1 / 35

Reviewing the World of HIPAA

Reviewing the World of HIPAA. Stephanie Anderson, CPC October 2006. Discussion Points. Overview of HIPAA Regulations Administrative Simplification EDI Components Standard Transactions Standard Code Sets Unique Identifiers Privacy Rule Review Security Rule Overview.

kathie
Download Presentation

Reviewing the World of HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006

  2. Discussion Points • Overview of HIPAA Regulations • Administrative Simplification • EDI Components • Standard Transactions • Standard Code Sets • Unique Identifiers • Privacy Rule Review • Security Rule Overview Community Care Network of Virginia, Inc

  3. HIPAA-What’s in a Name? • Health Insurance Portability and Accountability Act • Implemented in 1996 • Includes Titles I - V • Portability -Title I • Accountability - Title II • Administrative Simplification Community Care Network of Virginia, Inc

  4. HIPAA Administrative Simplification Provisions

  5. Who Oversees HIPAA Administrative Simplification? Department of Health & Human Services • The Centers for Medicare and Medicaid Services (CMS) Oversees: • Transactions & Code Sets • Standard Unique Identifiers • Security Rule • NPI • The Office for Civil Rights (OCR) Oversees: • Privacy Rule Community Care Network of Virginia, Inc

  6. Administrative Simplification Provisions Time Table * Small Health Plans have 1 year longer

  7. Why are HIPAA Electronic Standard Transactions Important? • Standardize claim submission Fewer errors • Standardize payment method Faster processing • Reduces paperwork (from~400 forms to ~4) • Reduces postage costs • Real-time patient eligibility and benefits • Overall ~~ Less Administrative Burden Community Care Network of Virginia, Inc

  8. Current HIPAA Standard Transactions Community Care Network of Virginia, Inc

  9. Unique Identifiers for HIPAA EDI National Employer Identifier Standard • Compliance Date = July 30, 2004 • IRS Employer Identification Number (EIN) • 9-digit number (Tax ID #) for all employers • Number to be used on all claims to identify the Center (54-*******) Community Care Network of Virginia, Inc

  10. Unique Identifiers for HIPAAEDI National Provider Identifier (NPI) • Compliance Date = May 23, 2007 {Small Health Plans = May 23, 2008} • We will discuss details in Part 2…. Community Care Network of Virginia, Inc

  11. Reviewing of the Privacy Rule

  12. On To The Privacy Rule……... • Purpose: • Provides national standards to protect Protected Health Information (PHI) • Gives patients increased control over their health information • Sets limits on the use of and disclosure of health information • Allows for a balance in disclosing PHI in some forms for public health reasons • Establishes penalties for violations of a person’s privacy rights. Community Care Network of Virginia, Inc

  13. Notice of Privacy Practice (NPP) Use & disclosure of PHI T P O Authorization for Release of PHI Minimum Necessary Information Incidental Uses Disclosures Oral Communications Accounting of Disclosures Business Associates Personal Representatives & Minors Marketing & Health-Related Communications Research Government Access to PHI Violations & Penalties Areas Addressed in the Privacy Standards Community Care Network of Virginia, Inc

  14. Review of Patient’s Rights... • Receive a copy of Notice of Privacy Practices (NPP)/Signature of Receipt • Review & request copies of/amendments to their medical records • Need to be informed on how their PHI may be used/disclosed {stated in NPP} • Any release of PHI will be held to the minimum necessary to achieve the task • File grievance concerning privacy issues Community Care Network of Virginia, Inc

  15. What Should We Have in Place ? • Policies & Procedures that address the requirements of the Standards • Forms that support P &P • NPP acknowledgement of receipt • Restrictions on uses & disclosures of PHI • Patient request to review & copy medical record • Denial for access to the request • Amendment of the medical record • Accounting of disclosures log • Patient Authorization for disclosure other than TPO • Patient Grievance Form Community Care Network of Virginia, Inc

  16. How’s Privacy Compliance Going ?DHHS Reports the following: • As of November 30, 2005- • 16,625 privacy rule complaints received by the Office for Civil Rights since the effective date (April 14, 2003) • 69% of the cases have been resolved/closed • Covered entity corrected the problem • Complaint was not a true violation of Privacy Rule • 263 violations referred by the OCR to the Department of Justice for potential prosecution--one case has been successfully prosecuted Community Care Network of Virginia, Inc

  17. How’s Privacy Compliance Going ?DHHS Reports the following: • Top Five Complaints Against Providers 1. Impermissible use/disclosure of PHI 2. Lack of adequate safeguards in place 3. Refusal or failure to provide a patient access to records 4. Disclosure of more than minimally necessary information 5. Failure to obtain valid authorizations for disclosures that required them. Community Care Network of Virginia, Inc

