Responding to HIPAA Regulations: An Update on Electronic Transaction and Privacy Requirements
|
|
- Kelley Jordan
- 8 years ago
- Views:
Transcription
1 Responding to HIPAA Regulations: An Update on Electronic Transaction and Privacy Requirements Ronald W. Manderscheid, Ph.D. and Marilyn J. Henderson, M.P.A. United States Center for Mental Health Services Sarah Wattenberg, M.S.W., and Mady Chalk, Ph.D. United States Center for Substance Abuse Treatment The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has brought many changes to behavioral healthcare. The changes include the ability to move one s health insurance coverage when one moves from one job to the next and the right to continue health insurance coverage after employment has ended. HIPAA also has provided the framework for discussions of parity between mental health insurance and general health insurance benefits that continue to this day. Much less discussed until the present are the administrative simplification requirements that were built into the HIPAA legislation and are currently being codified by the U.S. Department of Health and Human Services (DHHS) in a series of regulations. The current status of these regulations is described briefly below. However, before discussing the administrative simplification provision of HIPAA, it is necessary to define which entities are covered and therefore must abide by the regulations. Covered Entities: The first determination that must be made is whether one is a covered entity. Under the HIPAA regulations, a covered entity is a health care provider that engages in particular types of electronic health commerce with respect to any of the nine covered electronic transactions described below. In simple terms, for example, if a provider engages in electronic benefit checks, or processing of electronic bills or payments, then it is a covered entity. (Other entities who engage in such transactions, for example, health insurance plans and clearinghouses that process such data, are also covered entities.) Once an entity is covered under one regulation, then all of the administrative simplification requirements of HIPAA apply. DHHS will not make the determination of who is or is not a covered entity. States and other entities need to make this decision based on an internal consideration of the regulations and their definitions and through legal consultation, if possible. The immediate impulse of most providers and insurers will be to try to avoid being defined as a covered entity. The wisdom of this impulse should be explored. There are two reasons for not deciding that one is excluded from coverage. The first is that coverage may be forced upon one organization by another. For example, many insurers require electronic submission of claims. In this case, providers will only be paid if they submit claims electronically in the required HIPAA format. At the point of electronic submission, the provider will become a covered entity. Secondly, electronic commerce in the health sector is clearly becoming more prevalent as time progresses. Hence, if providers and insurers are to avoid becoming archaic islands of paper in a sea of electronic commerce, then providers should consider whether remaining a non-covered 1
2 entity is a reasonable decision (insurers have no choice). Electronic Transactions Requirements: Beginning on October 16, 2003, covered providers and health insurance companies will be required to use precisely defined variables when engaging in electronic commerce around insurance enrollment, insurance benefit checks, submission of claims, processing of payments, and coordination of insurance benefits. The original implementation date for electronic transactions was October 16, However, this date was moved back to October 16, 2003 by recent congressional legislation because it was felt that most entities would not be ready in As part of the legislation that modified the implementation date, a new requirement was imposed: covered providers and insurers must submit an implementation plan to DHHS by October 16, The plan requires information about implementation, including the financial and staff resources each business intends to commit to HIPAA implementation. Guidance for the implementation plan is anticipated from the Centers for Medicare and Medicaid Services (CMS) on behalf of DHHS by the end of March Privacy Requirements: Entities that are covered by the electronic transaction requirements are automatically covered under the HIPAA Privacy Rule. Currently, the DHHS privacy regulations are due to be implemented on April 14, The privacy requirements specify how organizations will protect written, oral and electronic health records of individuals. Organizations need to do a gap analysis to identify flaws in their privacy procedures and create a work plan to overcome these deficits. Although the privacy regulations apply to records maintained on all health, mental health, and substance abuse clients, they do not apply to psychotherapy notes maintained by mental health and substance abuse providers. It is important to note that the regulations have a narrow definition of psychotherapy notes they are the notes that are kept outside the health record for the sole use of the practitioner who created them. For individuals treated in substance abuse programs, the provisions of the federal confidentiality laws which govern substance abuse records (42 CFR part 2) are generally considered to be more stringent than HIPAA. However, there are some areas in which HIPAA presents requirements that are not contained in the substance abuse regulations. Therefore, both regulations must be read together. These privacy