hipaa administrative simplification and nebraska snip strategic national implementation process l.
Skip this Video
Loading SlideShow in 5 Seconds..
HIPAA Administrative Simplification and Nebraska SNIP (Strategic National Implementation Process) PowerPoint Presentation
Download Presentation
HIPAA Administrative Simplification and Nebraska SNIP (Strategic National Implementation Process)

Loading in 2 Seconds...

play fullscreen
1 / 65

HIPAA Administrative Simplification and Nebraska SNIP (Strategic National Implementation Process) - PowerPoint PPT Presentation

  • Uploaded on

HIPAA Administrative Simplification and Nebraska SNIP (Strategic National Implementation Process). HIPAA. Law & Intent Who is affected Standards Current issues to track Implementation Process (SNIP) Additional resources. HIPAA Administrative Simplification Law.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'HIPAA Administrative Simplification and Nebraska SNIP (Strategic National Implementation Process)' - jetta

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hipaa administrative simplification and nebraska snip strategic national implementation process

HIPAA Administrative Simplification andNebraska SNIP (Strategic National Implementation Process)

  • Law & Intent
  • Who is affected
  • Standards
  • Current issues to track
  • Implementation Process (SNIP)
  • Additional resources
hipaa administrative simplification law
HIPAA Administrative Simplification Law
  • Health Insurance Portability and Accountability Act of 1996 – HIPAA
    • H.R. 3103 – Kasselbaum/Kennedy Bill
  • Title II – Subtitle F – Administrative Simplification
  • Signed into Law August 21, 1996
    • Public Law 104-191
    • Part C of Title XI of Social Security Act
intent of hipaa
Reduce the costs and administrative burdens of healthcare with standardized, electronic transmission of many administrative and financial transactions.

Protect the security and confidentiality of electronic health information.

Enable individual to control own health information.

Intent of HIPAA
who is affected by hipaa
Who is affected by HIPAA?
  • Providers
  • Health Plans
    • Employers acting as Self Insured Groups
  • Payers
  • Third Party Administrators
  • Clearinghouses
  • All trading partners of above
hipaa standards
HIPAA Standards
  • Transactions & Code Sets
  • Privacy
  • Security
  • Identifiers
transactions and code sets standards
Transactions and Code Sets Standards
  • Final Rule Published in August 17, 2000 Federal Register
  • Compliance is required by October 16, 2002 (October 16, 2003 by small health plans)
  • NDC code retraction
    • On May 29, 2001, Tommy Thompson retracted the standard of using NDCs on institutional and professional claims.
transaction standards
Data Element

Required vs. Conditional




Transaction Sets

X12 Version 4010

Claim - 837

Payment/Remit - 835

Claim Status - 276/277

Eligibility 270/271

Referral - 278

Enrollment & benefits Maintenance - 834

Premium Payments - 820

Claims Attachments - 275*

First Report of Injury - 148*


* expected later...

Transaction standards
code sets standards
Code sets Standards
  • Service & Diagnosis Codes
    • ICD-9-CM Volumes I, II & III
    • CPT-4
    • HCPCS
    • CDT
    • NDC
  • No Local Codes will be allowed
information between health plans
Information Between Health Plans
  • Coordination of Benefits
  • Claims Processing
is a provider required to send claims electronically
Is a provider required to send claims electronically?
  • No, but if you do, they have to be HIPAA compliant.
  • You can use a clearinghouse to handle the translation of the data from your current form into HIPAA compliant.
privacy standards
Privacy Standards
  • Final Rule Published in December 28, 2000 Federal Register
  • Compliance is required by April 14, 2003 (April 14, 2004 by small health plans)
  • OCR issued guidance on July 6, 2001
  • Additional guidelines are expected

Summary of Privacy regulation:

