Integrating HIPAA Into Your Compliance Program

Similar documents
HIPAA FOR THE DENTAL PRACTICE

CORPORATE POLICY MANUAL. 1. SCOPE 1.1 Authority This policy is issued under the authority of the Senior Executive Team.

Effective Date: 9/14/06 NOTICE PRIVACY RULES FOR VALUEOPTIONS

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

Alcohol & Drug Practice

Washington County-Johnson City Health Department Christen Minnick, MPH, Director 219 Princeton Road Johnson City, Tennessee Phone:

ADMINISTRATIVE POLICY AND PROCEDURES MedStar Family Choice Medicare Advantage Plans

DRUG AND ALCOHOL POLICY

19 TH JUDICIAL DUI COURT REFERRAL INFORMATION

COMMUNITY HOSPICE & PALLIATIVE CARE NOTICE OF PRIVACY PRACTICES

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

DELTA DENTAL PREMIER

BIENNIAL REVIEW Compliance with the Drug-Free Schools and Communities Act. St. Johns River State College

Senior Medicare Patrol Referrals Process

MIAMI CHILDREN S HOSPITAL POLICY AND PROCEDURE

IT and Information Acceptable Use Policy

POLICY ON SUBSTANCE ABUSE FOR FACULTY, STAFF, AND STUDENTS

Drug and Alcohol Prevention Program Biennial Review

MS Society Safeguarding Adults Policy and Procedure (Scotland)

MEMORANDUM OF UNDERSTANDING

TRAUMA RECOVERY/HAP OPERATING GUIDELINES

Supplier Code of Business Conduct

Civil Rights Compliance for Patients

Medical gap arrangements - practitioner application

Welcome and Key Contacts

ADMINISTRATIVE POLICY AND PROCEDURES MedStar Family Choice Medicare Advantage Plans

WELD COUNTY ADULT TREATMENT COURT REFERRAL INFORMATION

Notice of Procedural Safeguards. October

Title of Research Study: Discovery and Validation of Biomarkers for Lichen Sclerosus

1. Comply with the NCI CIRB s requirements and directives;

3/6/2017-6/15/2017 Permission to Take Part in a Human Research Study Page 1 of 6

We are inviting you to participate in a research study/project that has two components.

MEDSTAR UNION MEMORIAL HOSPITAL APPLICATION INSTRUCTIONS FOR REAPPOINTMENT

These Rules of Membership apply in respect of all Products purchased by a Member from Sigma (and any Program Partner) on or after 1 February 2017.

General Questions. Q. Who handles Outpatient Substance Use services? How can I refer a member to the Outpatient Substance Use vendor?

Summary of Changes to Human Subjects Regulations: Effective January 21, 2019

State of Connecticut Department of Education Division of Teaching and Learning Programs and Services Bureau of Special Education

SECTION 504 NOTICE OF PARENT/STUDENT RIGHTS IN IDENTIFICATION/EVALUATION, AND PLACEMENT

Northwestern University. Consent Form and HIPAA Authorization for Research

Cutanea Life Sciences, Inc. Comprehensive Compliance Program

PROVIDER CONTRACT ISSUES

Parent/Student Rights in Identification, Evaluation, and Placement

Report on. The feasibility of including blood lead level assessment information in the school records of enrolled children

Drug and Alcohol Abuse/Prevention Policy and Program

TRANSITION OF CARE APPLICATION

Substance Abuse Policy. Substance Abuse Policy for Employees and Students

April 24, 2014 Questions and Answers

Flu Vaccination Clinics

Legislative Bill Watch As of Thursday March, 13, 2014

House Committee on Energy and Commerce House Committee on Energy and Commerce. Washington, DC Washington, DC 20515

ALCOHOL POLICY GUIDELINES

Major Changes to the ACA How Will They Affect Your Language Access Program? Sponsored by InDemand Interpreting

ASAR. Australian Sonographer Accreditation Registry. Form 1-2. Application guide for entry onto the register of Accredited Student Sonographers