  18. The Penalties………….. • $100/incident • up to ---- $25,000/person/year/ standard violated • $50,000 and/or ONE year I prison for knowingly violating the Rule Community Care Network of Virginia, Inc

  19. The Penalties………….. • False Pretense: • Up to $100,000; 5 years in prison • For Commercial Gain, Advantage, or Harm - • $250,000; 10 years in prison Community Care Network of Virginia, Inc

  20. Suggestions for Compliance • Ensure Policies & Procedures (P & P) cover standards in the Rule and are up-to-date with Center operations • ANNUAL staff training on current Privacy P & P • Continue to make the Center Notice of Privacy Practices (NPP) available to patients and obtain signatures of receipt for medical record. • Ensure Privacy Officer is designated • Ensure Business Associate Agreements (BAA), according to the Rule standards, are in place Community Care Network of Virginia, Inc

  21. Security Rule • Compliance Date = April 21, 2005 • Purpose: • Ensure the integrity, availability, & confidentiality of EPHI {Electronic PHI} • Protect against reasonably anticipated threats of security & improper use or disclosure of EPHI • Ensure compliance by Center staff Community Care Network of Virginia, Inc

  22. What Does the Security Rule Include? • Electronic Protected Health Information {EPHI} ONLY • Privacy Rule covers all PHI in paper, oral, and electronic format. • All stored data and transmitted data in systems • All Covered Entities • Standards to ensure that appropriate access to EPHI is addressed. Community Care Network of Virginia, Inc

  23. Security Rule Concepts • Flexible & Scalable • Works for small to large providers & health plans • Technology Neutral • Allows for future technology advances • Comprehensive • Administrative Safeguards (policies & procedures) • Physical Safeguards (restricting access, providing back-up plans) • Technical Safeguards (authentication,integrity controls, access) Community Care Network of Virginia, Inc

  24. Required Implementation of specification is mandatory Addressable Specification must be used if the risk analysis shows it is needed If a specification is not implemented, documentation must explain why & what else is being done in its place Required vs. Addressable Specifications Community Care Network of Virginia, Inc

  25. Security Standards Flowchart Community Care Network of Virginia, Inc

  26. Implementing Security • Risk Analysis should access security risks & vulnerabilities • Consider Center size, capabilities, & costs of addressing the security areas • Assign a Security Officer • May have a “group” working together ~ responsibility must be assigned to an individual. Community Care Network of Virginia, Inc

  27. Implementing Security • Develop P & P to address the security standards as appropriate and reasonable for Center operations. • TRAIN staff on the P & P and the overall purpose of implementation • Ensure proper language in BAAs to cover security standards. • Evaluate Security P &P at least annually to ensure they are being followed & to update as appropriate Community Care Network of Virginia, Inc

  28. Relationships between Privacy & Security • Privacy is the… • Who • What • When • Security is the… • How Community Care Network of Virginia, Inc

  29. Relationships between Privacy & Security • Privacy covers PHI on paper, orally, & electronic format • Security covers electronic PHI ONLY • Security enables Privacy by providing safeguards for proper access to data • Business Associate Agreements(Privacy) need to detail how the integrity, confidentiality, & availability of the data exchange will take place (Security). Community Care Network of Virginia, Inc

  30. Tying It All Together----- • Patient • Registration • Collecting PHI • Handling PHI • Encounter • Diagnosis - All digits needed • E & M Service - Based on Key Elements • Procedures (Modifiers as appropriate) • Documentation to support ALL CODES used Community Care Network of Virginia, Inc

  31. Tying It All Together----- • Input data into Account • Proper Log-in/Access to System • Accuracy of Information • Submit Claim Electronically • Transmission process • Request for Medical Record Information • Minimum Necessary to complete the request Community Care Network of Virginia, Inc

  32. Tying It All Together----- • Electronic Payment/Denial • Input Data into Account • Proper Access • Accuracy • Maintaining Integrity of Data • Changes to be monitored ON A GOOD DAY---- The Process Works! Community Care Network of Virginia, Inc

  33. Everyone is HAPPY !! Patient is Happy ! Board Members are Happy Billing Staff is Happy Providers are Happy Center Management is Happy

  34. Questions?? Community Care Network of Virginia, Inc

  35. Stephanie Anderson, CPC Community Care Network of Virginia, Inc. 6802 Paragon Place Suite 630 Richmond, VA 23230 (T) (804) 237-7686 x 102 sanders@ccnva.com Thank You for Coming ! ! Community Care Network of Virginia, Inc

More Related