  • Consumer Control over Health Information
  • Use and Disclosure Boundaries
  • Ensure the Security of Protected Health Information
  • Establish Accountability for Use and Release
  • Balancing Public Responsibility with Privacy Protections
  • Preserving Existing, Strong State Confidentiality Laws
  • Privacy is what happens to information after the appropriate person has it (I only use the data for the agreed purpose)
  • Confidentiality is the control of the information at all times, providing ‘need to know’ access to only those appropriate
  • Security is the enforcement and protection afforded information under both conditions
consumer control over health information
Consumer Control over Health Information
  • Notice of Privacy Practice
  • Patient access to their health records and right to amend
  • Patient consent before information is released
  • Recourse if privacy protections are violated
  • Accounting for release of health information
use and disclosure boundaries
Use and Disclosure Boundaries
  • Ensuring that health information is not used for non-health purposes
  • Providing the minimum amount of information necessary
ensure the security of protected health information
Ensure the Security of Protected Health Information
  • Adopt written privacy procedures
  • Train employees on privacy
  • Designate a privacy officer
balancing public responsibility with privacy protections
Balancing Public Responsibility with Privacy Protections
  • In limited circumstances, the final rule permits, but does not require, covered entities to continue existing disclosures of health information for specific public responsibilities without individual authorization.
preserving existing strong state confidentiality laws
Preserving Existing, Strong State Confidentiality Laws
  • National "floor" of privacy standards that protects all Americans, but in some states individuals enjoy additional protection.
  • Stronger state laws (like those covering mental health, HIV infection, and AIDS information) continue to apply.
security standards
Security Standards
  • Proposed Rule Published in August 12, 1998 Federal Register
  • Final Rule expected this year
  • The security standard is a set of requirements with implementation features that providers, plans, and clearinghouses must include in their operations to assure that electronic health information pertaining to an individual remains secure.
  • The standard does not reference or advocate specific technology.
  • The standard does not address the extent to which a particular entity should implement the specific features.
  • Individual security requirements and which technology to use is a business decision that each organization must make.


  • Best Security is what we can do ourselves
  • 75% of security breaches happen inside.
  • Administrative Procedures
  • Physical Safeguards
  • Technical Data Security
  • Technical Security Mechanisms
administrative procedures
Administrative Procedures
  • Certification
  • Chain of Trust agreement
  • Contingency Plan
  • Formal Mechanism for Processing Records
  • Information Access Control
  • Internal Audit
administrative procedures27
Administrative Procedures
  • Personnel Security
  • Security Configuration Management
  • Security Incident Procedures
  • Security Management Process
  • Termination Procedures
  • Training
physical safeguards
Physical Safeguards
  • Assigned Security Responsibility
  • Media Controls
  • Physical Access Controls
  • Policy/Guideline on Workstation Use
  • Secure Workstation Location
  • Security Awareness Training
technical data security
Technical Data Security
  • Access Control
  • Audit Controls
  • Authorization Controls
  • Data Authentication
  • Entity Authentication
technical security mechanisms
Technical Security Mechanisms
  • Integrity controls
  • Message authentication
  • Access controls or Encryption
  • Entity authentication
  • Event reporting
technical security mechanisms31
Technical Security Mechanisms
  • In addition, if using a network for communications, the following implementation features would be in place:
  • Alarm
  • Audit trail
  • Entity authentication
  • Event reporting
electronic signature
Electronic Signature
  • Digital Signature -
      • Optional, but if used:
        • Nonrepudiation
        • User Authentication
        • Message integrity
unique health identifiers
Unique Health Identifiers
  • Provider
    • Will not replace TIN
    • Will eventually replace the UPIN
  • Employer - Will be TIN
  • Health Plan - may include Sub ID
  • Patient - still under discussion
status of identifiers
Status of Identifiers
  • National Provider Proposed Rule Published in May 7, 1998 Federal Register
  • National Employer Proposed Rule Published in June 16, 1998 Federal Register
  • Final Rules???
status of identifiers35
Status of Identifiers
  • Movement on this portion of HIPAA has not occurred
  • Focus is on implementation of standards for data and on final privacy and security regulations
current issues to track
Current Issues To Track
  • Federal legislation
    • H.R. 1975 and S. 836 are in the House and Senate to delay HIPAA’s administrative simplification provisions.
  • Some members of Congress are considering overturning the privacy rule
  • Case constitutionally challenging HIPAA
    • SC Medical Assoc, Physicians Care Network, LA State Medical Society vs. US Dept of Health and Human Services
    • AAPS vs. US Dept of Health and Human Services
current issues to track37
Current Issues To Track
  • Final rule on health data security
    • Due out this year – HHS must ensure the final security rule is compatible with the final privacy rule – published in late 2000 (and likely to undergo some changes)
  • Additional Guidance on Privacy Standards
  • Additional code changes as implementation progresses
now what