OFFICIAL POLICY. Policy Statement

UNIVERSITY POLICY STUDENT LIFE & INTERNATIONAL EDUCATION POLICIES

HUD s Updates to the Lead Requirements CHHC ANNUAL MEETING DAY 2 TRAINING

(City, State, Zip Code)

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

BCC DENTAL HYGIENE DEPARTMENT PATIENT S RIGHTS AND CONSENT PACKET STANDARDS OF PATIENT CARE PATIENT S RIGHTS FOR DH CARE

Electronic Health Records:

MC IRB Protocol No.:

Smoke Free Policy. Version 2.0

SAN JOAQUIN COUNTY ALCOHOL AND DRUG ABUSE POLICY. Preamble

Z E N I T H M E D I C A L P R O V I D E R N E T W O R K P O L I C Y Title: Provider Appeal of Network Exclusion Policy

DRUG FREE WORKPLACE POLICY

MOREHOUSE SCHOOL OF MEDICINE HUMAN RESOURCES POLICY AND PROCEDURE MANUAL

The University of British Columbia Board of Governors

FirstCare Health Plans (FirstCare) is on track to be ICD-10 ready by the October 1, 2015 deadline.

Averett University. Alcohol and Other Drugs Biennial Review. Fall 2015

Operational Memorandum

Language for Consent Forms

FACT SHEET: Federal Parity Task Force Takes Steps to Strengthen Insurance Coverage for Mental Health and Substance Use Disorders

Northwestern University Department of Urology CONSENT FORM AND AUTHORIZATION FOR RESEARCH

Sample policy A (Includes parking lots and company-owned vehicles) Policy Statement:

We are inviting you to participate in a research study/project that has two components.

RPSGT Recertification Application

Community Health Group Compliance Training. Presented by Mike Scarano, esq. Foley & Lardner

Volume of Colorado Commission for the Deaf and Hard of Hearing (12 CCR )

HUMA RESOURCES POLICY

INSTITUTIONAL REVIEW BOARD

ARKANSAS STATE UNIVERSITY GOVERNING PRINCIPLES FOR THE USE OF CONTROLLED SUBSTANCES IN RESEARCH

4. The time limit, not less than thirty (30) calendar days, for requesting a Hearing in writing.


AFFILIATION PROGRAM AGREEMENT

Vanderbilt University Institutional Review Board Informed Consent Document for Research. Name of participant: Age:

SIXTY-FOURTH LEGISLATURE OF THE STATE OF WYOMING 2017 GENERAL SESSION

METROLINX ADMINISTRATIVE FEE DISPUTE RESOLUTION PROCESS RULES OF PRACTICE

How do I comply with the Influenza Prevention Policy this year?

Final Rule Material: Changes to Exempt Categories

Crowe Healthcare Webinar Series

How do I comply with the Influenza Control Program Policy this year?

AHLA. X. Federal Enforcement of Fraud and Abuse Involving Opioid Abuse and Diversion

Changes to the Eighth Edition

EDITION SPECIAL INSIDE

STUDENT CAMPUS HEARING BOARD PROCEDURE

POLICY NO.: BHSF POLICY TITLE: Mandatory Influenza Vaccination. Responsible Department: Employee Health Services

AQ Group UN Global Compact Communication on Progress AQ Group AB

GuideStar Impact Call

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Enrolled. House Bill 3440

Initial Clinical History and Physical Form

Transcription:

Integrating HIPAA Into Your Compliance Program Fifth Annual National Congress on Health Care Compliance February 7, 2002 Glenna S. Jackson Vice President Compliance, MedStar Health Diane H. Meyer Chief Privacy Officer & Senior Project Manager, Enterprise Solutions Group Interim Privacy Officer, MedStar Health

Seven Elements of an Effective Compliance Program Organization Policy Training Monitoring Communications Responding to Concerns Discipline 1

