HTH937: Sybase Healthcare and Industry Standards - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

HTH937: Sybase Healthcare and Industry Standards

Description:

American Medical Association that produces CPT-4 codes for reporting medical ... ANSI Health Informatics Standards Planning Panel (HISPP) - coordinate standards ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 32
Provided by: fellenm
Category:

less

Transcript and Presenter's Notes

Title: HTH937: Sybase Healthcare and Industry Standards


1
HTH937 Sybase Healthcare and Industry Standards
Bill MorozTechnical Director, Healthcare bill.mor
oz_at_sybase.coml / 708 301 9580 August 5, 2003
2
Course Outline
  • Overview of Healthcare Standards
  • Government (HIPAA)
  • Standards Development Organizations
  • De Facto
  • Vendor
  • Sybase Solutions
  • HIPAA Standards for Transaction Compliance
  • HIPAA Standards for Privacy
  • HIPAA Standards for Security
  • Standards-Based Integration

3
Government Healthcare Standards
  • Health Insurance Portability and Accountability
    Act of 1996 (HIPAA) under the control of HCFA
  • National Library of Medicine that supports the
    Unified Medical Language System (UMLS), a system
    linking together various medical vocabularies
  • Health Care Financing Association (HCFA) that
    controls Medicare and Medicaid

4
Standards Development Organizations (SDO)
  • ANSI (American National Standards Institute)
  • X12
  • CPT
  • ASTM (the American Society for Testing and
    Materials) that produces a standard for the CPR
  • American Medical Association that produces CPT-4
    codes for reporting medical services and
    procedures.
  • ANSI Health Informatics Standards Planning Panel
    (HISPP) - coordinate standards from other
    organizations
  • HL7
  • DICOM
  • EDIFACT for healthcare data interchange
  • Health Care Financing Association (HCFA)

5
International Standards
  • Telematics
  • CENT51
  • IMIA became IHIA
  • WHO
  • ANSI-HISB
  • Ministry of Health Canada
  • IT/14 Standards Australia
  • MEDIS-DC within Ministry of Trade (Japan)
  • ISO IAeG (InterAgency EDI Group of ISO)

6
Sybase Participates in Healthcare Standards
Organizations
7
HIPAA What is it?
  • Public Law 104-191August 21, 1996

To amend the Internal Revenue Code of 1986 to
improve portability and continuity of health
insurance coverage in the group and individual
markets, to combat waste, fraud, and abuse in
health insurance and health care delivery, to
promote the use of medical savings accounts, to
improve access to long-term care services and
coverage, to simplify the administration of
health insurance, and for other purposes.
Health Insurance Portability and
Accountability Act of 1996.
De Facto HIPAA Mascot
8
HIPAA Who is affected?
  • Healthcare Providers
  • Healthcare Clearinghouses
  • Health Plans
  • Commercial insurances
  • Third-party administrators.
  • Some large employers (self-insured)
  • Government Agencies
  • Public Health, Child Family Services ect.
  • Healthcare consumers (patients)

9
HIPAA When does it happen?
August 1996
December 2001
February 2003
April 2003
October 2003
November 2003
April 2005
10
HIPAA EDI Transactions
834
Plan Sponsors, Employers
Payers
Providers
Enrollment
Eligibility Verification
Enrollment
270
820
271
834
Precertification and Adjudication
Pre-treatment Authorization and Referrals
278
837 ( 275/HL7)
Claim Acceptance
Service Billing/ Claim Submission
(277)
(275/HL7)
Adjudication
276
Claim Status Inquiries
Coordination of Benefits
277
275
Not shown NCPDP Retail Pharmacy
837
Accounts Receivable
Accounts Payable
835
11
HIPAA/Transactions
  • The goal is to have all plans use identical
    transactions.
  • In reality there are some variations, although
    greatly reduced by HIPAA
  • E.g. Claim 88 same post HIPAA/ lt60 pre HIPAA
  • Content Variations
  • E.g. coding of procedures, taxonomy,837I vs. 837P
  • Noncontent variations
  • 997 errors, Transport (Internet vs. dial up), FTP
    vs. HTTP, authentication

12
HIPAA/Transactions
  • Mandatory Compliance by Oct 16, 2003
  • What does compliance mean?
  • Business vs. Legal issues
  • If one claim out of a whole batch of 5000 isnt
    HIPAA Compliant should you reject the entire
    batch?

13
HIPAA - Privacy Standards
  • Effective as of April 14, 2003.
  • Provides regulations on the usage and disclosure
    of Protected Healthcare information (PHI).
  • Individuals must be informed of institutions
    privacy policy in writing.
  • Asserts that patients have control over all
    disclosures of treatment, payment and healthcare
    operations (TPO).
  • The Minimum Necessary principle
  • Right to examine amend a persons own
    information
  • Provisions for disclosure of De-identified data

14
HIPAA/Privacy - Why?
  • Tammy Wynettes medical records were sold to
    tabloid publications by a medical center
    employee. This was done in spite of the fact that
    she had entered the hospital under an assumed
    name to protect her privacy.
  • An HIV positive patient used a local pharmacy to
    keep his condition private. When the pharmacy was
    purchased by CVS, he requested to not have his
    information transferred. CVS not only
    disregarded his/her request but distributed the
    information to many of its marketing partners.
  • A list of cancer patients was obtained by a
    banker who was on the state health commission.
    He cross referenced the list against his customer
    list and promptly called in their loans.

15
What is Protected Healthcare Information (PHI)
16
HIPAA/Privacy Challenges
  • Information must be kept 6 years
  • Requests can be generated through various
    communications channels
  • phone, fax, email, web sites and claims systems.
  • PHI may (and mostly does) reside on many storage
    types
  • medical records systems, claims systems,
    adjudications systems, filing cabinets, data
    warehouses.

17
HIPAA/Privacy
18
HIPAA/Privacy- Accounting of Disclosures
  • Covered Entities must document and retain
  • Date of request
  • Name/Address of person who received PHI
  • A brief description of PHI disclosed
  • A statement about the purpose of the disclosure
  • The written accounting is provided to the
    individual
  • The titles of the persons or offices for
    receiving and processing the request for an
    accounting by individuals.

19
HIPAA/Privacy - Authorizations
20
HIPAA/Privacy - Authorizations
  • Patient Authorizations Required
  • Marketing,
  • Research,
  • Psychotherapy notes
  • Activities other than treatment, payment and
    hospital operations (TPO)
  • Manage Status (Signed, Revoked, Expired)
  • Integration with Disclosure Management

21
HIPAA/Privacy - Restrictions
22
HIPAA/Security Rule - 164.306
  • Published February 13, 2003
  • Mandatory April 21 2005 (2006 for smaller plans)
  • General rules
  • Ensure the confidentiality, integrity, and
    availability of all electronic protected health
    information the covered entity creates, receives,
    maintains, or transmits.
  • Protect against any reasonably anticipated
    threats or hazards to the security or integrity
    of such information.
  • Protect against any reasonably anticipated uses
    or disclosures of such information that are not
    permitted or required under the privacy
    regulation
  • Ensure compliance with this subpart by its
    workforce.

23
HIPAA/Security - Implementation Specifications
  • Specifications are defined as either Required or
    Addressable (22 of 42 are addressable)
  • Required
  • Security Assessments
  • Disaster Recovery Plan
  • Addressable (e.g. Integrity controls and
    encryption)
  • Reasonable and appropriate within your framework
  • E.g. Small Physician Practice vs. Large Health
    Plan
  • Integrity controls and encryption
  • Depends on existing measures, cost, and risk
    mitigation
  • Locked up room vs. data center with retinal eye
    scan
  • Big Technical Issue Lack of Technical Standards
    or specificity.
  • e.g, 164.312(e)(2)(ii) Encryption
    (Addressable). Implement a mechanism to encrypt
    electronic protected health information whenever
    deemed appropriate.

24
The Security Regulation At a Glance
(R)Required
(A)Addressable
25
(No Transcript)
26
(No Transcript)
27
HIPAA/Security Strategies for Database
Availability
Switchingand WarmStandbyReplication
ColdStandby
DisasterRecovery
Catastrophic
HighAvailabilityClusters
HighAvailability
Unplanned
Severity of Database Downtime
OfflineMaintenance
Planned
OnlineMaintenance
No Downtime
ContinuousAvailability
Latency of Database Recovery
28
HIPAA/Security Warm Standby
29
HIPAA/Security A Heterogeneous Environment
Replicate Sites
Primary Sites
  • Adaptive Servers/IQ/ Anywhere/ Enterprise

Replication Agents
Replication Server
  • DB2
  • AS/400
  • Oracle
  • ODBC
  • Informix
  • MS SQL
  • UDB

DirectCONNECT OmniCONNECT
  • OS/390 DB2
  • Adaptive Server Enterprise
  • Adaptive Server Anywhere
  • Replication Toolkit for MVS
  • Oracle
  • Informix
  • Microsoft SQL Server
  • IBM DB2 Universal Database

Mobile Users
SA
SQL Remote
Adaptive Server Anywhere
30
HIPAA/Security - Failover Replication Server and
OpenSwitch
31
Standards-Base Integration
  • HIPAA Standards for Transaction Compliance
  • HIPAA Standards for Privacy
  • HIPAA Standards for Security
  • Standards-Based Integration
Write a Comment
User Comments (0)
About PowerShow.com