Where do I go from here ???


Compliance with HIPAA Administrative SimplificationNebraska SNIP (Strategic National Implementation Process)

why collaborate
Why collaborate?
  • Implementing HIPAA requires coordination and collaboration among trading partners
  • There is no competitive advantage to be ‘HIPAA Ready’, if your trading partners aren’t ready
  • Collaboration and coordination will limit costly implementation efforts
  • Avoid the ‘re-inventing the wheel all over again’ syndrome
why collaborate41
Why collaborate?
  • Standards are dependant on consistent policies, practices and technology among business partners
  • Actions of a business partner may generate liabilities for one’s own organization
  • Sloppy planning and inefficient implementation will be costly to everyone
key elements for collaborative environment
Key Elements for Collaborative Environment
  • Trust
  • Commitment
  • Clear Vision
  • Joint ownership
  • Joint accountability
  • No dominant player
  • Balanced interests
  • No hidden agendas
  • Neutral meeting ground
  • NE Health and Human Services System
  • Key providers
  • Leading health plans/payers
  • Trade associations & societies
  • Key vendors
clear vision
Clear Vision
  • Use HIPAA as an opportunity to redesign business process
  • Remember patient rights in process
  • Improve efficiency of healthcare through information technology
regional approaches
Regional Approaches
  • Implementation will occur locally
  • Healthcare crosses local political and business boundaries
  • National coordination and guidance will be exceedingly helpful
nebraska snip formation
Nebraska SNIP Formation
  • Blue Cross and Blue Shield of Nebraska
  • Health Data Management
  • Mutual of Omaha
  • NE Assn of Hospitals and Health Systems
  • NE Health and Human Services System
  • NE Medical Association
nebraska snip
Nebraska SNIP

…is a collaborative healthcare industry-wide process resulting in the implementation of standards and furthering the development and implementation of future standards.

nebraska snip49
Nebraska SNIP
  • Promote general healthcare industry readiness to implement HIPAA standards.
  • Identify education and general awareness opportunities for the healthcare industry to utilize.
  • Recommend an implementation time frame for each component of HIPAA for each stakeholder and identify the best migration paths for trading partners.
nebraska snip50
Nebraska SNIP
  • Establish opportunities for collaboration, compile industry input, and document the industry “best practices”.
  • Identify resolution or next steps where there are interpretation issues or ambiguities within HIPAA standards.
  • Serve as a resource for the healthcare industry when resolving issues arising from HIPAA implementation.
nebraska snip approach
Nebraska SNIP Approach
  • Facilitate planning among:
    • Providers
    • Health Plans
    • State Government
    • Vendors
  • Trade associations and professional societies playing a key role.
ne snip steering committee
NE SNIP Steering Committee
  • Goal:

Develop overall strategy for addressing HIPAA compliance in an orderly & effective manner

  • Defined Work Groups:
    • Transactions, Codes and Identifiers
    • Privacy
    • Security
    • Awareness, Education and Training
transactions codes and identifiers work group
Transactions, Codes and Identifiers Work Group
  • Goal:

Develop consensus on sequence and timing for implementation of transactions & codes

  • Activities
    • Issue and publicize Target Date Guidelines
    • Build critical mass of providers, health plans, clearinghouses, vendors and gov’t agencies for transaction testing
privacy work group
Privacy Work Group
  • Goal:

