Pharmacy Core Version 3.1
|
|
- Abigail Marshall
- 8 years ago
- Views:
Transcription
1 Presenter: Laura Higginbotham RN, MS Accreditation Reviewer Pharmacy Core Version 3.1 Date: April 8, 2016
2 Presenter Laura Higginbotham RN, MS Accreditation Reviewer (no conflicts to declare) 2
3 Continuing Education Units/Credits Continuing Education Units/Credits Attendance Evaluation Certificate Approved for this education program Registered participants must attend the entire program Registered participants earn at least 70% on the post-test Registered participants can access evaluation up to 30 days after this education program You will have the option to print your certificate(s) after providing some demographic 3
4 Program Agenda I. Overview of URAC II. Overview of Accreditation Scoring System III. URAC Monitoring Program IV. Review of URAC Standards V. URAC Education 4
5 Learning Objectives At the end of the overview session, participants should be able to Understand who URAC is and URAC s mission Understand URAC s scoring methodology Understand the AccreditNet application process Understand how to use the notes and citation fields 5
6 About URAC Mission To promote continuous improvement in the quality and efficiency of health care management through processes of accreditation, education, and measures. Structure Non-profit, independent entity Broad-based governance Providers Employers Labor Payers Regulators Consumers Expert Advisory Panels (Volunteer) Strategic Focus Consumer Protection and Empowerment Improving and Innovating Health Care Management 6
7 Fast Facts About URAC Non-profit, independent organization founded in 1990; originally chartered to accredit utilization review services URAC offers over 24 distinct accreditation programs across the entire continuum of care URAC currently accredits over 600 organizations operating in all 50 states and internationally URAC s accreditation programs are nationally utilized by state and federal regulators to ensure the highest level of quality is delivered to consumers 7
8 URAC Board Member Organizations The URAC board also maintains at-large representatives from consumer groups, public organizations, and other industry experts. 8
9 URAC Committee System Executive Committee Finance Committee Governance Pharmacy Advisory Group Health Standards Committee Board of Directors Accreditation Committee PCMH Advisory Group Advisory Committees (standards/measures) Accreditation Decision Health Website Accreditation Committee Measures Advisory Group Wellness Advisory Group HIPAA Accreditation Committee 9
10 URAC Overview Accreditation Programs 10
11 URAC Accreditation and Certification Programs Health Care Management Health Care Operations Health Plan Accreditation Pharmacy Quality Management Provider Health Utilization Management Case Management Disease Management Health Call Center Independent Review Organization Workers Compensation Utilization Management Health Network Health Content Provider/Website Credentials Verification Organization Health Plan Health Plan for Health Insurance Marketplace Medicare Advantage Health Plan Specialty Pharmacy Community Pharmacy Drug Therapy Management Mail Service Pharmacy Pharmacy Benefit Management Workers Compensation Pharmacy Benefit Management Accountable Care Clinical Integration PCMH Practice Certification Telehealth Dental Network Dental Plan Measures Core accreditation is available as a stand-alone program. Certification is available to organizations providing support services to URAC-accredited organizations. 11
12 Account Manager Overview Assigned to each client after the following are completed Accreditation Application Agreement (AAA) executed Business Associate Agreement (BAA) Remittance Act as the central URAC contact person Build long-term client relationships throughout the life of the accreditation cycle(s) Improves client access to URAC staff Maintain contact with the Accreditation Reviewer(s) during accreditation and reaccreditation reviews Initial point of contact during the accreditation cycle 12
13 Organizational Changes The organization must notify URAC of any changes in site addresses, change in ownership, and/or company name If there has been an organizational change during the accreditation/achievement cycle, URAC must be notified electronically via AccreditNet Accreditation is not transferable to another entity Contact your Account Manager for any further questions 13
14 Scoring Methodology 14
15 Rules of the Scoring Distinct standard element weight categories 1-4 Mandatory standard elements Not weighted All mandatory elements must be fully met Lowest site score determines application score 15
16 Rules of the Scoring All module scores roll up into one total score Core = 30% of total score Other modules combined contribute to 70% of total 100 points possible Must meet all Mandatory elements in order to achieve a FULL accreditation, regardless of total score (no change from previous policy) Must achieve a FULL accreditation in order to receive recognition in the Accreditation Summary Report (ASR) for meeting a Leading Indicator (non-weighted, optional element ) 16
17 Scoring Weights Element Wt = 1 Emerging Practice A new standard that may increase in weight over time Element Wt = 2 Basic Infrastructure Provides basic structure and processes to get essential work done Element Wt = 3 Promotes Quality Supports the delivery of high quality health services Efficient Effective Clinical and/or Non-Clinical Element Wt = 4 Key Stakeholder Rights or Empowers Consumers Provider, purchaser and payer rights, such as appeals Enables consumers to manage their health 17
18 Scoring Weights Element Wt = M Mandatory Element Direct or significant impact on the welfare and safety of consumers and patients Not-weighted Must meet all Mandatory elements in order to achieve Full accreditation Act as gatekeeper If Mandatory Element not fully met 1 element not met Conditional 2 elements not met Corrective Action 3 elements not met Not Accredited 18
19 Scoring Elements Element Wt = L Leading Indicator Non-weighted, optional element highlighting effective practices not yet widely adopted in health care Are optional and do not affect the final accreditation score or category Provides a way for an accredited company to distinguish itself from other accredited companies Not all accreditation standards will have Leading Indicators (i.e., new standard modules) Potential forecast of where health care may be heading Cannot be designated not applicable Applicant may choose not to meet a Leading Indicator 19
20 Determining an Accreditation Category If all Mandatory standard elements are met and 94 points/100 and complies 100% on at least one Leading Indicator standard Include compliance with Leading Indicators on Accreditation Summary Report (ASR) 94 points/100 = Full Accreditation 90, but < 94 points/100 = Conditional Accreditation 85, but < 90 points/100 = Corrective Action < 85 points/100 = Denial 20
21 Summary of Key Points Element weight categories 1-4 Mandatory elements not weighted and act as gatekeepers Module scores roll up to a total score based upon 100 points Leading Indicators are optional and do not affect the final accreditation score or category 21
22 Monitoring Program 22
23 Monitoring Program and On-site Eligibility Monitoring Program Annual attestation by the accredited organization of continued adherence to URAC standards Notification of organization changes (mergers, contact person); and A potential monitoring validation review Monitoring Validation Review Eligibility Companies with a signed Application Agreement which includes the monitoring/compliance program clause Validation reviews may be conducted at more than one site or for more than module/program 23
24 Monitoring Program and On-site Review Activities Monitoring Onsite The organization s primary contact person is notified of the monitoring review via Notification occurs 3-7 business days prior to the validation review Selected functions within the scope of the standards are verified Organizations incur no fees for the monitoring onsite Monitoring Onsite Review Activities The standard validation review agenda is available at A limited review of case files, complaints, quality management activities, policies and procedures, staff training, and credentials A medical/clinical director is not generally required to participate Staff are not typically interviewed When applicable, if some work is performed at another site, the monitoring review will be limited to work performed at the selected site 24
25 Monitoring Validation Review Findings Closure No Adverse Findings Action Plan Accreditation Status Review Meets all mandatory standards 1 or 2 mandatory standards not met Two or more mandatory standards not met Score is 94 Closure Summary sent to the organization Score 90 but < 94 Organization required to submit an Action Plan with staff retraining, procedures, and quality monitoring activities. Follow-up conference call Score <90 Follow-up full validation review possible (client will incur fees) and possible accreditation status change URAC reserves the right to consider accreditation status change 25
26 AccreditNet Application Instruction Booklet 26
27 Desktop Review Success Strategies Upload only the documents that pertain to the standard or element. Ensure all documents upload successfully Documents must be in final, approved form. Draft documents will not be accepted. Place a citation in the Notes field in AccreditNet that specifically identifies the information that supports the standard or element (e.g., p. 4, Section C, bullet 3, paragraph 2). Do not remove documents previously submitted as evidence on subsequent RFI rounds. Do not upload documents with PHI included. When creating policies and procedures, do not restate the standards describe the how, who, what, when, and where. 27
