIPAA experts

    • Health care expertise and technologies

  • Capabilities

    • Technology and program management

    • Customer, managed and consulting/SI services

    • Compaq Financial Services

  • CGS product

    • Hardware and platforms

  • CGS experience in health care

What we bring
What we bring

  • A suite of business and technology services, provided by:

    • Experts in health care, pharmaceuticals and life sciences

    • Providing a “just enough” solution

    • Architected for technical agility

    • Reducing overall costs

    • Unsurpassed architectural and program management skills

  • Providing

    • The single source for health care solutions

      • Consulting and systems integration services

      • Hardware and software

    • Enabling regulatory and governmental compliance


  • The right mix of health care systems and technology partners

  • A vendor who can quickly create and assemble a team

    A vendor who innovates . . .

Helping remove cost barriers cfs
Helping remove cost barriers – CFS

  • What do you get?

    • Flexible payment structures and fixed rates for the term of the lease

    • Variable end-of-lease options

    • Inclusion of "soft costs" in total cost of lease

  • Customer benefits

    • More technology and services

    • Conserve capital

    • Preserve established credit lines

    • Contacting CFS

      • See your sales representative