Understand impact of final regulations

  • Activities:
    • Develop working knowledge of Privacy regulations and impact
    • Determine organization’s current level of HIPAA privacy compliance
    • Develop gap analysis, checklists, and guidelines for policies & procedures to implement Privacy Standards
security work group
Security Work Group
  • Goals:

Understand HIPAA requirements for security of data and communications

  • Activities:
    • Investigate secure transaction & interoperability among trading partners
    • Develop self-assessment checklist / tool to determine organization’s current level of HIPAA security compliance - gap analysis
awareness education training work group
Awareness, Education & Training Work Group
  • Goals:
    • Develop programs to share HIPAA information.
    • Collaborate with professional groups and agencies to promote and deliver programs.
  • Activities:
    • Survey to determine awareness and readiness.
    • Leverage current planned activity in NE
    • Develop Nebraska SNIP communication and information sharing
steering committee contacts
Steering Committee Contacts

Brenda Block

Health Data Management Corp.

402-965-8158 bblock@hdmcorp.com

Kevin Conway

NE Assn of Hospitals & Health Systems

402-458-4910, kconway@nahhsnet.org


transactions code sets identifiers contacts
Transactions, Code Sets & Identifiers Contacts

Don Butler

Blue Cross and Blue Shield of Nebraska

402-398-3843, don.butler@bcbsne.com



privacy contacts
Privacy Contacts

Lori Umberger, RN, BSN

Creighton Cardiac Center

402-280-4603, lumberg@cardiac.creighton.edu

Kathleen Zeitz

Methodist Health System

402-354-2174, kzeitz@nmhs.org



security contacts
Security Contacts

Susan Heider

Regional West Medical Center

308-635-3711, heiders@rwmc.net

Sue Huenniger

Mutual of Omaha

402-351-8622, sue.huenniger@mutualofomaha.com



awareness education and training contacts
Awareness, Education and Training Contacts

Brenda L. Block

Health Data Management Corp.

402-965-8158, bblock@hdmcorp.com

Rick Hain

BryanLGH Medical Center

402-481-8521, rick.hain@bryanlgh.org

NESNIPAWARENESS @yahoogroups.com

NESNIPAWARENESS -subscribe@yahoogroups.com

nebraska snip activities
Nebraska SNIP Activities
  • First Meeting March 15, 2001
    • HIPAA background
    • Other regional efforts
    • NE SNIP mission
    • NE SNIP organization
    • Next NE SNIP Meeting
  • Next NE SNIP Meeting

September 18, 2001, Kearney

  • Work Group and sub group meetings
additional hipaa resources
Additional HIPAA Resources
  • Health Insurance Portability and Accountability Act of 1996

Public law 104-191, 104th Congress, August 21, 1996

    • aspe.hhs.gov/admnsimp/pl104191.htm
  • Department of Health and Human Services

Administrative Simplification

    • aspe.hhs.gov/admnsimp/index.htm
  • Centers For Medicare and Medicaid Services (HCFA)
    • www.hcfa.gov/hipaa/hipaahm.htm

HCFA fact sheet on HIPAA’s provisions

    • www.hcfa.gov/facts/f9702as.htm
  • HIPAA Security Accreditation information
    • www.ehnac.org/securityaccreditation/default.html
hipaa resources cont
HIPAA Resources cont...
  • Workgroup for Electronic Data Interchange
    • www.wedi.org/
  • Washington Publishing Company

ANSI, ASC and X12N HIPAA Implementation Guides

    • www.wpc-edi.com/hipaa
  • Data Interchange Standards Association (DISA)
    • www.disa.org/
  • Designated Standard Maintenance Organization (DSMO)
    • www.hipaa-dsmo.org
  • ANSI X12 Committee
    • www.x12.org
hipaa resources cont65
HIPAA Resources cont...
  • HIPAA Comply - security and privacy compliance
    • www.hipaacomply.com
  • Welcome to HIPAA Directory.com
    • www.hipaadirectory.com
  • HHS Office of Civil Rights
    • www.hhs.gov/ocr/hipaa/
  • Nebraska SNIP
    • www.nesnip.org