28 Accreditation Process Overview Application Submission Reviewer(s) Assigned Introduction Call Desktop Review Post DTR Call Request for Additional Information Interactive Educational Validation Review Accreditation Committee Notification 28
29 Accreditation Summary Report (ASR) Overall Application Scores Individual Module Score Description of the Accreditation Category Books of Business excluded from the Scope of the Accreditation Location of Sites Included within the Scope of the Accreditation Individual Standard/Element Scoring Category Terms of the Accreditation Notes 29
30 Questions 30
31 Learning Objectives At the end of the PHARM Core v.3.0 Standards, participants should be able to: Discuss the accreditation standards and what is needed to meet their intent Explain the scoring of the standards and how they apply Describe the documentation needed to submit with an accreditation application 31
32 Overview of PHARM Core Standards Consistent across URAC Program Modules Define key and foundational principles upon which a quality organization should exhibit There are 14 categories of standards There are linkages between the core standards module standards 32
33 PHARM Core Standards, Categories, and Key Terms 33
34 PHARM Core Standards Categories Organizational Structure [PHARM Core 1-2] Policies and Procedures [PHARM Core 3] Regulatory Compliance [PHARM Core 4] Inter-Department Coordination [PHARM Core 5] Delegation [PHARM Core 6-9] Marketing and Sales Communication [PHARM Core 10] Business Relationships [PHARM Core 11-12] Information Management [PHARM Core 13 16] Quality Management [PHARM Core 17 24] Staff Qualifications [PHARM Core 25 26] Staff Management [PHARM Core 27 29] Clinical Staff Credentialing and Oversight Role [PHARM Core 30 35] Health Care System Coordination [PHARM Core 36] Consumer Protection and Empowerment [PHARM Core 37 41] 34
35 Key Terms Under PHARM Core Access Advisory Board of Osteopathic Specialists American Board of Medical Specialties Annual Consumer Client Complaint Conflict of Interest Data Integrity Delegation Health Literacy Individually Identifiable Information Performance Measures Primary Source Verification Quality Improvement Project Defined terms appear in italics throughout the standards 35
36 Let s Get Started 36
37 Organizational Structure PHARM Core 1 PHARM Core 2 Policies and Procedure PHARM Core 3 37
38 ORGANIZATIONAL STRUCTURE AND DOCUMENTS PHARM Core 1 Organizational Structure The organization has a clearly defined organizational structure outlining direct and indirect oversight responsibility throughout the organization. [2] PHARM Core 2 Organization Documents Organization s documents address: [--] a. Mission statement; [2] b. Organizational framework for program; [2] c. The population served; and [2] d. Organizational oversight and reporting requirements of the program. [2] 38
39 Organization Structure Points to Remember Mission Statement Parent organization Department specific Various Organizational Charts and Documents Senior Management with linkage to the Board of Directors Specific to the module under review Describe the organization s framework How are Services Provided and to What Group(s) Telephonic Internet Book of business or product line 39
40 Organization Structure Points to Remember Committee Structure Describe the organizational and committee oversight Quality management reporting Senior management structure with linkage to the Board Compliance documentation may be found in: Policies and procedures Company website Corporate documents Marketing materials Program descriptions 40
41 Example of High-Level Organizational Chart Board of Directors Quality Committee CEO Chief Medical Officer VP Credentialing VP Sales & Marketing VP Network VP Pharmacy Services VP Customer Care Director of UM Director Physician Contracting Specialty Supervisor Call Center A Director Facility Contracting Mail Service Supervisor Call Center B 41
42 Mission Statement From Website 42
43 POLICIES AND PROCEDURES PHARM CORE 3 Policy and Procedure Maintenance, Review and Approval The organization: [--] a. Reviews written policies and documented procedures no less than annually and revises as necessary; [3] b. Maintains and complies with written policies and/or documented procedures that govern core business processes of its operations related to the scope of the accreditation; [M] c. Maintains the ability to produce a master list of all such policies and procedures; and [2] d. Includes the following on the master list or on all written policies and documented procedures: [--] i. Effective dates, review dates, including the date of the most recent revision; and [2] ii. Identification of approval authority. [2] 43
44 POLICIES AND PROCEDURES Impact on PHARM Core 3b if multiple standards/standard elements are missed Core 3b Scored as Not Met The organization misses three or more nonmandatory standard elements in three or more separate standards Core 3b Not Impacted The organization misses three or more elements under a single standard 44
45 POLICIES AND PROCEDURES EXAMPLE OF CORE 3B IMPACT PHARM Core 2 Organization Documents Organization s documents address: [--] a. Mission statement; [2] b. Organizational framework for program; [2] c. The population served; and [2] d. Organizational oversight and reporting requirements of the program. [2] If the organization misses Core 2a, Core 2b and Core 2d, Core 3b is NOT Impacted 45
46 PHARM Core 1 Organizational Structure The organization has a clearly defined organizational structure outlining direct and indirect oversight responsibility throughout the organization. [2] PHARM Core 2 Organization Documents Organization s documents address: [--] a. Mission statement; [2] b. Organizational framework for program; [2] c. The population served; and [2] d. Organizational oversight and reporting requirements of the program. [2] PHARM Core 7 Delegation Review Prior to delegating functions to another entity, the organization: [--] a. Establishes and implements a process to conduct a review of the potential contractor s policies and procedures and capacity to perform delegated functions and [3] b. Outlines and follows criteria and processes for approving contractors. [3] 46
47 Policies and Procedures Points to Remember Simple but frequently missed Master List of written policies and procedures If policies and procedures are maintained within a document depository, the organization must have the ability to produce a master list that the reviewer can clearly identify the effective date, review date, revision date and evidence of annual approval. Create a tracking systems to ensure policies and procedures are being approved annually. Hard copy signatures are no longer required but the organization must be able to clearly demonstrate policies have been approved. Define key terms such as review date and approval date Define approval authority 47
48 Frequently Asked Question - PHARM Core 3 Q: Does each individual policy and procedure need to be signed? A: No, but the organization must be able to demonstrate approval. This may be achieved via a signed document that lists all the policies and procedures or evidence in meeting minutes. 48
49 Regulatory Compliance Program and Internal Controls PHARM Core 4 49
50 REGULATORY COMPLIANCE PHARM Core 4 Regulatory Compliance Program and Internal Controls The organization implements a regulatory compliance program that: [--] a. Designates a compliance officer; [4] b. Identifies methods and accountabilities to track and review applicable state and federal laws and regulations, including those related to: [--] i. Privacy and security, including the HIPAA; [M] ii. Fraud, waste and abuse; and [M] iii. Functions covered by this URAC accreditation; [M] 50
51 REGULATORY COMPLIANCE PHARM Core 4 Regulatory Compliance Program and Internal Controls (continued) c. Pursuant to the organization s policy, conducts periodic: [--] i. Review and analysis of its organizational structure, written policies, and documented procedures to determine if there are any changes that impact compliance; [2] ii. Internal monitoring and auditing to ensure compliance with applicable laws and regulations; [M] iii. Review and as needed, update of the organization s training and education on the compliance program; and [2] iv. Communication with delegated entities regarding changes impacting compliance; and [2] d. Responds promptly to detected problems and takes corrective action as needed. [4] 51
52 REGULATORY COMPLIANCE Shredding/Record Storage are vendors that may have access to PHI and IIHI and therefore a regulatory compliance issue Worker s Comp companies are not required to have a BA agreement but would be required to have a vendor agreement and a policy on how they will safeguard PHI Health Companies: Compliance must be demonstrated via a BA agreement (HIPAA) and Vendor Agreement that addresses the following elements: Breach Breach remediation Transferring the data Requirement of training for the BA's staff Proper handling of the PHI 52
53 REGULATORY COMPLIANCE A policy must be submitted on how IIHI (for workers comp) and PHI (for HIPAA covered entities and business associates) is handled within the organization and how personal health information is taken to the vendor for onsite or offsite shredding and destruction 53
54 Regulatory Compliance Points To Remember Addressing state and federal laws an organization may be held accountable As you gather compliance documentation, ask.. Who is tracking laws and regulations to ensure compliance? What does your organization do if a new law or regulation is implemented? What actions are required to be in compliance with regulations? How does your organization ensure ongoing compliance to regulations? Does your organization have a Compliance Officer and a Privacy Officer? Does the organization has an audit program? 54
55 Regulatory Compliance Sources to Review Federal State Local Health and Human Services (HHS) Operations HIPAA HITECH Act Code of Conduct Board of Pharmacy 55
