Building Relationships and Tools to Cope with the HIPAA - PowerPoint PPT Presentation

1 / 51

About This Presentation

Title:

Building Relationships and Tools to Cope with the HIPAA

Description:

Building Relationships and Tools to Cope with the HIPAA Administrative Simplification Regulations Presented to Wisconsin HIPAA COW December 7, 2001 – PowerPoint PPT presentation

Number of Views:75

Avg rating:3.0/5.0

Slides: 52

Provided by: hipaacowO7

Learn more at: http://www.hipaacow.org

Category:

more less

Transcript and Presenter's Notes

Title: Building Relationships and Tools to Cope with the HIPAA

1
Building Relationships and Tools to Cope with the
HIPAA Administrative Simplification Regulations

Presented to Wisconsin HIPAA COW
December 7, 2001
W. Holt Anderson, Executive Director
North Carolina Healthcare Information
Communications Alliance, Inc. (NCHICA)

2
The Presentation

WEDI-SNIP
HIPAA GIVES
NCHICA
Compliance Strategies Tools

3
WEDI SNIP

Workgroup on Electronic Data Interchange
Strategic National Implementation Process

4
WEDI SNIP

Workgroup on Electronic Data Interchange
Named in 1996 HIPAA Law
Official advisor to the National Committee on
Vital Health Statistics (NCVHS) DHHS
Strategic National Implementation Process
Formed by WEDI in 2000
Receives Industry Input
Develops strategies, tools (including education)
for HIPAA implementation

5
SNIP Regional Efforts Keys to Achieving HIPAA
Compliance
6
HIPAA Implementation Issues

Health care is a cottage industry with multiple
standards and vendors
Complexity of settings from IDS to private
physician practices
Shortage of resources (s and human)
Competing priorities for resources
Implementation has to occur locally
Potential for many solutions

7
Why collaborate?

Standards are dependant on consistent policies,
practices and technology among business
associates.
Actions of a business associate may generate
liabilities for ones own organization.
Sloppy planning and implementation by even the
smallest entity will be costly to everyone.

8
Initial Steps

Leadership commitments from key players (e.g.,
financial commitments in-kind support such as
human resources, equipment, services, etc.).
Government commitment to examine current state
laws and regulations and work for appropriate
changes.

9
How to Start a Regional Effort

Establish organizing group
Define mission and objectives
Education
Planning and Testing
Implementation Coordination
Identify and Involve all key constituents
Providers
Public and Private Payers
Vendors (clearinghouses, practice management
vendors, consultants, attorneys, etc.)
Employers
Professional groups

10
How to Start a Regional Effort

Organize into working committees
Identify early adopters
Prioritize work
Start with simple, initial deliverables (i.e.
standard checklists for security and privacy)
Coordination, Coordination, Coordination
Think Nationally, Act Locally!

11
Key Elements for Collaborative Environment

Trust
Commitment
Clear Vision
Allies

12
Trust

Joint ownership
Joint accountability
No dominant player
Balanced interests
No hidden agendas
Neutral meeting ground

13
Commitment

Leadership / support from top governmental
officials (Governor Secretary of HHS)
Academic medical centers and key hospitals
Leading health plans / insurers
Professional societies associations
Key vendors (including legal and financial)

14
Clear Vision, e.g.

Use HIPAA as an opportunity to re-engineer
healthcare to make it more responsive and
efficient (e.g. develop consistent policies).
Keep the health of the individual as the core
objective.
Improve delivery and efficiency of healthcare
through information technology and secure
communications.

15
Allies to Consider Include

Association of Health Plans
Hospital Association
Medical Society
Nurses Association
Health Information Management Assn.
Association of Local Health Directors
Association of Pharmacists
Bar Association
Vendors

16
HIPAA GIVES

Government Information Value Exchange for States

17
WHAT IS HIPAA GIVES?

HIPAA Program / Project Managers and Staff from
State Governments including
Alabama, Alaska, Arizona, Arkansas, California,
Colorado, Connecticut, Florida, Georgia, Hawaii,
Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky,
Louisiana, Maine, Maryland, Massachusetts,
Michigan, Minnesota, Missouri, Montana, Nebraska,
New Hampshire, New Jersey, New Mexico, New York,
North Carolina, North Dakota, Ohio, Oklahoma,
Oregon, Pennsylvania, Rhode Island, South Dakota,
Tennessee, Texas, Utah, Vermont, Virginia,
Washington, Wisconsin
Not DE, MS, NV, SC, WV, WY

18
HIPAA GIVES

Goals
Establish an information clearinghouse via a
national web site for exchanging individual state
deliverables for HIPAA-related projects, such as
Position Descriptions
Scope Documents
RFP Samples
Organizational Structures
Budget Frameworks
Assessment Tools
Work Plan Templates
Sample Policies and Procedures
Provide a forum via conference calls for states
to discuss and resolve issues related to HIPAA
implementation

19
HIPAA GIVES
20
HIPAA GIVES
21
HIPAA GIVES
22
NCHICA

North Carolina Healthcare Information
Communications Alliance, Inc.

23
WHAT IS NCHICA ?

501(c)(3) nonprofit research education
195 members including
Providers
Health Plans
Clearinghouses
State Federal Government Agencies
Professional Associations and Societies
Research Pharmaceutical Research Organizations
Vendors
Mission Implement information technology and
secure communications in healthcare

24
NCs Approach to HIPAA

NCHICA is facilitating HIPAA planning among the
following entities
Providers
Health Plans
State Government
Local Government
Vendors
Professional associations and societies are
playing a key role.