Organization MedStar Health Vice President, Compliance Glenna Jackson MedStar Health Corporate Compliance Director Connie Fairley Hospital Compliance MedStar Enterprise Inc. MedStar Physician Partners Susan Theuns & Mike Sachtleben Central Business Office Sue Whitecotton Franklin Square Hospital Kendra Whye Home Health Margaret Terry MedStar Research Institute Alicia Kenley Diversified Businesses Mark Meginnis Georgetown Medical Center Ellen Clemente MedSTAR Transport Dave Zwerski Laboratory Compliance Michele Best Baltimore Skilled Nursing Elliot Cahan Good Samaritan Hospital Ken Walsh Nursing Homes Elliot Roth CASI Cecile Southerland Harbor Hospital Center Eileen Smith National Rehabilitation Hospital Paul Rao Union Memorial Hospital Anne Flood Washington Hospital Center Glenna Jackson 2

Organization Expansion of existing Compliance Committee for HIPAA Implementation Process Once implementation is complete, Privacy Officer and Compliance Officer coordinate on-going privacy compliance management Key areas of representation for expanded Compliance Committee = HIPAA Implementation Task Force IS Clinical Operations 3

Organization Implementation Task Force Representation Considerations Medical Records Patient Financial Services Compliance/Risk Management Admissions Outpatient services IS Facilities Legal Marketing/Public Affairs Fundraising Operations/Planning Business Affairs Human Resources/Labor Relations Patient Relations Physicians Nurses/Patient Care Services Pharmacy Lab Residents/Teaching Physicians Relations Referrals Clinical - major product lines: Research Emergency Cancer Services Heart Services Women s Services Surgical Services Radiology 4

Organization Compliance Officer Privacy Officer Security Officer Implementation Task Force / Expanded Compliance Committee Patient Privacy Advisory Council 5

Policy Code of Conduct and Compliance Policies Enterprise-wide policy review for privacy gap analysis where are we now, where do we need to go? Modification of existing policies (examples: patient access to records, patient amendment of records, release of information for marketing purposes) Development of new policies (examples: accounting of disclosures, Notice of Privacy Practices, Business Associate Agreements) Policies for on-going compliance monitoring 6

Policy Information Capture for development of the Notice of Privacy Practices Does your department handle Protected Health Information (PHI) in any of the following ways? Create new PHI in electronic records Create new PHI in paper-based records Add PHI to records created by others Transfer PHI to another department within your hospital or business unit Receive PHI from another department within your hospital or business unit Disclose PHI to persons or entities outside your hospital or business unit Receive PHI from persons or entities outside your hospital or business unit Maintain PHI in electronic records in your department Maintain PHI in paper-based records in your department Review PHI created or compiled by others for other than treatment or payment Other (explain) Not applicable: This department does not handle PHI Please complete the sections below only for each of the boxes checked above 7

Policy Information Capture for Notice Development (continued) What PHI is created (added)? For what purpose is PHI created (added, transferred, received, disclosed, reviewed)? Treatment Payment Other (please describe the purpose) To which other departments (outside entities) is PHI transferred (received)? How is PHI transferred (received)? (original paper-based records, copies of paper based records, fax, email, telephone, etc.) What specific information is transferred (received, maintained, viewed)? (clinical information, demographic information, billing information, etc.) How is disclosure authorized? (written patient consent, required by law or regulation, required by contract, approved by IRB, etc.) In what format is PHI maintained (paper-based records, electronic-based records, CD s, images, films, videotapes, etc.) Where is PHI maintained (in you department, in another location within the facility, off-site storage, etc.) How long is PHI maintained? 8

Policy Policy Template Policy Title Purpose Policy Statement Scope of Policy Definitions Responsibilities Exceptions What Constitutes Non-Compliance Explanation and Details/Examples Requirements and Guidelines for Implementing The Policy Related Policies Procedures That Are Absolutely Linked To the Policy Legal Reporting Requirements Reference to Laws or Regulations of Outside Bodies Right To Change or Terminate Policy 9

Training Orientation Training now begin to raise level of awareness Workforce training required on organization s privacy policies and procedures Required training conducted towards completion of implementation if privacy policies are changed, affected workforce must be retrained Training customized to workforce needs 3 levels Clinical staff staff directly involved with patient treatment Staff in contact with patient information Staff with minimal/no contact with patient information elearning platform if you ve been considering it, now s a good time 10