56 Frequently Asked Question PHARM Core 4 Q: How will the Reviewer verify regulatory compliance during the validation review? A: Tour of facility, review of policy and procedures, interview with staff, newsletters, staff meetings, regulatory updates, evidence of tracking regulations and laws and interview compliance/privacy officer 56
57 Inter-Departmental Coordination PHARM Core 5 57
58 INTER-DEPARTMENTAL COORDINATION PHARM Core 5 Inter-departmental Coordination The organization establishes and implements mechanisms to promote collaboration, coordination, and communication across disciplines and departments within the organization, with emphasis on integrating administrative activities, quality improvement, and where present, clinical operations. [3] 58
59 Frequently Asked Question PHARM Core 5 Q: What are some examples of interdepartmental coordination? A: Job descriptions for staff functioning as a liaison to other departments Quality improvement projects Staff meetings Newsletters Podcast recordings 59
60 INTER-DEPARTMENTAL COORDINATION Points to Remember Meeting Minutes One of the easiest ways to illustrate compliance is via meeting minutes Include names of individuals attending Credentials of each Title of each Department representing Provide minutes Quality Committee Senior Level meeting Clinical Operations Departmental meeting 60
61 Oversight of Delegated Functions PHARM Core 6 PHARM Core 9 61
62 DELEGATED STANDARDS PHARM Core 6 Delegation Review Criteria PHARM Core 7 Delegation Review PHARM Core 8 Delegation Contracts PHARM Core 9 Delegation Oversight Core 6 Core 7 62
63 OVERSIGHT OF DELEGATED FUNCTIONS Delegation occurs any time your organization is required to perform a function or service of a URAC standard and you have a contract with another organization to perform such function or service. Applies to services provided both inside and outside the United States. The term outsource is used synonymously with delegation. Delegation is the process by which an organization contracts with or otherwise arranges for another entity to perform functions and to assume responsibilities covered under the standards on behalf of the organization while the organization retains final authority to provide oversight to the delegate. (URAC definition, 2012) 63
64 OVERSIGHT OF DELEGATED FUNCTIONS PHARM Core 6 Delegation Review Criteria The organization establishes and implements criteria and processes for an assessment prior to the delegation of functions. [3] PHARM Core 7 Delegation Review Prior to delegating functions to another entity, the organization: [--] a. Establishes and implements a process to conduct a review of the potential contractor s policies and procedures and capacity to perform delegated functions and [3] b. Outlines and follows criteria and processes for approving contractors. [3] 64
65 OVERSIGHT OF DELEGATED FUNCTIONS PHARM Core 8 Delegation Contracts The organization enters into written agreements with contractors that: [--] a. Specify those responsibilities delegated to the contractor and those retained by the organization; [2] b. Require that services be performed in accordance with the organization's requirements and URAC standards; [M] c. Require notification to the organization of any material change in the contractor s ability to perform delegated functions; [4] d. Specify that the organization may conduct surveys of the contractor, as needed; [2] e. Require that the contractor submit periodic reports to the organization regarding the performance of its delegated responsibilities; [3] 65
66 OVERSIGHT OF DELEGATED FUNCTIONS PHARM Core 8 Delegation Contracts, cont. f. Specify recourse and/or sanctions if the contractor does not make corrections to identified problems within a specified period; [2] g. Specify the circumstances under which activities may be further delegated by the contractor, including any requirements for obtaining permission from the organization before any further delegation; and [4] h. Specify that, if the contractor further delegates organizational functions, those functions shall be subject to the terms of the written agreement between the contractor and the organization and in accordance with URAC standards. [M] 66
67 Frequently Asked Question PHARM Core 8 Q: Our delegee is URAC accredited. Which delegation standards apply to our organization? A: Standard 8 67
68 OVERSIGHT OF DELEGATED FUNCTIONS What is frequently missed under PHARM Core 8 b. services be performed in accordance with the organization s requirements and URAC standards c. notification of any material change in the contractor s ability to perform delegated functions Example: facility closure, discontinuation of product or service g. circumstances under which activities may be further delegated by the contractor, including requirements for obtaining permission from the organization before any further delegation h. if contractor further delegates organizational functions, those functions shall be subject to the terms of the written agreement and in accordance to URAC standards 68
69 OVERSIGHT OF DELEGATED FUNCTIONS PHARM Core 9 Delegation Oversight The organization establishes and implements an oversight mechanism for delegated functions within the scope of accreditation that includes: [--] a. A periodic review (no less than annually) of the contractor s policies and procedures and documentation of quality activities for related delegated functions; [2] b. A process to verify (no less than annually) the contractor s compliance with contractual requirements and policies and procedures; and [M] c. A mechanism to monitor financial incentives to ensure that quality of care or service is not compromised. [3] 69
70 When are PHARM Core 6, 7, 8, and 9 Non-applicable? Delegation Situations Core 6 Core 7 Core 8 Core 9 No Delegation NA* NA NA NA URAC Accredited Organization Non-URAC Accredited Organization NA NA NA *Applicant may opt to provide documentation in anticipation of potential delegation in the future 70
71 OVERSIGHT OF DELEGATED FUNCTIONS No Delegations Statement indicating the organization does not delegate any functions under the scope of the programs under review Delegation to URAC Accredited Organization Delegation Agreement Evidence of URAC Accreditation Delegation to non- URAC Accredited Organization Delegation Agreement Applicable Policies and Procedures Periodic Reports showing oversight 71
72 Evidence of URAC Accreditation 72
73 Link to Page Organization Name Site Address + website address List of all sites accredited 73
74 Marketing and Sales Communication PHARM Core 10 74
75 MARKETING AND SALES COMMUNICATIONS PHARM Core 10 Review of Marketing and Sales Materials The organization follows marketing and sales practices that include: [--] a. Mechanisms to clearly and accurately communicate information about services that include delegated activities; [4] b. A formal process of inter-departmental review of marketing and sales materials before dissemination to safeguard against misrepresentations about the organization s: [--] i. Services; and [M] ii. Ownership; [M] c. Monitoring of existing materials for accuracy; and [4] d. Promptly responds to detected problems and takes corrective action as needed. [4] 75
76 Marketing and Sales Communications Points to Remember Marketing Materials Have a policy and procedure that describes the development of marketing materials Address who reviews marketing materials to include the area that are responsible for conducting the services being marketed Explain how the organization monitors materials to ensure accuracy What does the organization do if an error is found in marketing materials The URAC Reviewer will interview those responsible for Marketing. Nice to have examples of marketing materials along with a paper trail of who reviews and approves 76
77 MARKETING AND SALES COMMUNICATIONS Share standard with marketing staff. Establish quarterly interdepartmental meeting to review marketing material update. Ensures everyone is on common ground. Create a mechanism to track dates and those that have approved various documents. 77
78 URAC Marketing Guidelines The display of the URAC seal, with expiration date, is a requirement for clients to maintain compliance with their accreditation agreement. Click-to-Verify accreditation seal program is designed to ensure that consumers, business partners, regulators and employer groups can verify the accredited or status of your organization. Accreditation seals are automatically generated in AccreditNet with an expiration date. Deadline for URAC accredited organizations to have the new seal on their digital properties, with the expiration date, was 9/30/15. For printed materials, the expiration date is 9/30/16. 78
79 Link to Page Organization Name Site Address + website address List of all sites accredited 79
80 Business Relationships PHARM Core
81 BUSINESS RELATIONSHIPS PHARM Core 11 Written Business Agreements The organization maintains signed written agreements with all clients describing the scope of the business arrangement. [2] Agreements speak to the range of services provided Signed and dated by all parties Submit sample contract template that addresses the scope of the business arrangement. 81
82 BUSINESS RELATIONSHIPS PHARM Core 12 Client Satisfaction The organization implements a mechanism to collect or obtain information about client satisfaction with services provided by the organization. [3] Client: A business or individual that purchases services from the organization 82
83 BUSINESS RELATIONSHIPS What is frequently missed under PHARM Core 12 Organizations provides consumer satisfaction to show compliance to this standard. What mechanisms are in place to collect client satisfaction Surveys Focus Groups Complaints Client Meetings 83
84 Information Management PHARM Core 13 PHARM Core 16 84
