As HIPAA Progresses - PowerPoint PPT Presentation

1 / 116
About This Presentation
Title:

As HIPAA Progresses

Description:

HIPAA Progresses HIPAA ... covered entities must simply evaluate what measures make sense in their environment tailor their practices & safeguards to their particular ... – PowerPoint PPT presentation

Number of Views:2023
Avg rating:3.0/5.0
Slides: 117
Provided by: EdSchne3
Category:

less

Transcript and Presenter's Notes

Title: As HIPAA Progresses


1
As HIPAA Progresses..
  • What you need to know to keep up

2
HIPAA Progresses
  • HIPAA EDI (Electronic Data Interchange)
  • HIPAA Unique Provider Employer ID
  • HIPAA Security
  • HIPAA Privacy Compliance
  • NOA References to help you with HIPAA

3
HIPAA Progresses
  • HIPAA EDI (Electronic Data Interchange)
  • HIPAA Unique Employer ID
  • HIPAA Security
  • HIPAA Privacy Compliance
  • NOA References to help you with HIPAA

4
EDI (Electronic Data Interchange)
  • If you use EDI it must comply with HIPAA
  • HIPAA does not force you to use EDI except for
    Medicare claims under limited circumstances

5
EDI (Electronic Data Interchange)
  • Why HIPAA EDI?
  • Prior to HIPAA EDI multiple EDI data forms
  • Different entities could not communicate
  • Delays and confusion in claims

6
HIPAA Administrative Simplification
  • Sets standard data sets
  • Routine Care (VSP, EyeMed, CVC)
  • Medical Claims (Medicare, BCBS)

7
Affects most electronic health data
  • Claims/Encounter submission
  • Payment remittance notices
  • Insurance eligibility
  • Claim status
  • and

8
Additional electronic health data
  • Group Health enrollment
  • Health insurance premium payments
  • Other Internet health data

9
End Result
  • When the data ends up at 3rd party payer it must
    be in HIPAA EDI format
  • Examples Follow Current Method vs. HIPAA EDI

10
Current vs. New Authorization
  • Current Method
  • Provider seeks authorization over Internet ?
  • 3rd Party Payer receives and replies
  • HIPAA EDI
  • Provider seeks authorization over Internet ?
  • HIPAA compliant site or program intervenes ?
  • 3rd Party Payer receives in HIPAA format and
    replies
  • WYNTD Test

11
Current vs. New Routine Care Claims
  • Current Method
  • Provider completes web page form over Internet ?
  • 3rd Party Payer receives and replies
  • HIPAA EDI
  • Provider completes web page form over Internet ?
  • HIPAA compliant site or program intervenes ?
  • 3rd Party Payer receives in HIPAA format and
    replies
  • WYNTD Test

12
Current vs. New Medical Claims
  • Current Method
  • Providers paper data ?
  • Billing service - Clearinghouse ?
  • 3rd Party Payer
  • HIPAA EDI
  • Providers paper data ?
  • HIPAA compliant Billing service - Clearinghouse ?
  • 3rd Party Payer
  • WYNTD Test

13
Current vs. New Medical Claims
  • Current Method
  • Providers data ?
  • Computer program ?
  • 3rd Party Payer
  • HIPAA EDI
  • Providers data ?
  • HIPAA compliant computer program ?
  • 3rd Party Payer
  • WYNTD Test

14
Testing NOW (yesterday!) is imperative
  • If you wait, you will be delayed by a traffic jam
  • Payment will be delayed until you comply
  • It is anticipated that many practitioners will
    not comply
  • It is anticipated that back-up systems will be
    swamped
  • Fax
  • Phone
  • Paper
  • Non-electronic filers should anticipate delays as
    well

15
Contact all 3rd parties for immediate testing if
  • You file claims electronically with them.
  • You communicate with them electronically in any
    way except
  • voice phone
  • paper fax

16
Contacting 3rd parties
  • NOA August issue of 3rd Party Newsletter contains
    pages of information on what questions to ask.
  • Newsletter available at the NOA Website if you
    dont have a printed copy

17
Contacting 3rd parties
  • Respective 3rd party contact information should
    be available in their manual.
  • NOA 3rd Party HIPAA web page will contain as many
    contact sites as Dr. Quack can find.
  • Please email Dr. Quack of other sites not listed
    on NOA HIPAA Web page so he can add them to the
    list.