Do You Know the Code? Code of Conduct and General Compliance General Compliance 11 2002 MedStar Health

Patient Confidentiality MedStar Health collects information about a patient s medical condition, history, medication, and family illnesses in order to provide the best possible care. 12 2002 MedStar Health

Patient Confidentiality, continued MedStar Health realizes the sensitive nature of patient information and is committed to maintaining its confidentiality. We do not release or discuss patient-specific information with others unless it is authorized by: law, the patient s written consent, or departmental policy 13 2002 MedStar Health

What is HIPAA? Health Insurance Portability and Accountability Act A law designed to make sure your personal health information is private and secure. 14 2002 MedStar Health

Privacy What does privacy mean? Controlling who is allowed to get into information The right to keep information about themselves from being released 15 2002 MedStar Health

Security What does security mean? the ability to control the ways to get into information, and to protect information from: changes, destruction loss, and accidental or intentional release to people who did not have permission to receive it. 16 2002 MedStar Health

HIPAA S COVERED ENTITIES Who is affected by HIPAA? 1) Health care entities who transmit any health information in electronic form for any of the following eight basic transactions: Claims Electronic remittance advice Eligibility Authorization Enrollment Coordination of Benefits Claims Status Premium Payments 17 2002 MedStar Health

Who is affected by HIPAA?, continued 2) Health Plans: Group health plans that have fifty or more participants Health insurance issuers Health Maintenance Organizations (HMOs) Medicare Parts A and B, Medicaid Title 19 3) Clearinghouses - includes billing services, repricing companies, community health management information systems and value added networks 18 2002 MedStar Health

Protected Health Information What does HIPAA cover? Protected Health Information (PHI) Individually identifiable health information that is sent or kept in any form or medium (i.e., electronic, oral, written) 19 2002 MedStar Health

Permission to use PHI Consent The patient gives permission to use and release PHI for: treatment payment, and health care operations Authorization The patient gives permission to use PHI for all other purposes. 20 2002 MedStar Health

Uses & Releases Requiring an Opportunity for the Individual to Agree or Disagree You must provide the individual an opportunity to agree or disagree to the use and release of PHI for the following purposes: Inclusion in a facility directory Release to clergy Release to others involved with the patient s care Release to family members 21 2002 MedStar Health

Penalties Violations of HIPAA standards could result in the following: 1-10 year jail sentence $100.00-$250,000.00 in fines 22 2002 MedStar Health

Monitoring No external audit for HIPAA Audit potential = every patient, every day Internal compliance review critical Review for Privacy vulnerabilities before they become problematic include patient point of view Similarities to OIG Work Plan and Documentation & Coding compliance review Similarities between Qui Tam Suits and Whistleblower provisions of HIPAA Privacy Rule Expand to include Business Associates, Volunteers, Vendors, Physicians not on staff HIPAA Enforcement Notice of Proposed Rule Making planned JCAHO inclusion of Privacy 23

Communications Include Patient Education - process for privacy concerns or complaints Establish policies and compliance review for publicity and media release Develop a logo and tagline Just Do It Right Protecting Patient Privacy Articles in Compliance newsletters and email updates 24

Responding to Concerns Compliance protocol for handling issues applicable to HIPAA Privacy Similar forms for logging complaints, ranking risk, tracking resolution Similar reporting process Hotline Employees internal compliance hotline Patients interface with customer service Goal is to resolve privacy issues internally It is everyone s right to complain directly to HHS Compliance Officer and Privacy Officer response 25

Discipline HIPAA Privacy Rule: A covered entity must have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures. No detail provided in regulation Privacy violation disciplinary action policies incorporated into existing Compliance and HR policies Extend existing disciplinary process and mechanisms to apply to Privacy violations Workforce awareness of HIPAA Civil and Criminal penalties for violations of the Privacy Rule 26

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback