Health Insurance Portability and Accountability Act:

An Executive Brief
The HIPAA Academy

Objective
The Problem HIPAA Legislation HIPAA Impact: Who? What? HIPAA and EDI HIPAA Privacy Requirement HIPAA Security Requirement Getting Started HIPAA Training: Next Step
Page 2

The Challenge

20 cents of every healthcare dollar spent on administrative overhead! 150 formats to conduct healthcare transactions for claims and payments Using EDI could save the healthcare industry $26B annually
Page 3

HIPAA Legislation

Page 4

Who Does HIPAA Impact?

Health plans Clearinghouses

Healthcare providers
Employers

Business Associates

Page 5

HIPAA Penalties

Violation of patient confidentiality standards include monetary fines and possible imprisonment Civil: Up to $25,000 per person per violation of a single standard per calendar year Criminal: Up to $250,000 and 10 years in prison
Page 6

HIPAA AS Timetable
RULE Electronic Transaction & Code Sets Privacy of Individually identifiable Health Information Provider Identifier Employer Identifier Security & Electronic Signature Identifier for Health Plan Standard Health Claim Attachments
Page 7

NPRM FINAL RULE COMPLIANCE PUBLISHED PUBLISHED REQUIRED 5/7/1998 11/3/1999 5/7/1998 6/16/1998 8/12/1998 5/31/2002 7/31/2004 8/16/2000 2/26/2001 10/16/02 OR 10/16/03? 4/14/2003

What Will HIPAA Impact?

Transactions and Code Sets Identifiers Privacy Security

Page 8

HIPAA Transaction and Code Sets Requirements

Facilitates standardized information exchange between providers and payers ANSI ASC X12 is the standard for representation of:
Healthcare claims Eligibility inquiries Enrollments

Page 9

HIPAA Privacy Requirements

Privacy - defined as having policies and procedures in place to control who has access to protected health information Health plans/providers must inform patients of business practices re: use Any patient identifiable information is now Protected Health Information (PHI) Patients entitled to disclosure history
Page 10

HIPAA Security Requirements

Security - defined as having security

controls and procedures to ensure the protection of information assets and control access to shared resources
Security and Electronic Signature

Standards Rule covers HIPAA security

HIPAA Security Rule enables organizations

to safeguard all medical information and transactions

Page 11

HIPAA Security Requirements

Implementation Features Under Each Requirement Administrative
Certification Chain of Trust Agreements Contingency Plan Formal Policies Info Access Control Internal Audit Personnel Security Security Configuration Security Incident Procedures Security Mgmt. Process Termination Procedures Training

Physical Safeguards
Assigned Security Responsibility Media Controls Physical Access Controls Policy - Workstation Use Secure Workstation Location Security Awareness Training

Technical Security Mechanisms

Communications/Network Protocols & Controls Integrity Controls Message Authentication

Technical Security Services

Access Controls Audit Controls Authorization Controls Data Authentication Entity Authentication & Biometrics

Electronic Signature
Digital Signature

Page 12

HIPAA Privacy: 10 Key Steps

1.

2.
3. 4. 5. 6. 7. 8. 9. 10.

Assign privacy responsibility Identify and assess organization PHI Assess privacy policies Analyze gaps in current policies Adjust organizational processes Identify Business Associates Negotiate Business Associate Contracts Develop Notice, Consent (optional) and Authorization documents Develop privacy training program Document privacy policies
Page 13

HIPAA Security: 10 Key Steps

1. 2. 3. 4.

5.
6. 7. 8. 9. 10.

Assign security responsibility Drive security awareness Establish security baseline Gap analysis (HIPAA Current) Risk assessment of health info. Identify resources required Revise security policy and processes Roll-out security implementations Establish administrative support Establish audit mechanisms
Page 14

Your Enterprise HIPAA

Legislation

Business Driver Biz to E-Business

Compliance and Opportunity
Page 15

Transformation

Technology Application

HIPAA Training: Next Step

H IPAA
H IPA A Pr o j ec t Tea m

SKILL S C ERTIF ICATION

H ea l t h C a r e M a n a g emen t L eg a l Pr o f essio n a l s In sur a n c e Pr o f essio n a l s

IT Pr o f essio n a l s

w w w . H I P A A a c a d e my . N e t
877.899.9974 x20&22
The HIPAA Academy is a Proud Supporter of the

Page 16

HIPAA: A Rare Opportunity

HIPAA starts with PHI, ends with e-business. Start with HIPAA projects and ensure all employees are trained to respect PHI.

uday o. ali pabrai

pabrai@HIPAAacademy.Net

Page 17