85 INFORMATION MANAGEMENT PHARM Core 13 Information Management The organization implements information system(s) (electronic and paper) to collect, maintain, and analyze information necessary for organizational management that: [--] a. Provides for data integrity; [M] b. Includes a plan for storage, maintenance and destruction; and [2] c. Includes a plan for interoperability: [--] i. Between internal information systems; and [L] ii. With external entity information systems. [L] ADDRESS ELECTRONIC & PAPER 85
86 Information Management Effective 8/3/15 For organizations handling protected health information (ephi) and/or personal identifiable information (epii) on electronic media, URAC will look to see what provisions, including encryption or its comparable equivalent, are used to protect this type of data when it come to storage, maintenance and destruction. Definition: Encryption is the conversion of electronic data into another form, call ciphertext, which cannot be easily understood by anyone except authorized parties. The plan must address ephemeral messaging solutions in particular, organizations using cloud or social media technology where ephi and/or epii may be kept. Definition: Ephemeral messaging is secure messaging that never creates electronic stored information, message only exist in volatile memory streaming from devise to cloud to devise and leave not data trace on devices or servers. Data cannot be stored or shred and disappears once read by the recipient. 86
87 Information Management Effective 8/3/15 Please note that password protection, though helpful, is not a comparable substitute for encryption. Without a plan for storage, maintenance and destruction, the applicant will not meet the intent of Core 13(b) or Core 15(b), that latter which is mandatory. Applicants must implement encryption for all devices, including storage devices, handling ephi. If encryption has not been implemented, a comparable alternative has been implemented. An attestation signed by the Chief Information Officer (CIO) or Security Officer addressing encryption of systems that handle ephi is required as part of the desktop review. 87
88 References Information Management Encryption and Decryption (a)(2)(iv): Implement a method to encrypt and decrypt electronic protected health information. This provision is applicable to ephi at rest. Encryption (e)(2)(ii): Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. This provision is applicable to ephi in transit. 88
89 INFORMATION MANAGEMENT The organization implements a business continuity and emergency management plan for program operations, including information system(s) (electronic and paper) that: [--] a. Identifies which systems and processes must be maintained and the effect an outage would have on the organization s program. [3] b. Identifies how business continuity is maintained given various lengths of time information systems are not functioning or accessible; [3] c. Ensures business continuity for its operations by having an emergency management system in place for its facility and products that: [--] i. Includes a plan for distribution of the drugs during emergency and [4] ii. PHARM Core 14 Business Continuity Identifies the effect a disaster would have on the organization s program. [3] d. Is tested at least every two years; and [3] e. Responds promptly to detected problems and takes corrective action as needed. [3] 89
90 Electronic and Paper communication systems, and other systems as needed to maintain critical functions Applies to telecommuters Compliance Documents Information Management Points to Remember Frequently long Clearly indicate where the reviewer may find compliance Testing Provide evidence of testing (every two years) Documentation corrective actions taken based on test findings Is more than a disaster recovery plan 90
91 INFORMATION MANAGEMENT PHARM Core 15 Information Confidentiality and Security The organization provides for data confidentiality and security of its information system(s) (electronic and paper) by implementing written policies and/or documented procedures that address: [--] a. Assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of information systems; [3] b. Prevention of confidentiality and security breaches; and [M] c. Detection, containment and correction of confidentiality and security violations. [M] 91
92 INFORMATION MANAGEMENT Send a copy of standards PHARM Core 13,14, and 15 to the IT department Include documentation on the following: Testing business continuity plan Problems identified and corrective actions taken How data integrity is maintained (electronic & paper systems) Risk assessment How PHI & ephi is protected 92
93 INFORMATION MANAGEMENT PHARM Core 16 Confidentiality of Individually-Identifiable Health Information The organization establishes and implements a policy and procedure to protect the confidentiality of individually-identifiable health information that: [--] a. Identifies how individually-identifiable health information will be used; [M] b. Specifies that individually-identifiable health information is used only for purposes necessary for conducting the business of the organization, including evaluation activities; [M] c. Addresses who will have access to individually-identifiable health information collected by the organization; [M] 93
94 INFORMATION MANAGEMENT PHARM Core 16 Confidentiality of Individually-Identifiable Health Information, cont. d. Addresses oral, written, or electronic communication and records that are transmitted or stored; [M] e. Address the responsibility of organization employees, committee members and board members to preserve the confidentiality of individually-identifiable health information; and [M] f. Requires employees, committee members and board members of the organization to attest that they understand their responsibility to preserve confidentiality. [M] 94
95 INFORMATION MANAGEMENT Access to individually-identifiable health information should be limited to only those employees who need access to perform their jobs Elements e and f are the most commonly missed elements on desktop review. Committee and Board members often forgotten 95
96 INFORMATION MANAGEMENT Protected Health Information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment 96
97 List of 18 Identifiers (Source: Health Insurance Portability and Accountability Act 1996) Names All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000 All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older Phone numbers Fax numbers Electronic mail addresses Social Security numbers Medical record numbers 97
98 List of 18 Identifiers (continued) (Source: Health Insurance Portability and Accountability Act 1996) Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers and serial numbers, including license plate numbers Device identifiers and serial numbers Web Universal Resource Locators (URLs) Internet Protocol (IP) address numbers Biometric identifiers, including finger and voice prints Full face photographic images and any comparable images Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data) 98
99 Information Management Points to Remember Data Breach Describe process if data breach occurs Address safe guards to minimize risk Portable media, paper, and electronic Faxes Confidentiality statements/disclaimer on cover sheets Located in secure location Responsibility and Confidentiality Statements Address employees, committee members, and board of directors 99
100 100
101 101
102 The Quality Program does not need to be complicated 102
103 Quality Management PHARM Core 17 PHARM Core
104 Quality Terminology Quality Improvement: A cycle that is never content with the results and continuously evaluates for areas of improvement. This is done by pushing the quality process forward and not just focusing on the outliers. Quality Improvement Project: An organization-wide initiative to measure and improve the service and/or care provided by the organization. Quality Management Program: A systematic data-driven effort to measure and improve consumer and client services and/or healthcare services, that identifies key indicators of quality or performance measures that indicate quality services are being provided. Quality Measurement: Used to improve health care services by monitoring and analyzing data and modifying practices in response to these data. 104
105 QUALITY MANAGEMENT PHARM Core 17 Quality Management Program The organization maintains a quality management program that promotes objective and systematic measurement, monitoring, and evaluation of services and implements quality improvement activities based upon the findings. [M] PHARM Core 18 Quality Management Program and Resources The organization employs staff and/or provides resources necessary to support the day-to-day operations of the quality management program. [3] 105
106 QUALITY MANAGEMENT May be the function of multiple people within the organization. Do not have to hire one person specific to this role or develop a quality management department. Duties should be outlined in the job description. 106
107 QUALITY MANAGEMENT PHARM Core 19 Quality Management Program Requirements The organization has a written description for its quality management program that: [--] a. Is approved by the organization s appropriate oversight authority; [2] b. Defines the scope, objectives, activities, and structure of the quality management program; [2] c. Is reviewed by the quality management committee at least annually and updated, as necessary; [2] d. Defines the roles and responsibilities of the quality management committee; and [2] e. Designates a member of senior management with the authority and responsibility for the overall operation of the quality management program and who serves on the quality management committee. [3] 107
108 QUALITY MANAGEMENT Oversight authority mentioned in element a refers to the Board of Directors or executive team. The member of senior management mentioned in element e is usually the medical director or another senior level person. 108