18
(No Transcript)
19
Medicare and EDI
  • If you have 10 or more FTE employees you must
    file with Medicare via EDI
  • Most offices of this size already use EDI
  • If you have less employees you do not have to
    tell Medicare (no waiver needed)
  • No official employee counter has been appointed
    to Dr. Quacks knowledge

20
Medicare and EDI
  • Electronic filers should TEST as described
  • Delays in paper claim payments expected since
    more paper claims -with errors- are anticipated

21
HIPAA EDI Bottom Line
  • TEST
  • IMMEDIATELY

22
HIPAA Continues
  • HIPAA EDI (Electronic Data Interchange)
  • HIPAA Unique ID
  • HIPAA Security
  • HIPAA Privacy Compliance
  • NOA References to help you with HIPAA

23
National Identifiers
  • Requires standard Identifier for
  • Health care providers
  • Health-related Employers

24
Applies to
  • All health plans,
  • All health care clearinghouses, and
  • Any health care providers that transmit any
    health information in electronic form

25
Electronic transmissions include all media
  • Magnetic tape
  • Disk
  • CD media

26
Transmissions include
  • Internet
  • Extranet
  • Leased lines
  • Dial-up lines
  • Private networks.

27
Not Included
  • Telephone voice response
  • Fax back systems

28
Estimated time of implementation
  • Mid-2004 (Dr. Quack wonders)

29
Action needed at this time
  • None

30
HIPAA Continues
  • HIPAA EDI (Electronic Data Interchange)
  • HIPAA Unique Employer ID
  • HIPAA Security
  • HIPAA Privacy Compliance
  • NOA References to help you with HIPAA

31
HIPAA Security and Electronic Signature Standards
  • Requires health care information be protected to
    ensure privacy and confidentiality when
    electronically
  • stored,
  • maintained, or
  • transmitted.

32
HIPAA Security and Electronic Signature Standards
  • The proposed security standards also specify a
    standard for electronic signature
  • but does not require the use of an electronic
    signature

33
Applies to
  • All health plans,
  • All health care clearinghouses, and
  • Any health care providers that transmit any
    health information in electronic form

34
Electronic transmissions include all media
  • Magnetic tape
  • Disk
  • CD media

35
Transmissions include
  • Internet
  • Extranet
  • Leased lines
  • Dial-up lines
  • Private networks.

36
Not Included
  • Telephone voice response
  • Fax back systems

37
Estimated time of implementation
  • 2005

38
Action required at this time
  • None

39
HIPAA Continues
  • HIPAA EDI (Electronic Data Interchange)
  • HIPAA Unique Employer ID
  • HIPAA Security
  • HIPAA Privacy Compliance
  • NOA References to help you with HIPAA

40
HIPAA PRIVACY What do we do now?
  • Dr. Quack has been receiving many Questions
    regarding HIPAA Privacy
  • Some show fear and over-reaction
  • Others reflect lack of compliance
  • ERGO
  • 15 Minute review of HIPAA Privacy basics
  • For those that already understand, please be
    patient!

41
HIPAA PRIVACY What do we do now?
  • Read aloud your Notice of Privacy Practices at
    staff meetings once a quarter.
  • Follow it with a HIPAA discussion of
  • reasonable safeguards
  • minimum necessary
  • Your Privacy Officer should review and update
    your HIPAA Privacy Manual once a quarter.

42
OCR Guidance
  • Privacy Rule permits certain incidental uses
    disclosures of PHI when the covered entity uses
  • reasonable safeguards
  • minimum necessary policies procedures

43
Reasonable Safeguards
  • Speaking quietly when discussing a patients
    condition with family members in a waiting room
    or other public area
  • Avoiding using patients names in public hallways
    elevators

44
Reasonable Safeguards
  • Posting signs to remind employees to protect
    patient confidentiality
  • By supervising, isolating, or locking file
    cabinets or records rooms
  • By providing additional security, such as
    passwords, on computers maintaining personal
    information.

45
More Safeguards
  • Ask waiting customers to stand a few feet back
    from a counter used for patient counseling.
  • Use of cubicles, dividers, shields, curtains, or
    similar barriers where multiple patient-staff
    communications routinely occur

46
OCR Guidance
  • Privacy Rule permits certain incidental uses
    disclosures of PHI when the covered entity uses
  • reasonable safeguards
  • minimum necessary policies procedures

47
Minimum Necessary Rule
  • Requires limit of access to PHI, based on needs
    to perform job duties.
  • Unimpeded access to PHI, where not necessary for
    the job at hand, is not applying the minimum
    necessary standard.
  • Any incidental use or disclosure that results
    from not applying the Minimum Necessary Standard
    would be an unlawful.