25
HIPAA Implementation Planning Task Force

Goal
Develop overall strategy for addressing HIPAA
compliance in an orderly and most efficient
manner possible.
Coordinate Activities of Work Groups
Transactions, Codes Identifiers
Data Security
Network Security Interoperability
Privacy
Awareness, Education Training
Over 300 Participants Involved in Effort

26
HIPAA Implementation Planning Task Force Dave
Kirby (Duke Univ. Health Sys), Harry Reynolds
(BCBS)
Transactions, Codes and Identifiers Stacey Barber
(EDS) Roger McKinney (Carolinas Health
System) Ken Pervine (Bladen County Hosp.)
Awareness, Education and Training Steve Wagner
(NC MGMA) Katherine McGinnis (Eastern AHEC) Clyde
Hewitt (PhoenixHealth)
Privacy Jean Foster (Pitt Co Mem. Hosp.) Judy
Beach (Quintiles)
Security Dave McKelvey (Duke Univ.) Joe
Christopher (Sampson Regional MC) Harold Frohman
(Raytheon) Rosemary Abell (Keane)
Consent Patient Rights Contracts Minimum
Necessary Disclosure Minors Issues Research State
Law
Network Security Interoperability Data Security
27
Security Network Security Interoperability
Work Group

Goal
Understand HIPAA requirements for use of secure
and interoperable communications.
Recent Activities
Develop plan that will be the basis for secure
interoperability among NCHICA members
Debating how to certify vendors

28
Security Data Security Work Group

Goal
Understand HIPAA requirements for
enterprise-level security
Primary Activities
Develop self-assessment / gap analysis tool HIPAA
EarlyViewTM Security
Update privacy tool within 30-days of final rule
publication
Develop matrix of policy requirements

29
Privacy Confidentiality Focus Group

Goal
To assist members in responding to the final
Privacy regulations
Activities
Work products delivered by work groups (detailed
in following slides)

30
Privacy Consent Patient RightsWork Group

Goals
To provide a comprehensive framework and
practical tools for the education and
implementation of the portions of HIPAA dealing
with consents and patients' rights as they affect
covered entities and other persons.
Deliverables
Consent / authorization checklist
Consent / authorization model forms

31
Privacy Contracts Work Group

Goals
Provide model stand-alone Business Associate
Agreement and related language for other clauses.
Enclurage widespread adoption of these model
agreeements.
Deliverables
Model Business Associate Agreement containing
Chain of Trust Provisions.
Model contract language for inclusion in Business
Associate Agreements.

32
Privacy Minimum Necessary Disclosure Work Group

Goal
To develop a decision tree on minimum necessary
provisions.
Deliverables
Minimum necessary decision tree and associated
notes.
Examples of minimum necessary protocols /
procedures.

33
Privacy Research Work Group

Goal
To review and analyze the final privacy
regulation with respect to provisions relating to
research.
Deliverables
A document summarizing requirements for IRBs and
internal privacy boards, including waivers and
new questions not already in the Common Rule.
Flow chart addressing de-identification issues
re research.
Flow chart addressing Safe Harbor
de-identification rules.
A document addressing use of PHI for research
purposes.
A document addressing privacy training for
clinical research professionals.

34
Privacy State Law Work Group

Goal
Identify existing state laws relating to health
care information and analyze them in relation
with the HIPAA privacy regulations (i.e. most
stringent rule).
Deliverables
A document that presents the results of the
research in a matrix format.
Develop preemption analysis.
Encourage donation of state law reviews to HIPAA
GIVES (www.hipaagives.org)

35
Privacy Deliverables Work Group

Goal
Develop a process and a methodology for
disseminating the privacy deliverables.
Deliverables
Organize, package and deliver through appropriate
means the work in a timely manner.
Utilize Web site, software tools, CDs and other
means.

36
Privacy Privacy Tool Work Group

Goal
Collaborate with the Maryland Health Care
Commission to enhance and publish a privacy gap
analysis tool by early fall.
Deliverables
MS Access- based software tool that will allow a
provider organization to achieve a first level
self-assessment of their readiness to comply with
the Privacy Regulation. Tool will be similar in
operation to the HIPAA EarlyView

37
Awareness, Education Training Work Group

Goal
Share HIPAA information in cooperation with
professional societies and associations to staff,
promote and carry out the events.
Activities
Awareness sessions held around the state with
over 2000 participants
HIPAA Awareness survey (7200 NC facilities)
Upcoming
Use NCHICA Web site for HIPAA resources
Develop Case Studies
Consider co-sponsoring or promote/endorse other
groups events
Web-based HIPAA awareness presentations
Potential Public TV presentation/s

38
Compliance StrategiesTools
39
Steps to Enterprise Compliance

Awareness Education
Form HIPAA Team
Self-evaluation / Gap Analysis
Risk Analysis
Compliance Plan, Budget Timeline
Execute Plan
Revaluate Plan and Adjust with New Regulations

40
Self Assessments Gap Analysis

Where are we now?Where do we need to go?
How do we get there?

41
The Regulations

Mostly mandate what has to be done
Not how it is implemented

42
Self-assessments

Develop clear picture of current readiness to
comply
Compare with requirements
Document gaps where changes may need to be made
Document requirements where additional resources
are required
Document Due Diligence in complying

43
Critical Self-assessment

NOTE Legal counsel should be consulted prior
to deployment as data collected in a
self-assessment process may be subject to
discovery proceedings or considered a public
record.

44
Areas to be Considered

Hardware
Software
Personnel Policies
Information Practice Policies
Disaster Preparedness
Business Partner Agreements
Management of Change

45
The Compliance Balancing Act

There is no one right answer for compliance - no
check box to provide a safe harbor
Organizations will have to
assess their own risk
build and document a plan for compliance
allocate resources
execute and continually update the plan
be able to prove that you did what you said

46
Updating the Plan