109 QUALITY MANAGEMENT PHARM Core 20 Quality Management Committee The organization has a quality management committee that: [--] a. Is granted authority for quality management by the organization's oversight authority; [3] b. Provides ongoing reporting to the organization s oversight authority; [3] c. Meets at least quarterly; [3] d. Maintains approved records of all committee meetings; [2] e. If applicable, includes at least one participating provider or receives input from participating providers; [4] f. Provides guidance to staff on quality management priorities and projects; [3] g. Approves the quality improvement projects to undertake; [3] h. Monitors progress in meeting quality improvement goals; and [3] i. Evaluates the effectiveness of the quality management program at least annually. [3] 109
110 Quality Program Description Document Quality Program Overview Designates quality authority and responsibility Resources Scope, Objectives, Activities Defines approval authority Approval frequency Quality Committee Committee Structure Responsibilities Membership / Chair Meeting frequency How and when to report to oversight authority Quality Methodology Define Performance measures 110
111 Frequently Asked Question PHARM Core 20 Q: What is meant by the term approved minutes? A: QM meeting minutes must be approved. This can be demonstrated by the signature of a committee chairperson or mention in the minutes meeting minutes were approved as written. 111
112 QUALITY MANAGEMENT PHARM Core 21 Quality Management Documentation The organization, as part of its quality management program, provides written documentation of: [--] a. Objectives and approaches utilized in the quality management activities; [3] b. Identification and tracking and trending of performance measures relevant to the scope of the accreditation including, but not limited to: [M] i. Access to services; [3] ii. Complaints; and [3] iii. Satisfaction; [3] c. Measures that are quantifiable and used to establish acceptable levels of performance; [M] d. Measuring baseline level of performance; [M] e. Re-measuring level of performance at least annually; [M] f. The implementation of action plans to improve or correct identified problems or meet acceptable levels performance measures; [M] g. The mechanisms to communicate the results of such activities to relevant staff; and [3] h. The mechanisms to communicate the results of such activities to the quality management committee. [3] 112
113 Quality Management Documentation Communicate QM activities to staff and organizational leadership Track and trend data related to consumer and client services Requirements Demonstrate efforts to improve services when goals not met Develop a Quality Program Description or P&P Bright Ideas Create a dashboard to report performance of key indicators Post QM projects and information on Intranet 113
114 Example of communicating the quality activities to relevant staff 114
115 What Can Be Used to Show Compliance Dashboards Quality committee agendas and minutes Performance measures tracking and trending reports / charts example: rolling 12 months or quarterly Access Satisfaction Complaints Staff meeting minutes Staff newsletters/ s/company website Will look at Quality Committee minutes/reports when on-site to determine further compliance 115
116 QUALITY MANAGEMENT 116
117 QUALITY MANAGEMENT PHARM Core 22 Quality Improvement Projects At any given time, the organization maintains no less than two quality improvement projects that address opportunities for error reduction or performance improvement related to the services covered by the accreditation. [M] The quality improvement projects must fall under the scope of the services being accredited 117
118 Why are Quality Improvement Projects Valuable? Improve operations internally Differentiates organization from the competition Provides data for Request for Proposals and Request for Information requirements Provides basis for risk management strategies Produces company best practices as well as industry-wide best practices 118
119 Project Selection and Process Evaluate and prioritize the opportunities within your organization or department. Select projects that focus on the consumer/client. Select projects that are important to the organization and have realistic expectation that will result in improvement. Verify with data that the organization has an opportunity to improve. 119
120 QUALITY MANAGEMENT PHARM Core 23 Quality Improvement Projects Requirements For each quality improvement project, the organization will: [--] a. Establish measurable goals for quality improvement; [3] b. Design and implement strategies to improve performance; [3] c. Establish projected time frames for meeting goals for quality improvement; [3] d. Re-measure level of performance at least annually; [3] e. Document changes or improvements relative to the baseline measurement; and [3] f. Conduct an analysis if the performance goals are not met. [3] 120
121 Key Point Frequently Missed For a quality improvement project to count: Must show that the organization has started to implement improvement strategies at least by the time of the onsite review. Project may count if is was completed within the past 12 months from the date that URAC received submission of documents via AccreditNet for accreditation or reaccreditation. Take a close look at your quality improvement projects to ensure that they meet these requirements. 121
122 Quality Improvement Project Requirements QIP Requirements Project start date. Identify quantifiable baseline measures(s) for the indicator and relevance to the clients and/or consumers served. Quantifiable goals associated with the measures(s). Improvement strategies and dates these were implemented. Periodic progress measurements and documented discussions. Changes in improvement strategy and brief description of change. Project end date. 122
123 Quality Improvement Project Requirements QIP Requirements Make sure you understand the difference between baseline level of performance and measurable goals. Make sure they are truly measurable. Make sure they are in the same units. Establish time frames (end dates) for achievement. 123
124 Why Do a Baseline Measurement? The beginning point, based on an evaluation of output over a period of time, used to determine the process parameters prior to any improvement effort; the basis against which change is measured. To verify that an expected performance measure correlates with expectations, and if not, to give a starting point for designing a quality improvement project and measuring future improvement following interventions. 124
125 Align Baseline and Goal Measures Apples to Apples QIP: Patient Satisfaction Survey Response Rates Baseline 25% Return Rate (50 out of 200 surveys were returned) Goal 75% Return Rate (150 out of 200 surveys were returned) QIP: Compliance with Appeal Turnaround Times Baseline 80% of cases are meeting 30-day standard appeal turnaround time Goal 100% of cases meet the 30-day standard appeal turnaround time 125
126 Pitfall: Apples to Oranges Measures QIP: Patient Satisfaction Baseline Goal Survey return rate is at 20% Increase patient satisfaction to 80% highly satisfied QIP: Increase Patient Enrollment in Patient Management Baseline Goal Current enrollment rate is 30 patients Decrease opt-out rate 126
127 Must be measurable apples to apples Realistic Characteristic of a Goal Related to the performance measures associated with the quality improvement project 127
128 Quality Improvement Project Form 128
129 Name of Project: (Core 20 (g), Core 23 (b) Insert the Name of the Quality Improvement Project Description and Background [Core 19, 20, 21] Provide a description of the performance issue identified and what data or information indicated there was a problem? Describe the population affected by the Quality Improvement Project [Core 21(b)(i)(ii)(iii)(g)(h), Core 24(a),(b)] Summarize who will be affected by the project. Consumers or Clients? Selection Process [Core 19(b), Core 20(g), Core 21 (a)(b)(i),(ii),(iii)(c)(d)(e)(f) and Core 23(a)] Summarize why this particular project was selected and what specific data supports the need for this project? Relation to Modules under Review [Core 21 (a)(b)(i),(ii),(iii), Core 24(a)(b)] Summarize how this project relates to the modules under review? Date approved by the Quality Management Committee [Core 20(g)] What is the date the project was approved by the Quality Management Committee? Date of meeting minutes reflecting approval by Quality Management Committee [Core 20(d)] Date of meeting minutes indicating approval of project by the Quality Management Committee. Time Frames [Core 23(c)] Date intervention/actions started for this project.. Focus of Project [Core 24(a)(b)] Is the focus of the project clinical or non-clinical? Name of Senior Clinical Staff Person Involved [Core 24 (b)] If the project is clinical in nature, provide the name of the clinical staff person involved and the name of the participating provider on the QM committee or identify the provider committee involved in the decision to proceed with the project. Baseline Measurement [Core 21(d)] Summarize how the data was collected and provide the baseline data of the performance level at the beginning of the project. Provide measureable data such as sample size, numerator, denominator etc. as applicable to the project. 129