48
Minimum Necessary Rule
  • The minimum necessary standard does not apply to
    disclosures, including oral disclosures, among
    health care providers for treatment purposes

49
FAQs
  • Frequently Asked Questions.

50
OCR Guidance FAQs....... confidential
conversations
  • Q Can health care providers engage in
    confidential conversations with other providers
    or with patients, even if there is a possibility
    that they could be overheard?
  • A Yes, when using reasonable safeguards.

51
OCR Guidance FAQs....... confidential
conversations
  • Free to engage in communications as required for
    quick, effective, high quality health care.
  • Overheard communications in these settings may be
    unavoidable are allowed as incidental
    disclosures.

52
OCR Guidance FAQs....... confidential
conversations
  • When using Reasonable Safeguards
  • Health care staff may orally coordinate services
    at hospital nursing stations.
  • Staff may discuss a patients condition over the
    phone with the patient, a provider, or a family
    member.
  • A health care professional may discuss lab test
    results with a patient or other provider in a
    joint treatment area.

53
OCR Guidance FAQs....... confidential
conversations
  • HIPAA Privacy does not require
  • Private rooms.
  • Soundproofing of rooms.
  • Encryption of wireless or other emergency medical
    radio communications
  • Encryption of telephone systems.

54
OCR Guidance FAQs....... Mailings phone calls
  • Q May physicians offices or pharmacists leave
    messages at patients homes, either on an
    answering machine or with a family member, to
    remind them of appointments or to inform them
    that a prescription is ready? May providers
    continue to mail appointment or prescription
    refill reminders to patients homes?

55
OCR Guidance FAQs....... Mailings phone calls
  • A Yes.
  • Limit the PHI disclosed on the answering machine.
  • Consider leaving only name number PHI
    necessary to confirm an appointment
  • Or ask the individual to call back.
  • May leave a message with a family member or other
    person who answers the phone when the patient is
    not home.

56
OCR Guidance FAQs....... Confidential Conversation
  • Where a patient has requested confidential
    communication, you must accommodate that request,
    if reasonable. Examples,
  • mailings in an envelope, not postcard.
  • mail sent to a P.O. box, not to home
  • receive calls at the office, not at home

57
OCR Guidance FAQs....... Sign-in sheet
  • Q May physicians offices use patient sign-in
    sheets or call out the names of their patients in
    their waiting rooms?
  • A Yes. But the sign-in sheet may not display
    medical information that is not necessary for the
    purpose of signing in.

58
OCR Guidance FAQs....... Charts on doors
  • Q Are charts outside of exam rooms prohibited
  • A No. Using reasonable safeguards the minimum
    necessary rule, covered entities must simply
  • evaluate what measures make sense in their
    environment
  • tailor their practices safeguards to their
    particular circumstances.

59
OCR Guidance FAQs....... Charts on doors
  • You May maintain patient charts outside of exam
    rooms, displaying patient names on the outside of
    patient charts
  • Possible safeguards may include
  • Supervise area
  • place patient charts facing the wall or otherwise
    covered

60
OCR Guidance FAQs....... Announcing names
  • You May Announce patient names other
    information over a facilitys public announcement
    system.
  • Possible safeguards may include
  • limiting the information disclosed over the
    system, such as referring the patients to a
    reception desk.

61
OCR Guidance FAQs....... Overheard conversation
  • A provider may be overheard, in the reception
    area, instructing staff to bill a patient for a
    particular procedure
  • A health plan employee discussing a patients
    health care claim on the phone may be overheard
    by another employee who is not authorized to
    handle patient information.

62
OCR Guidance FAQs....... Office re-design
  • Q Are covered entities required to restructure
    workflow systems, redesign office space
    upgrading computer systems to comply with the
    HIPAA Privacy Rules?
  • A The Department generally does not consider
    facility redesigns as necessary to meet the
    reasonableness standard for minimum necessary
    uses.
  • Use reasonable safeguards and minimum necessary
    rule listed earlier

63
OCR Guidance FAQs....... Business Associate
  • Examples of Business Associates.
  • A health care clearinghouse that translates a
    claim from non-standard to standard format
    forwards to a payer.
  • An independent medical transcriptionist that
    provides transcription services to a physician.
  • A collection agency
  • Software personnel who have access to PHI

64
OCR Guidance FAQs...... No permission needed
  • Q Can a patient have a friend or family member
    pick up a prescription for her?
  • A Yes. A pharmacist may use professional
    judgment experience with common practice to
    make reasonable inferences of the patients best
    interest in allowing a person, other that the
    patient, to pick up a prescription.

65
OCR Guidance FAQs...... No permission needed
  • Q Does the HIPAA Privacy Rule permit a covered
    entity or its collection agency to communicate
    with parties other than the patient (e.g.,
    spouses or guardians) regarding payment of a
    bill?
  • A Yes. A covered entity or their business
    associate (e.g., a collection agency), may
    disclose PHI as necessary to obtain payment for
    health care, there is no limit to whom such a
    disclosure may be made.