regulations preempt any state laws with lesser or contradictory requirements. Both civil and criminal penalties and fines can be invoked by DHHS when they are violated by covered entities. Security Requirements: The security requirements are a companion piece to the privacy requirements in that one cannot effectively address the privacy requirements unless one considers electronic security issues as well. A draft of the security regulations was circulated for comment to the health care field early in However, DHHS has yet to issue final security regulations. In general, the draft security requirements identified both organizational and information technology areas that represent potential security vulnerabilities. Like the privacy requirements, they specify procedures for organizations to address deficiencies. Electronic Patient Record Requirements: 2
3 HIPAA requires that DHHS engage in a dialogue with the health care community and develop recommendations regarding the content and implementation of electronic patient health care records. Some initial discussions have been held by DHHS committees, but a broader consultation has not yet occurred. Together, these four areas comprise the administrative simplification provisions of the HIPAA legislation. Elaboration of Electronic Transaction and Privacy Requirements This section describes in more detail the electronic transaction requirements and the privacy requirements, as well as specific actions that the Substance Abuse and Mental Health Services Administration (SAMHSA) and its Centers are taking to help the field address these requirements. Electronic Transactions: Currently, the Center for Mental Health Services (CMHS) is preparing guidance for the behavioral health field that contains specifications of all the variables required for each type of covered electronic transaction. It is expected that these guides will be available in the spring of 2002, both in paper and electronic form. The guides for the nine transactions represent a major component of the data standards for a new information system for behavioral health, Decision Support 2000+, currently under development by CMHS. Persons wishing to learn more about Decision Support can do so at The Center for Substance Abuse Treatment (CSAT) is a partner in developing this new information system. Understanding the nature and content of the nine electronic transactions included in the HIPAA administrative simplification requirement is an important first step in becoming compliant with these requirements. Most providers and insurers will need to ask themselves whether or not they have electronic data defined in the specific ways required by the guides in order to successfully complete the transactions. In most instances, the answer will be no. If that is the case, an entity will need to decide either to change its electronic data collection protocols and make them compliant with the guides, or to establish a contract with a clearinghouse that will translate the organization s non-compliant data into the required data format. Some organizations may choose to do both if data for some required transactions is compliant and data for other transactions is not. One possibility is to begin collecting HIPAA-compliant data formats using Internet-based software specifically designed for this purpose. A number of firms are currently developing software for the nine electronic transactions. If an entity decides to use such software, it should be certified as being fully compliant with DHHS requirements. Of special note, the nine covered electronic transactions will use the ICD-9-CM diagnostic system rather than DSM-IV. Software is currently available to translate from DSM-IV to ICD-9-CM. In addition, CMHS and CSAT are currently supporting work to develop a new system of procedure codes for mental health and substance abuse services. These new codes will supplement the current HCPCS and CPT-4 procedure codes required by HIPAA. 3
4 It is probably safe to assume that most providers in the behavioral health field will not be able to successfully make the transition to the nine electronic transactions without external assistance of some type. This external assistance can range from help in understanding which electronic transactions apply to that entity (and how to incorporate those transactions in the ongoing work flow of the entity), to help in selecting internet-based software or a clearinghouse to process the required electronic transactions. As always, the concept of caveat emptor applies. Clearly, many consultants will be offering HIPAA related services. Not all of these services will be of equal quality. Following erroneous advice and submitting incorrect data will not relieve covered entities from submitting the required electronic transactions in the appropriate format with the correct content. Privacy: Since privacy has been a concern to the mental health and substance abuse fields since their inception, many stringent privacy practices were in place prior to HIPAA. As a result, implementing the HIPAA privacy requirements should not be too difficult for these entities. The HIPAA electronic transaction requirements will be more burdensome and require more consideration, as information technology is not generally an expertise of those trained in the mental health and substance abuse professions. Overall, the HIPAA privacy requirements have to do with several major activities. The first is assuring that internal organizational processes protect confidential patient information irrespective of the form in which the information is stored hand written, type written, paper copy of a fax, oral, electronic, etc. Covered