130 Data Collection [Core 21(a),(b),(c) and Core 23(a)] Provide sufficient information to substantiate what data will be collected and what methodologies will be used to provide for comparisons over time. Measurable Goal(s) toward improvement [Core 23(a)] Provide the measureable goals set by your organization Projected Timeframe to Achieve Goals [Core 23(c)] Provide the projected timeframe, or best estimate to achieve the performance improvement goals set by the organization. Initial Interventions/Action Plans [Core 23 (b)(e)(f)] Barriers Identified and Intervention/Action Taken List the initial interventions/action plan taken to improve performance List the 2nd interventions/action plan taken to improve performance. List the 3rd interventions/actions taken to improve performance List the 4th interventions/actions taken to improve performance List the 5th interventions/actions taken to improve performance Date Implemented Date intervention/action implemented Date intervention/action implemented Date intervention/action implemented Date intervention/action implemented Date intervention/action implemented 130
131 Periodic Measurements at least annually [Core 23(d)] and re-measurement for changes or improvements to baseline [Core 23(e)] Date of Measurement Result of Measurement Date Reported to QM Committee Date of 1st Measurement (Not the baseline measurement) Summarize the results achieved utilizing statistical methodologies If an initial project improvement measurement has not occurred, then when will it be conducted? QMC comments based on results of 1st measurement [Core 32(f) (h)] Date of 2nd measurement Summarize the results achieved utilizing statistical methodologies QMC comments based on results of 2nd measurement [Core 32(f) (h) Date of 3rd Measurement Summarize the results achieved utilizing statistical methodologies QMC comments based on results of 3rd measurement [Core 32(f) (h) Date of 4th Measurement Summarize the results achieved utilizing statistical methodologies QMC comments based on results of 4th measurement [Core 32(f) (h)] Date results submitted to QMC Interventions/Actions implemented based on results of 1st measurement [Core 34(d)] Date results submitted to QMC Interventions/Actions implemented based on results of 2nd measurement [Core 34(d)] Date results submitted to QMC Interventions/Actions implemented based on results of 3rd measurement [Core 34(d)] Date results submitted to QMC Interventions/Actions implemented based on results of 4th measurement [Core 34(d)] Conducts an analysis if performance goals are not met [Core 23(f)] Barriers Identified and Actions Taken 131
132 QUALITY MANAGEMENT PHARM Core 24 Consumer Organizations: Quality Improvement Projects For an organization that interacts with consumers: [--] a. At least one of the two quality improvement projects must address consumer safety for the population served and [M] b. If the quality improvement project is clinical in nature, then the organization demonstrates the involvement of a senior clinical staff person in judgments about the use of clinical quality measures and clinical aspects of performance. [M] 132
133 Resources an Organization Can Use for Quality Improvement Projects Complaint Data Satisfaction Results Mail order medication errors shipping errors Access reports increase in call answer times Inter-rater reliability reports Chart Audits Prior Authorization Denial Rates Privacy Breaches URAC Performance Measures Geo-access Report 133
134 Staff Qualifications PHARM Core 25 PHARM Core 26 & Staff Management PHARM Core 27 PHARM Core
135 STAFF QUALIFICATIONS PHARM Core 25 Job Descriptions The organization has written job descriptions for staff that address requirements pertinent to the scope of the positions role and responsibilities: [--] a. Required education, training, and/or professional experience; [2] b. Expected professional competencies; [2] c. Appropriate licensure/certification requirements; and [2] d. Current scope of role and responsibilities. [2] Element a is frequently missed 135
136 STAFF QUALIFICATIONS PHARM Core 26 Staff Qualifications Staff meets qualifications as required in written job descriptions. [3] Staff The organization's employees, including fulltime and part time employees and consultants. It is not URAC s intent to require job descriptions for consultants a copy of the written agreement or contract may be provided. Compliance will be assessed during the employee file review. Suggest providing resumes of key positions under the scope of the accreditation to be compared to job descriptions during desktop review. 136
137 STAFF MANAGEMENT PHARM Core 27 Staff Education and Training Program The organization has an ongoing education and training program that includes: [--] a. Initial orientation and/or training for all staff before assuming assigned roles and responsibilities; [2] b. Training in current URAC Standards as appropriate to job functions; [2] c. Conflict of interest; [4] d. Confidentiality; [M] e. Documentation of all training provided for staff; and [2] f. Ongoing education and training, at a minimum annually, to maintain professional competency. [2] 137
138 Frequently Asked Question PHARM Core 27 Q: How can we demonstrate compliance with PHARM Core 27? A: Maintain a checklist and/or roster when training occurs. 138
139 Staff Training Program Points to Remember Evidence of training in current URAC standards as appropriate to job functions for all employees Note version of standards in training presentations Documentation of training orientation or on-going If kept electronic, the organization must be able to evidence that training occurred Evaluate this during the HR file review Evidence of on-going training to maintain professional competency Addressing all employees not just those that are licensed Evidence of such training at a minimum of annually Frequently missed during desktop review and validation review. 139
140 STAFF MANAGEMENT PHARM CORE 28 Staff Operational Tools and Support The organization provides staff with: [--] a. Written policies and/or documented procedures appropriate to their jobs; [2] b. Clinical decision support tools as appropriate; and [2] c. Regulatory requirements as related to their job function. [2] Compliance documents may include Formal written policies and procedures Flowcharts Clinical Guidelines, Algorithms Pharmacology References State specific requirements 140
141 Staff Operational Tools and Support Points to Remember Staff may be asked what resources do they have available to them during the staff interview and/or tour of the facility. Publish new pharmacy laws and regulations in employee newsletter. Have company policies and procedures online for easy access by employees. Provide clinical reference materials online or hard copy for all categories of staff. Employees have necessary resources: Policies and procedures, training, management support etc. 141
142 STAFF MANAGEMENT PHARM Core 29 Staff Assessment Program The organization maintains a formal assessment program for individual staff members, which includes: [--] a. An annual performance appraisal and [2] b. A review of relevant documentation produced by that individual staff member. [3] Element B Could be CEUs from conferences, chart audit results, inter-rater reliability testing, employee specific error reporting 142
143 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM CORE 30 PHARM CORE
144 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM Core 30 Clinical Staff Credentialing The organization implements a written policy and/or documented procedure to: [--] a. Primary source verify the current licensure or certification of staff whose job description requires licensure or certification upon hire, and thereafter no less than every three 3 years; [M] b. Require staff to notify the organization in a timely manner of an adverse change in licensure or certification status; [M] c. Implement corrective action in response to adverse changes in licensure or certification status; and [M] d. Primary source verify current licensure and certification upon hire, and thereafter no later than scheduled expiration. [L] 144
145 Definition of Primary Source Verification Primary Source Verification Verification of a practitioner s credentials based upon evidence obtained from the issuing source of the credential 145
146 Unacceptable Primary Source Verification 146
147 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE Clinical Staff Credentialing Test Your Knowledge Once Human Resources has verified a licensure prior to hire, is primary source verification necessary each time the license expires? Answer: Yes primary source verification is required with each verification cycle. If there is adverse change in licensure, can an employee continue to work at the organization? Answer: Yes but cannot continue in job that requires licensure. Does URAC specify the timeframe in which an employee needs to notify their supervisor of an adverse change in licensure? Answer: No the standard indicates in a timely manner. Many organizations state in their policy immediately. 147
148 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE Clinical Staff Credentialing Test Your Knowledge Who should complete the primary source verification? Answer: The employee s supervisor or HR. It cannot be the employee themselves. How frequently should licensure and certifications be verified? Answer: Upon hire and thereafter no less than every three years. Leading Indicator says upon hire and thereafter no later than scheduled expiration. Note: Most pharmacist license expire every 1 to 2 years. 148
149 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM Core 31 Senior Clinical Staff Requirements The organization designates at least one senior clinical staff person who has: [--] a. Current, unrestricted clinical license(s) (or if the license is restricted, the organization has a process to ensure job functions do not violate the restrictions imposed by the state licensure board); [M] b. Qualifications to perform clinical oversight of the services provided; [M] c. Post-graduate experience in patient care; and [M] d. Board certification (if the senior clinical staff person is an M.D. or D.O.). [3] 149