66
OCR Guidance FAQs...... No permission needed
  • However, the Privacy Rule requires you
  • Place a reasonable limit the amount of
    information disclosed,
  • Abide by any reasonable requests for confidential
    communications
  • Honor any agreed-to restrictions on the use or
    disclosure of PHI.

67
OCR Guidance FAQs...... No permission needed
  • Q Does the HIPAA Privacy Rule prevent health
    plans providers from using debt collection
    agencies?
  • A The Privacy Rule permits use of debt
    collection agencies through a business associate
    arrangement.
  • Disclosures to collection agencies are governed
    by provisions such as the business associate
    agreement minimum necessary requirements.

68
OCR Guidance FAQs...... No permission needed
  • Q Does the HIPAA Privacy Rule permit an eye
    doctor to confirm a contact prescription received
    by a mail-order contact company?
  • A Yes. The disclosure of PHI by an eye doctor
    to a distributor of contact lenses for the
    purpose of confirming a contact lens prescription
    is a treatment disclosure, is permitted under
    the Privacy Rule at 45 CFR 164.506.

69
OCR Guidance FAQs...... No permission needed
  • Q Is a hospital permitted to contact another
    hospital or health care facility, such as a
    nursing home, to which a patient will be
    transferred for continued care, without the
    patients authorization?

70
OCR Guidance FAQs...... No permission needed
  • A Yes. The HIPAA Privacy Rule permits
    disclosure of PHI without authorization to
    another health care provider for treatment or
    payment purposes, as well as to another covered
    entity for certain health care operations of that
    entity.

71
Physical Changes
  • HIPAA does not require that you make radical,
    expensive changes to your office.
  • The following are some reasonable alterations in
    office layout to assist in complying with HIPAA

72
Doors
  • Close doors (anonymity)
  • Especially when discussing PHI, e.g.,
  • History
  • Pre-examination
  • Examination

73
Always speak quietly
  • Hearing impaired?
  • Speak slowly
  • Get closer
  • Take special care when speaking in hallways and
    other common areas

74
Multi-patient areas (Check-in, Check-out,
Dispensary)
  • Speak reasonably quietly
  • Use PLEASE WAIT HERE signs if appropriate
  • Provide PLEASE WAIT HERE chairs if appropriate
  • Incidental disclosure is acceptable

75
Business Office Areas
  • Place HIPAA reminder signs at work stations
  • Place HIPAA reminder signs on computer monitors
  • Place HIPAA reminder signs on file cabinets

76
Computer Monitors
  • Rotate screen away from public
  • Put a plant next to monitor
  • Use Screen saver or Minimize screen
  • Place HIPAA reminder sign on monitor
  • Remember, patients can see their own PHI!

77
(No Transcript)
78
(No Transcript)
79
(No Transcript)
80
(No Transcript)
81
Minimize ---
82
(No Transcript)
83
Patient Records
  • Keep records closed except when in use
  • When practical, divide each record into sections,
    e.g.,
  • Demographics
  • Examination
  • Claims
  • Staff should use only that portion of record
    needed for the task at hand

84
(No Transcript)
85
(No Transcript)
86
Patient Record Storage
  • Post HIPAA reminder signs in record storage areas
  • Reasonably monitor record storage areas
  • Reasonably monitor records in hallways

87
(No Transcript)
88
HIPAA Continues
  • HIPAA EDI (Electronic Data Interchange)
  • HIPAA Unique Employer ID
  • HIPAA Security
  • HIPAA Privacy Compliance
  • NOA References to help you with HIPAA

89
(No Transcript)
90
Dr. Birthday MMDDYY
Dr. lastname only All lower case
Check this box
91
(No Transcript)
92
(No Transcript)
93
(No Transcript)
94
(No Transcript)
95
(No Transcript)
96
(No Transcript)
97
(No Transcript)
98
(No Transcript)
99
(No Transcript)
100
(No Transcript)
101
(No Transcript)
102
(No Transcript)
103
http//www.cms.hhs.gov/medicaid/hipaa/adminsim/
104
(No Transcript)
105
(No Transcript)
106
(No Transcript)
107
(No Transcript)
108
(No Transcript)
109
(No Transcript)
110
(No Transcript)
111
(No Transcript)
112
(No Transcript)
113
(No Transcript)
114
(No Transcript)
115
(No Transcript)
116
THANK YOU FOR YOUR ATTENTION!
Write a Comment
User Comments (0)
About PowerShow.com