entities need to conduct internal reviews of their routine business practices to assess how well the organization protects this information and prevents inappropriate disclosures. A number of checklists are available to aid entities in these internal reviews (see for examples). Second, once problems are detected, the organization needs to modify its business practices as appropriate, reflect those changes in their policies and procedures, and train the staff in the new procedures. Third, entities will need to work with consumers to inform them of their rights, counsel them about providing written authorizations for release of information, and describe the grievance procedures they can use if they feel that their privacy has been violated. Like the checklist for organizational procedures, guides are also being developed to help entities work with their consumers. As part of being compliant with the HIPAA privacy requirements, it will be important to clearly define the boundaries of what business practices will be done internally by the organization and which practices will be contracted out to another entity. For instance, a clearinghouse that processes transaction data can perform certain functions for the covered entity if they are under a Business Associate agreement with the organization. This type of agreement has clear definitions and regulations under HIPAA, which explain under what circumstances entities and business associates can appropriately receive and send identifiable and confidential client information. Five Important Steps Below are five steps that you should take immediately to address the HIPAA administrative 4
5 simplification requirements. The steps are presented in the order that we recommend you carry them out. Step 1: Determine whether you are a covered entity under the HIPAA administrative simplification provisions. Although the issue has been described above, only you can make the determination. Step 2: Once you have determined that you are a covered entity, develop an understanding of the content of the electronic transaction implementation plan you will be required to submit to DHHS on or before October 16, Knowing requirements of this plan will help you determine the specific actions to be taken in subsequent steps. Step 3: Evaluate your business operations to determine which of the nine electronic transactions apply specifically to you. For most providers, at a minimum, this will include insurance benefit checks, claims submissions, and checking on claim status. As part of this step, also determine whether your current data systems are capable of providing the information required for these transactions in the HIPAA compliant format. Step 4: If your data systems are not capable of providing the required information in the required format for those covered electronic transactions you will use, then you should consider contracting with a clearinghouse to process the data that you currently have into the appropriate format. The data standards being developed as part of Decision Support should help you in determining with the clearinghouse which specific data elements apply to you for each of the transaction types. Step 5: Undertake an organizational analysis of your entity s current privacy practices and establish an internal team to make organizational modifications as necessary. The internal assessment should include reading the HIPAA regulations side-by-side with the federal Confidentiality of Alcohol and Drug Abuse Patient Records Regulations, as well as state laws that relate to privacy of patient information and related activities, such as data collection, utilization review, parental access to patient records of minors, etc. In addition, organizations should educate consumers about new consumer rights and responsibilities under HIPAA. Other Resources SAMHSA, through two of its Centers, CMHS and CSAT, is providing extensive technical assistance around the HIPAA administrative simplification provisions. You can visit the SAMHSA website, to review some of the resources being made available. You are also encouraged to visit the websites outlined in Figure 1 for further assistance. Conclusion Needless to say, this article will only help you get started with HIPAA it will not solve all of your HIPAA implementation concerns. For additional guidance, contact your own national professional associations and related entities for help in addressing the electronic transactions 5
6 and privacy requirements of HIPAA. If you are a public provider, try calling your state agency to see if they are providing HIPAA implementation support. Once the expected security regulations are released, you will need to conduct a security analysis for your entity around your information technology systems. If it is any consolation, additional requirements relating to electronic patient records are probably three to five years in the future. Figure 1 HIPAA Web sites Sponsoring Organization Department of Health and Human Services / Administrative Simplification (DHHS) Health Care Financing Administration (HCFA) Workgroups for Electronic Data Interchange (WEDI) Joint Healthcare Information Technology Alliance (JHITA) Electronic Healthcare Network Accreditation Commission (EHNAC) National Uniform Claims Committee (NUCC) National Uniform Billing Committee (NUBC) ANSI ASC X12N Strategic National Implementation Process (click on SNIP ) Privacy & Security Network 6
7 Association of Electronic Health Care Transactions Phoenix Health Systems (discussion groups & news alert) Joint Commission on Accreditation of Healthcare Organizations Assistant Secretary for Planning & Evaluation (Cost Benefit Tables) Beacon Partners Work Group for the Computerization of Behavioral Health and Human Services Information *Special thanks are due to One (Winter 2002), and the quarterly publication of CMHS Systems, Dublin, OH, for compiling this list of resource websites. 7
HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com
HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions
More informationGeneral HIPAA Implementation FAQ
General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,
More informationHealth Insurance Portability and Accountability Act HIPAA. Glossary of Common Terms
Health Insurance Portability and Accountability Act HIPAA Glossary of Common Terms Terms: HIPAA Definition*: PHCS Definition/Interpretation: Administrative Simplification HIPAA Subtitle F It is the purpose
More informationHIPAA: AN OVERVIEW September 2013
HIPAA: AN OVERVIEW September 2013 Introduction The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996. The overall goal was to simplify and streamline
More informationHIPAA Glossary of Terms
ANSI - American National Standards Institute (ANSI): An organization that accredits various standards-setting committees, and monitors their compliance with the open rule-making process that they must
More informationHIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General
HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction HIPAA Privacy Regulations-General The final HIPAA Privacy regulation was released on December 20, 2000 and was effective for compliance on April
More informationUnderstanding the HIPAA standard transactions: The HIPAA Transactions and Code Set rule
Understanding the HIPAA standard transactions: The HIPAA Transactions and Code Set rule Many physician practices recognize the Health Information Portability and Accountability Act (HIPAA) as both a patient
More informationELECTRONIC HEALTH RECORDS
ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability
More informationHIPAA. HIPAA and Group Health Plans
HIPAA HIPAA and Group Health Plans CareFirst BlueCross BlueShield is the business name of CareFirst of Maryland, Inc. and is an independent licensee of the Blue Cross and Blue Shield Association. Registered
More informationHIPAA Frequently Asked Questions Free & Charitable Clinic HIPAA Toolbox May 2014
HIPAA Frequently Asked Questions Free & Charitable Clinic HIPAA Toolbox May 2014 Following is a list of FAQs answered by Ropes & Gray, a law firm focusing on health care practices, on behalf of AmeriCares
More informationREFERENCE 5. White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry
REFERENCE 5 White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry Shannah Koss, Program Manager, IBM Government and Healthcare This
More informationHIPAA Help for Social Workers
HIPAA Help for Social Workers Introduction Social workers are increasingly entering the world of electronic claims transactions as these processes become more prevalent across the health care payment system.
More informationAlert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements
PROSKAUER ROSE LLP Client Alert HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements The U.S. Department of Health and Human Services published
More informationHIPAA The Law Explained. Click here to view the HIPAA information.
HIPAA The Law Explained Click here to view the HIPAA information. HIPAA - Provisions 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 More Information on Administrative Simplification
More informationHIPAA Administrative Simplification and Privacy (AS&P) Frequently Asked Questions
HIPAA Administrative Simplification and Privacy (AS&P) Frequently Asked Questions ELECTRONIC TRANSACTIONS AND CODE SETS The following frequently asked questions and answers were developed to communicate
More informationPCPCC National Briefing/Webinar
PCPCC National Briefing/Webinar O V E R C O M I N G B A R R I E R S T O C O L L A B O R A T I O N A M O N G B E H A V I O R A L H E A L T H A N D P R I M A R Y C A R E P R O V I D E R S D A Y N A B O W
More informationHIPAA Compliance. Saeed Rajput
HIPAA Compliance 1 What is HIPAA 26 cents of each health care dollar is spent on administrative overhead Health Insurance Portability & Account- ability Act - 1996 Public Law 104-191 191 To reform the
More informationGeisinger Health Plan
Geisinger Health Plan Companion Guide for the 820 Payroll Deducted and Other Group Premium Payment for Insurance Products Refers to the Implementation Guides Based on X12 version 004010A1 Version Number:
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationProtecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal
More informationHealth Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
More informationICD-10 Frequently Asked Questions
ICD-10 Frequently Asked Questions ICD-10 General Overview... 3 What is ICD-10?... 3 Why are we adopting ICD-10?... 3 What are the benefits of the ICD code expansion?... 3 What does ICD-10 compliance mean?...
More informationExecutive Memorandum No. 27
OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy
More informationIntroducing the NASW Updated Sample HIPAA Privacy Forms and Policies
Introducing the NASW Updated Sample HIPAA Privacy Forms and Policies Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2013 National
More informationELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability
United States Government Accountability Office Report to Congressional Requesters September 2015 ELECTRONIC HEALTH RECORDS Nonfederal Efforts to Help Achieve Health Information Interoperability GAO-15-817
More informationRONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania 19007 (215) 785-3400 (215) 785-3401 (Fax) childproviderlaw.
RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania 19007 (215) 785-3400 (215) 785-3401 (Fax) childproviderlaw.com HIPAA The Health Insurance Portability and Accountability Act
More informationICD-10 Compliance Date. Frequently Asked Questions. ICD-10 Implementation Frequently Asked Questions Updated September 2014
ICD-10 Implementation Frequently Asked Questions Updated September 2014 ICD-10 Compliance Date The U.S. Department of Health and Human Services (HHS) issued a rule on July 31, 2014 finalizing October 1,
More informationHIPAA Regulations and the Higher Education Institution
EDUCAUSE Center for Applied Research Research Bulletin Volume 2003, Issue 7 April 1, 2003 Life with HIPAA A Primer for Higher Education Toby D. Sitko, EDUCAUSE Center for Applied Research Norma K. S. Kenigsberg,
More informationThe HIPAA Security Rule Primer A Guide For Mental Health Practitioners
The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2
More informationThe HIPAA Privacy Rule: Overview and Impact
The HIPAA Privacy Rule: Overview and Impact DISCLAIMER: This information is provided as is without any express or implied warranty. It is provided for educational purposes only and does not constitute
More informationHealth Insurance Portability and Accountability Act (HIPAA) Office of HIPAA Implementation HIPAA ASSESSMENT
Health Insurance Portability and Accountability Act (HIPAA) Office of HIPAA Implementation HIPAA ASSESSMENT Introduction Purpose Background This section explains why we have sent you this document, including
More informationNotice of Privacy Practices
Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of
More informationRichmond Gastroenterology Associates, Inc.
Richmond Gastroenterology Associates, Inc. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFOMRATION.
More informationReleasing Information
Releasing Information There are 3 kinds of release situations now: our original Release of Information and it s uses under Colorado Law and Professional Ethical Standards; HPAA s Consent to release information
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationHIPAA PRIVACY AND EDI RULES
The Health and Human Services (HHS) issued final HIPAA privacy regulations on August 14, 2002. These rules govern how individually identifiable medical information must be protected. HIIPAA also requires
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationHow To Understand And Understand The Benefits Of A Health Insurance Risk Assessment
4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available
More informationTitle 56 Insurance Chapter 2 Insurance Companies Part 1 General Requirements for Doing Business. Tenn. Code Ann. 56-2-125 (2014)
Title 56 Insurance Chapter 2 Insurance Companies Part 1 General Requirements for Doing Business Tenn. Code Ann. 56-2-125 (2014) 56-2-125. Establishment and maintenance of an all payer claims database --
More informationBUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]
BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain
More informationNorth Carolina Department of Health and Human Services
NC DHHS HIPAA Program Management Office Agency Sign-Off Form Covered Health Care Component Determination North Carolina Department of Health and Human Services To: Leah Devlin, Director, Division of Public
More informationIMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY
IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY As the Plan Sponsor/Employer you must contend with yet another federal requirement on your group health plans: the "Health Insurance Portability and Accountability
More informationChapter 4: Electronic Data Interchange
Electronic Billing NOTE: ELECTRONIC CLAIM SUBMISSION IS REQUIRED UNDER SECTION 3 OF THE ADMINISTATIVE SIMPLIFICATION COMPLIANCE ACT (ASCA), PUB.L. 107-105, AND THE IMPLEMENTING REGULATION AT 42 CFR 424.32.
More informationThe HIPAA Security Rule Primer Compliance Date: April 20, 2005
AMERICAN PSYCHOLOGICAL ASSOCIATION PRACTICE ORGANIZATION Practice Working for You The HIPAA Security Rule Primer Compliance Date: April 20, 2005 Printer-friendly PDF 1 Contents Click on any title below
More informationCompliance Program and HIPAA Training For First Tier, Downstream and Related Entities
Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA & Colorado Workers Compensation
HIPAA & Colorado Workers Compensation May 2003 The privacy rules implementing the federal Health Insurance Portability and Accountability Act ( HIPAA ) took effect April 14, 2003. Although the federal
More informationPLLC NOTICE OF PRIVACY PRACTICES
PLLC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY. NOTICE OF PRIVACY PRACTICES The following
More informationBehavioral Health Services. Provider Manual
Behavioral Health Provider Manual Provider Behavioral Health 1 May 1, 2014 TABLE OF CONTENTS Chapter I. General Program Policies Chapter II. Member Eligibility Chapter IV. Billing Iowa Medicaid Appendix
More informationTHE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
More informationQ4. Is BCBSAZ going to update the HIPAA Version 5010 Companion Guide??
An Independent Licensee of the Blue Cross and Blue Shield Association ICD-10 FAQs General Questions Q1. What are ICD-10-CM and ICD-10-PCS? A1. ICD-10-CM is the International Classification of Diseases,
More informationHIPAA: Coverage and Implementation Issues (Focus on EDI and Privacy)
HIPAA: Coverage and Implementation Issues (Focus on EDI and Privacy) Robyn A. Meinhardt, RN, JD October 16, 2000 First National HIPAA Summit Washington, D.C. What This Presentation Will Address New Definitions
More informationNOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES
SCHOOL DISTRICT OF BLACK RIVER FALLS 523.5 Exhibit NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how
More informationEmdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account
PAYER ID: SUBMITTER ID: Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account 1 Provider Organization Practice/ Facility Name Provider Name Tax ID
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationCompliance Program Code of Conduct
Compliance Program Code of Conduct INTRODUCTION All personnel must not only act in compliance with all applicable legal rules and regulations, but also strive to avoid even the appearance of impropriety.
More informationDepartment of Health and Human Services
Thursday, August 17, 2000 Part III Department of Health and Human Services Office of the Secretary Health Care Financing Administration 45 CFR Parts 160 and 162 Health Insurance Reform: Standards for Electronic
More informationBilling and Claim Billing and Claim Submission Boot Camp Submission Boot Camp Beverly Remm Beverly Remm
Billing and Claim Submission Boot Camp Presented by: Beverly Remm Orion Healthcare Technology Billing and Claim Submission Boot Camp Presented by: Beverly Remm Orion Healthcare Technology The presentation
More informationPROTECTED HEALTH INFORMATION
SUBJECT: PROTECTED HEALTH INFORMATION POLICY: Department of Origin: Compliance Department Responsible Position: Vice President, Compliance and Audit Date(s) of Review and Revision: 12/13; 05/14; 12/14
More informationFor information on defined terms used in this document, refer to 45 C.F.R. 160.103 or 162.103.
Department of Health and Human Services Health Insurance Portability and Accountability Act of 1996 Electronic Health Care Transactions and Code Sets Standards Model Compliance Plan In 1996, the Health
More informationWhat Virginia s Free Clinics Need to Know About HIPAA and HITECH
What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics
More informationHealthStream Regulatory Script
HealthStream Regulatory Script HIPAA Release Date: August 2009 HLC Version: 602 Lesson 1: Introduction Lesson 2: HIPAA Overview Lesson 3: Transactions & Code Sets Lesson 4: Security Lesson 5: Unique Identifiers
More informationHIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule
HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why
More informationHIPAA Privacy For our Group Customers and Business Partners
HIPAA Privacy For our Group Customers and Business Partners AmeriHealth HMO, Inc. AmeriHealth Insurance Company of New Jersey QCC Insurance Company, d/b/a AmeriHealth Insurance Company HIPAA, The Health
More informationHEALTHCARE COMMON PROCEDURE CODING SYSTEM (HCPCS) LEVEL II CODING PROCEDURES
HEALTHCARE COMMON PROCEDURE CODING SYSTEM (HCPCS) LEVEL II CODING PROCEDURES This information provides a description of the procedures CMS follows in processing HCPCS code applications and making coding
More informationThe International Statistical Classification of Disease and Related Health Problems, ICD- 10, is a medical classification system for coding of:
ICD-10-CMs OVERVIEW The International Statistical Classification of Disease and Related Health Problems, ICD- 10, is a medical classification system for coding of: Diseases Injuries Symptoms Procedures
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act of 1996
What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other
More informationWhat it Means for You and Your Organization
HIPAA What it Means for You and Your Organization Wednesday, October 17, 2001 Mark J. Rich Jennifer Hillery, JD, CPC Colin J. Zick, Esq. Feeley & Driscoll, P.C. Feeley & Driscoll, P.C. Foley, Hoag & Eliot
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationHIPAA Security. 1 Security 101 for Covered Entities. Security Topics
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationHealth Insurance Portability and Accountability Act December 2002 No. 7 PHC 1920
HIPAA insight Health Insurance Portability and Accountability Act December 2002 No. 7 PHC 1920 The information in HIPAA insight applies to billing vendors, Medicaid HMOs and other managed care programs,
More informationMetropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
More informationGenworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES
Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationICD-10 Compliance Date
ICD-10 Implementation Frequently Asked Questions Updated September 2015 ICD-10 Compliance Date The U.S. Department of Health and Human Services (HHS) issued a rule on July 31, 2014 finalizing October 1,
More informationMEDICAID MISSISSIPPI PRE ENROLLMENT INSTRUCTIONS 77032
MEDICAID MISSISSIPPI PRE ENROLLMENT INSTRUCTIONS 77032 HOW LONG DOES PRE ENROLLMENT TAKE? Standard processing time is 1 2 weeks. WHAT FORM(S) SHOULD I COMPLETE? EDI Provider Agreement and Enrollment Form
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationTHE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY
THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY Table of Contents I. Overview... 3 II. Legal Authority for NHCS... 3 III. Requirements of the HIPAA Privacy Rule... 3 IV. Extra Safeguards and
More informationHIPAA Privacy Overview
May 21, 2003 HIPAA Privacy Overview Presented to the California State University Agenda Introduction HIPAA privacy regulations HIPAA privacy impact on CSU Next steps/action items Mercer Human Resource
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More informationChief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL 60446-1679 cpo@cbservices.org 800-807-0100
Summary of Notice of Privacy Practices for Christian Brothers Prescription Drug Program Christian Brothers Services is the program sponsor of the Christian Brothers Prescription Drug Program (the Program
More informationHIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?
Chapter I HIPAA Overview HIPAA Compliance for Employers What is it? What is it supposed to do? Why should you care? Who does it apply to? What does it cover? Patricia C. Shea, Esq. 717.231.5870 2 What
More informationFrequently Asked Questions About the Privacy Rule Under HIPAA
Q-1: What is HIPAA? Frequently Asked Questions About the Privacy Rule Under HIPAA A: HIPAA is the Health Insurance Portability and Accountability Act (passed by Congress in 1996). The Privacy Rule was
More informationRoad to 10: The Small Physician s Route to ICD-10. Implementation Guide
Road to 10: The Small Physician s Route to ICD-10 Implementation Guide ICD-10 Implementation Guide for Small and Medium Practices 1 Version 2.0 18 August 2014 Table of Contents 1. Introduction... 2 Introduction
More informationStrategies for Electronic Exchange of Mental Health Records
Strategies for Electronic Exchange of Mental Health Records John Lunstroth, J.D., LL.M., M.P.H. Allison Winnike, J.D. Prepared for the Texas Health and Human Services Commission and the Texas Health Services
More informationPopulation Health Management Program Notice of Privacy Practices
Population Health Management Program Notice of Privacy Practices Premier Health provides population health management services to its health plan members. Services include wellness program tools and technology,
More informationImportant Information for Group Health Plans about HIPAA
September 30, 2002 Important Information for Group Health Plans about HIPAA Market: All Please be advised that CareFirst BlueCross BlueShield (CareFirst) sent the attached letter and instructions to all
More informationHIPAA Compliance and the Protection of Patient Health Information
HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance
More informationHIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for
MASSACHUSETTS MEDICAL SOCIETY Getting Ready for HIPAA BASIC ELEMENTS FOR COMPLIANCE WITH THE PRIVACY REGULATIONS CHECKLISTS Assess and Begin Your HIPAA Compliance Efforts DEVELOPING YOUR HIPAA DOCUMENTS
More informationHIPAA Guidance for Identifying Business Associates
Guidance for Identifying Business Associates North Carolina Department of Health and Human Services HIPAA Guidance for Identifying Business Associates Final Version Prepared By DHHS HIPAA Program Management
More informationObjectives 5/5/2015. Quality Health Associates (QHA) of ND
Privacy and Security: HIPAA/HITECH/Meaningful Use Looking Back, Forging Ahead Patti Kritzberger, RHIT, CHPS Quality Health Associates of North Dakota HIT/Quality Improvement Specialist Quality Health Associates
More informationPopulation Health Management Program Notice of Privacy Practices from Evolent Health
Population Health Management Program Notice of Privacy Practices from Evolent Health MedStar Health, Inc., a Maryland not-for-profit corporation, has contracted with Evolent Health, Inc., a Delaware corporation
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationNational Provider Identifier (NPI) Frequently Asked Questions
National Provider Identifier (NPI) Frequently Asked Questions I. GETTING, SHARING, AND USING NPI GENERAL QUESTIONS II. TYPE 1 (INDIVIDUAL) VS TYPE 2 (ORGANIZATIONAL) III. ELECTRONIC CLAIM SUBMISSION IV.
More information22 ATTESTATION OF SHIP MINIMUM REQUIREMENTS The State Health Insurance Assistance Program (SHIP) grant is intended to strengthen the capability of states to provide all Medicare eligible individuals
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationHIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996
HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title
More informationUNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:
UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: ALCOHOL & SUBSTANCE ABUSE INFORMATION Page 1 of 10 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy
More information