150 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM Core 32 Senior Clinical Staff Responsibilities A senior clinical staff person s program responsibilities include: [--] a. Provides guidance for clinical operational aspects of program; [3] b. Is responsible for oversight of clinical decision-making aspects of program; [M] c. Has periodic consultation with practitioners in the field; and [3] d. Ensures the organizational objective to have qualified clinicians accountable to the organization for decisions affecting consumers. [M] List these responsibilities in the Senior Clinical person s job description. Will verify onsite during interview process. 150
151 Senior Clinical Staff Points to Remember Include in the job description the number of years of post graduate experience. URAC does not recognize board eligible designation. Job description should include the term current when addressing clinical licensure. URAC expects organizations that provide health-related and/or pharmacy services have a senior clinical staff person for oversight. Pharmacy Benefit Organization pharmacist or M.D. or D.O. 151
152 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM Core 33 Financial Incentive Policy If the organization has a system for reimbursement, bonuses, or incentives to staff or health care providers based directly on consumer utilization of health care services, then the organization implements mechanisms addressing how the organization will ensure that consumer health care is not compromised. [M] Please upload attestation signed by a senior staff person within your organization if the organization DOES NOT have a financial incentive program. 152
153 Financial Incentive Points to Remember If financial incentives are offered, there should be mechanisms in place so consumer health care is not compromised. If there are no financial incentives, there should be a signed attestation stating this should be uploaded under this standard element. 153
154 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM Core 34 Access to Services The organization establishes written policies and/or documented procedures to ensure access to services covered by the accreditation. [M] Define the organization s ASA and abandonment metrics and hours of operation 154
155 CLINICAL STAFF CREDENTIALING AND OVERSIGHT ROLE PHARM Core 35 Consumer Complaint Process The organization maintains a formal process to address consumer complaints that includes: [--] a. A process to receive and respond in a timely manner to complaints; [M] b. Notice (written or verbal) of final result with an explanation; [4] c. Informs consumers of the avenues to seek further review if an additional complaint review process is available; [4] d. Evidence of meeting the organization s specified time frame for resolution and response; and [4] e. Reporting analysis of the complaints to the quality management committee. [3] 155
156 Consumer Complaint Process Points to Remember Tracking Mechanism to track all complaints. Define time frame for resolution. Evaluate complaint resolution and response time. Reports compliant quality measure to committee. Notification Response may be verbal or written. Include further complaint review process. Compliance Through File Review 156
157 Health Care System Coordination PHARM Core
158 HEALTH CARE SYSTEM COORDINATION PHARM Core 36 Coordination with External Entities The organization establishes and implements mechanisms to promote collaboration and communication with applicable external entities to coordinate health services for consumers. [1] Note: This standard may not be applicable if the organization s contracts with clients that do not allow coordination of consumer health services with external entities. What are some examples of coordination with external entities? 158
159 Consumer Protection and Empowerment PHARM Core
160 CONSUMER PROTECTION AND EMPOWERMENT PHARM CORE 37 Consumer Rights and Responsibilities The organization implements a mechanism for informing consumers of their rights and responsibilities. [4] The organization s written policies and/or documented procedures should specify how and when this information is shared with the consumer. 160
161 Consumer Rights and Responsibilities Can be posted on the website. Utilize interdepartmental coordination for review and approval. Have quality committee approve. Include in the welcome packet. 161
162 CONSUMER PROTECTION AND EMPOWERMENT PHARM CORE 38 Consumer Safety Mechanism The organization has a mechanism to respond on an urgent basis to situations that pose an immediate threat to the health and safety of consumers. [M] Must have in place mechanisms to respond to reports of immediate threats to consumer safety, such as suicide threats, child abuse, spousal abuse, elder abuse, drug and/or medical device recalls. 162
163 Consumer Safety Mechanism Mandatory Requirements Organization must have a process in place to handle threats of (e.g.) Suicide Child/Elder abuse Drug Recalls Bright Ideas Develop scripting for each situation and make them available at each work station Conduct thorough training Role-play with staff 163
164 Example: 164
165 CONSUMER PROTECTION AND EMPOWERMENT PHARM Core 39 Consumer Satisfaction The organization implements a mechanism to collect or obtain information about consumer satisfaction with services provided by the organization. [3] Surveys Focus Groups Complaints / Grievances 165
166 CONSUMER PROTECTION AND EMPOWERMENT PHARM Core 40 Health Literacy This standard is reserved as a place holder for numbering consistency across Core Organizational Quality Standards. Refer to Standard CSCD Health Literacy and Cultural Sensitivity Communication Requirements for related information or Drug Therapy Management Communication Standards. 166
167 CONSUMER PROTECTION AND EMPOWERMENT PHARM Core 41 Employment Background Screening The organization has an employment background screening program for employees who handle pharmaceuticals and patient data which include: [--] a. Criminal background check and [M] b. Drug testing/screening. [M] The intent of the standard is to ensure services provided to consumers are safe. 167
168 Employment Background Screening Points to Remember Employment background screening should include identification, criminal record, sex offender and other information. At a minimum, drug testing/screening must be provided for employees who have access to medications and control substances. At a minimum, must provide background screening for employees who have access to consumers PHI. 168
169 URAC Education Programs, Events and Resources 169
170 URAC Education Programs and Events 170
171 Continuing Education Units/Credits Continuing Education Units/Credits My Meetings Account Evaluation Certificate Approved for this education program Registered participants log into your My Meetings registration account to find the posttest link Registered participants must earn at least 70% Registered participants have up to 30 days to complete the test after this education program You will have the option to print your certificate(s) after providing some demographic 171
172 Access your CEUs through Prime 1. Go to credit 2. Enter Pharmacy Core program code: 173
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
More informationHIPAA-Compliant Research Access to PHI
HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for
More informationHIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
More informationURAC Overview: Network Management and Consumer Satisfaction
URAC Overview: Network and Consumer Satisfaction Presenter: Donna Merrick Director, Program Standards and Maintenance Date: December 8, 2015 About URAC Mission To promote continuous improvement in the
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationCompliance Program and HIPAA Training For First Tier, Downstream and Related Entities
Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent
More informationUniversity of Cincinnati Limited HIPAA Glossary
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationVENDOR / CONTRACTOR. Privacy Basics
VENDOR / CONTRACTOR Privacy Basics Introduction Premera s mission is to provide our customers with peace of mind about their healthcare. This requires that everyone who works with or for Premera (the Company
More informationUPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationHIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
More informationHIPAA COMPLIANCE INFORMATION. HIPAA Policy
HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas
More informationSCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training
SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative
More informationPOLICY AND PROCEDURE RELATING TO HEALTH UTILIZATION MANAGEMENT STANDARDS
POLICY AND PROCEDURE RELATING TO HEALTH UTILIZATION MANAGEMENT STANDARDS Prepared by The Kansas Insurance Department August 23, 2007 POLICY AND PROCEDURE RELATING TO HEALTH UTILIZATION MANAGEMENT STANDARDS
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationNorth Shore LIJ Health System, Inc. Facility Name
North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: The Medical Record POLICY #: 200.10 Approval Date: 2/14/13 Effective Date: Prepared by: Elizabeth Lotito, HIM Project Manager ADMINISTRATIVE
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationState of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits
State of Nevada for the Requirements for PEBP Health Benefits Plan Year 2016 July 1, 2015 June 30, 2016 www.pebp.state.nv.us (775) 684-7000 Or (800) 326-5496 Amendments Amendment Log Any amendments, changes
More informationLegal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA
Big Data Analytics Under HIPAA Kevin Coy and Neil W. Hoffman, Ph.D. Privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule can have a significant
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationHIPAA SELF STUDY TRAINING GUIDE
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may
More informationHIPAA Audits Are Here!
HIPAA Audits Are Here! How to prepare for and what to expect when OCR comes knocking May 12, 2016 James B. Wieland, Principal, Ober Kaler Emily H. Wein, Principal, Ober Kaler David Holtzman, VP of Compliance,
More informationJanuary 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules
Employer Sponsored Group Health Plans and the HIPAA Privacy Rules Employers must be prepared for their obligations under the HIPAA Privacy Rules January 2003 Bob Radecki KnowHIPAA.com HIPAA-COBRA-FMLA
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationBUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE
BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties
More informationUniversity of California Policy
University of California Policy HIPAA Uses and Disclosures Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective
More informationBUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationWinthrop-University Hospital
Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationHIPAA-G04 Limited Data Set and Data Use Agreement Guidance
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related
More informationHIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More information4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Limited Data Sets and Data Use Agreements 10200 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel
More informationHealth Insurance Portability and Accountability Act (HIPAA) Privacy Compliance Plan
POLICY # : 90 AREA: Agency AFFECTED DIVISION: All Divisions EFFECTIVE DATE OF BOARD APPROVAL: September 25, 2013 Executive Director Board President Health Insurance Portability and Accountability Act (HIPAA)
More informationTJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT
PRIVACY POLICY STATEMENT Purpose: It is the policy of this Physician Practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationURAC PATIENT CENTERED HEALTH CARE HOME PROGRAMS
URAC PATIENT CENTERED HEALTH CARE HOME PROGRAMS Today s Speaker Christine G. Leyden, RN, MSN SVP & GM Client Services, Chief Accreditation Officer 7/27/2011 2011 URAC 2 Learning Objectives for Today s
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationHIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS
HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units
More informationBusiness Associate Agreement
Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf
More informationDATA USE AGREEMENT RECITALS
DATA USE AGREEMENT This Data Use Agreement (the Agreement ), effective as of the day of, 20, is by and between ( Covered Entity ) and ( Limited Data Set Recipient or Recipient ) (collectively, the Parties
More informationInformation Privacy and Security Program Title:
1 Page: 1 of 5 I. PURPOSE: 1 The purpose of this standard is to identify and define the standards for implementing contracting provisions related to those individuals and organizations identified as Business
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationRiverside Physician Network Utilization Management
Subject: Program Riverside Physician Network Author: Candis Kliewer, RN Department: Product: Commercial, Senior Revised by: Linda McKevitt, RN Approved by: Effective Date January 1997 Revision Date 1/21/15
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationThe post holder will be guided by general polices and regulations, but will need to establish the way in which these should be interpreted.
JOB DESCRIPTION Job Title: Membership and Events Manager Band: 7 Hours: 37.5 Location: Elms, Tatchbury Mount Accountable to: Head of Strategic Relationship Management 1. MAIN PURPOSE OF JOB The post holder
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationWhat is Covered by HIPAA at VCU?
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
More information2014 Quality Improvement and Utilization Management Evaluation Summary
2014 Quality Improvement and Utilization Management Evaluation Summary INTRODUCTION The Quality Improvement (QI) and Utilization Management (UM) Program Evaluation summarizes the completed and ongoing
More informationFinal. National Health Care Billing Audit Guidelines. as amended by. The American Association of Medical Audit Specialists (AAMAS)
Final National Health Care Billing Audit Guidelines as amended by The American Association of Medical Audit Specialists (AAMAS) May 1, 2009 Preface Billing audits serve as a check and balance to help ensure
More informationChildren's Hospital, Boston (Draft Edition)
Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What
More informationHIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.
2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes
More informationFWA Program. Program Description. Issued by: Regulatory Compliance Department
FWA Program Program Description Issued by: Regulatory Compliance Department July 2016 2016 FWA Program Description Page 1 of 16 Table of Contents Introduction Introduction..3 Definitions 4 Examples..6
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationHIPAA Medical Billing Requirements For Research
The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...
More informationPOLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW
Compliance Policy Number 1 POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013 Compliance Plan To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW Sound Inpatient Physicians,
More informationDocket: CMS-2009-0040 Request for Information Regarding the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008
PUBLIC SUBMISSION Docket: CMS-2009-0040 Request for Information Regarding the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 Comment On: CMS-2009-0040-0001 Request
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHealth Insurance Portability & Accountability Act (HIPAA) Compliance Application
Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT
More informationGeneral HIPAA Implementation FAQ
General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationHIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE
Important: Conducting an assessment of your health plan(s) is the first step to determining HIPAA compliance. You will need to conduct a separate assessment for each of your health plans. (Please be aware
More informationHIPAA NOTICE OF PRIVACY PRACTICES
HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationProtecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal
More informationHIPAA Privacy Policy & Notice of Privacy Practices
HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the
More informationHarris County - Texas HIPAA Notice of Privacy Practices
Harris County - Texas HIPAA Notice of Privacy Practices Effective Date: September 23, 2013. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationProtecting Patient Information in an Electronic Environment- New HIPAA Requirements
Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA
More information2016 OCR AUDIT E-BOOK
!! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that
More information[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :
[Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred
More informationDe-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "
De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationCHAPTER 59A-23 WORKERS COMPENSATION MANAGED CARE ARRANGEMENTS 59A-23.001 Scope. 59A-23.002 Definitions. 59A-23.003 Authorization Procedures.
CHAPTER 59A-23 WORKERS COMPENSATION MANAGED CARE ARRANGEMENTS 59A-23.001 Scope. 59A-23.002 Definitions. 59A-23.003 Authorization Procedures. 59A-23.004 Quality Assurance. 59A-23.005 Medical Records and
More informationReproductive Medicine Associates of New Jersey, LLC
NOTICE OF PRIVACY PRACTICES Effective Date: September 20, 2013 Last Modified: May 12, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO
More informationEffective Date: March 23, 2016
AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationA How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1
A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationAdministrative Services
Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationThe Seven Elements of a Vendor Oversight Program
The Seven Elements of a Oversight Program DST Health Solutions September 2014 The Seven Elements of a Oversight Program The Seven Elements of a Oversight Program Medicare Advantage plans must gain efficiencies
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationTriageLogic Information Security Policy
TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards
More informationNOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS
NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
More information