SlideShare una empresa de Scribd logo

Complying with HIPAA Privacy Rule

Descargar como PPTX, PDF
E
Elizabeth Baker, JD, CRCMP

Summary of the major points for compliance with the HIPAA Privacy Rule including how to identify if you're a covered entity, what information is included as PHI, checklist for helping your company comply.

Derecho
1 de 20
Complying with HIPAA Privacy Rule http://hipaanews.org/Documents/privacysummary.pdf
• Who has to comply with HIPAA Privacy Rules • Health Care Providers • Health Care Clearinghouses • Health Care Plans • Checklist to help your Company become Compliant • Awareness & Education – training • Project Planning • Electronic Transactions • Privacy • Security • National Identifiers • General Information – Compliance monitoring, policies and procedures E Baker, JD, CRCMP
Does person, business entity or agency (i) provide, (ii) bill, or (iii) receive payments for health care (1) in the normal course of business? NO YES NOT a Health Care Provider Is the person, business entity or agency conducting a covered transaction: (2) 1. claims, 2. inquiry about benefit plan, 3. referral certification or authorization, 4. claim status, 5. enrollment/disenrollment, 6. payment or remittance advice, 7. premium payment, 8. coordination of benefits YES Are the covered transactions transmitted in electronic form? (3) NO This IS a Health Care Provider YES NO #1 An individual, business entity or agency that is a (1) health care provider (HCP), (2) conducting covered transaction, and (3) in electronic form or E Baker, JD, CRCMP
Footnote 1 Health care is defined as: care, services, or supplies related to the health of an individual. It includes, but is not limited to, the following: (1) Preventive, diagnostic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and (2) Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription. See 45 C.F.R.160.103. E Baker, JD, CRCMP
Footnote 2 Covered transactions are transactions for which the Secretary has adopted standards (see 45 C.F.R. Part 162). If a healthcare provider uses another entity (such as a clearinghouse) to conduct covered transactions in electronic form on its behalf, the health care provider is considered to be conducting the transaction in electronic form. A transaction is a covered transaction if it meets the regulatory definitions for the type of transactions as follows: 45 C.F.R.162.1101: Health care claims or equivalent encounter information transaction is either of the following: (a) A request to obtain payment, and necessary accompanying information, from a health care provider to a health plan, for health care. (b) If there is no direct claim, because the reimbursement contract is based on a mechanism other than charges or reimbursement rates for specific services, the transaction is the transmission of encounter information for the purpose of reporting health care. E Baker, JD, CRCMP
45 C.F.R.162.1201: The eligibility for a health plan transaction is the transmission of either of the following: (a) An inquiry from a health care provider to a health plan, or from one health plan to another health plan, to obtain any of the following information about a benefit plan for an enrollee: (1) Eligibility to receive health care under the health plan. (2) Coverage of health care under the health plan. (3) Benefits associated with the benefit plan. (b) A response from a health plan to a health care provider's (or another health plan's) inquiry described in paragraph (a) of this section. 45 C.F.R.162.1301: The referral certification and authorization transaction is any of the following transmissions: (a) A request for the review of health care to obtain an authorization for the health care. (b) A request to obtain authorization for referring an individual to another health care provider. (c) A response to a request described in paragraph (a) or paragraph (b) of this section. 45 C.F.R.162.1401: A health care claim status transaction is the transmission of either of the following: (a) An inquiry to determine the status of a health care claim. (b) A response about the status of a health care claim. E Baker, JD, CRCMP
45 C.F.R.162.1501: The enrollment and disenrollment in a health plan transaction is the transmission of subscriber enrollment information to a health plan to establish or terminate insurance coverage. 45 C.F.R.162.1601: The health care payment and remittance advice transaction is the transmission of either of the following for health care: (a) The transmission of any of the following from a health plan to a health care provider's financial institution: (1) Payment. (2) Information about the transfer of funds. (3) Payment processing information. (b) The transmission of either of the following from a health plan to a health care provider: (1) Explanation of benefits. (2) Remittance advice. E Baker, JD, CRCMP
45 C.F.R.162.1701: The health plan premium payment transaction is the transmission of any of the following from the entity that is arranging for the provision of health care or is providing health care coverage payments for an individual to a health plan: (a) Payment. (b) Information about the transfer of funds. (c) Detailed remittance information about individuals for whom premiums are being paid. (d) Payment processing information to transmit health care premium payments including any of the following: (1) Payroll deductions. (2) Other group premium payments. (3) Associated group premium payment information. 45 C.F.R.162.1801: The coordination of benefits transaction is the transmission from any entity to a health plan for the purpose of determining the relative payment responsibilities of the health plan, of either of the following for health care: (a) Claims. (b) Payment information. E Baker, JD, CRCMP
Footnote 3 In electronic form means: using electronic media, electronic storage media including memory devices in computers (hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the internet (wide-open), extranet (using internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media. Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media, because the information being exchanged did not exist in electronic form before the transmission. E Baker, JD, CRCMP
Does business entity or agency (i) Process or (ii) Facilitate the processing of health information from nonstandard format or content into standard format or the reverse(4) 45 C.F.R. 160.103 NO YES NOT A HCC 1. Does the business or agency perform this function for another legal entity? YES NO THIS IS A HCC #2 A health care clearinghouse (HCC) or E Baker, JD, CRCMP
Is the plan (individual or group or combination thereof) the provider or payer of the cost of “medical care” a. Amounts paid for diagnosis, cure, mitigation, treatment or prevention of disease or for the purpose of affecting any structure or function of the body, b. Amounts paid for transportation primarily for and essential to medical care in (a), and c. Amounts paid for insurance covering medical care in (a) and (b)? NO YES NO THIS IS A HEALTH PLAN Is the plan a “group health plan” – an employee welfare benefit plan (ERISA) that provides medical care to employees directly or through insurance, reimbursement or otherwise and has (1) 50 or more participants and (2) is self- administered (administered by an entity other than the employer that established and maintains the plan)? (45 C.F.R. 160.103) NOT A HEALTH PLAN YES Is the plan a health insurance issuer? 45 C.F.R. 160.103 (licensed to engage in business of insurance in a state) YES YES Is the plan an issuer of a Medicare supplemental policy? 42 U.S.C. 1395ss(g)(1)NO NO Is the plan an HMO? 45 C.F.R. 160.103 YES NO Is the plan a multi-employer welfare benefit plan? 45 C.F.R. 160.103 YES Does the program provide ONLY excepted benefits (accident or disability income insurance, supplemental to liability, worker’s compensation, etc.)? NO NO YES Is the plan an issuer of long- term care policies? NO Does the plan provide ONLY nursing home fixed indemnity policies? NO YES YES #3A Is the private benefit plan a “health plan” (HP)? E Baker, JD, CRCMP
#3B Is the government-funded program a “health plan” (HP)? Is the program one of the listed government health plans? 1. Medicare A, B, C (42 U.S.C. 1395 et seq), 2. Medicaid (42 U.S.C. 1396 et seq) 3. Active military personnel health care program (10 U.S.C. 1074 et seq) 4. Veterans health care (38 U.S.C. Ch. 17) 5. CHAMPUS (10 U.S.C. 1061 et seq) 6. Indian Health Care Improvement Act (25 U.S.C. 1601) 7. Federal Employees Health Benefit Program (5 U.S.C. Ch. 89) 8. SCHIP (42 U.S.C. 1397 et seq) NO YES NOT A HEALTH PLAN NO THIS IS A HEALTH PLAN Is the program an individual or group plan that provides or pays the cost of medical care? NOT A HEALTH PLAN YES Is the program a high risk pool (as established under state law to provide health insurance coverage or comparable coverage to eligible individuals? YES NO Is the program a HMO? NO YES Is the principal activity of the program providing direct health care? YES NO Is the principal activity to make grants to fund providing direct health care (funding health clinics)? YES NO Is the principal purpose other than providing or paying for health care costs (e.g. operating prison, fellowship program, etc.)? YES Does the program provide ONLY excepted benefits (accident or disability income insurance, supplemental to liability, worker’s compensation, etc.)? NO NO YES E Baker, JD, CRCMP
# Question Not Started In Process Completed Awareness & Education 1 Has your organization had any Awareness Education on HIPAA Regulations and Compliance? 2 Do you monitor or receive automated information regarding changes in HIPAA regulations Project Planning 3 Have you selected a Project Manager and Project Team for your HIPAA Project? 4 Have you created a Project Plan? Electronic Transactions 5 Have you applied for the ACSA Electronic Transaction extension for your organization? 6 Have you completed an inventory of all information systems and work flow processes with regard to Electronic Transactions? 7 Have you compiled a list of vendors, health plans, business associates and trading partners? 8 Have you gathered, reviewed and compared your current billing forms, policies, and procedures to the HIPAA Electronic Claims Transaction and Code Set regulations? NEW TO HIPAA? HIPAA CHECKLIST FOR BECOMING COMPLIANT E Baker, JD, CRCMP
# Question Not Started In Process Completed Privacy 9 Has your organization designated an Information Privacy and Security Officer as required by HIPAA? 10 Have you developed a Notice of Information Practices to post in your office and distribute to each patient? 11 Have you gathered, reviewed and compared your current forms, policies, and procedures to the HIPAA Privacy Regulations and State Privacy Regulations? 12 Have you developed policies and procedures that meet the needs of your Human Resources Department with regard to Privacy requirements for the protection of health information of your staff? 13 Have you developed processes for documenting, retaining, distributing and discarding Protected Health Information (PHI) as required by HIPAA? 14 Have you developed processes for receiving, investigating and documenting individual complaints? 15 Have you developed or revised current consent forms for patients in line with HIPAA regulations? 16 Do you have all forms that must be read and signed by patients in languages appropriate to their culture? E Baker, JD, CRCMP
# Question Not Started In Process Completed Security 17 Has your organization completed a Security Evaluation on the information systems used in conjunction with maintaining your current and future Protected Health Information? 18 Does your organization have virus checking software, firewalls and operating systems that provide encryption and other security measures? 19 Does your organization perform back-ups of your data daily? 20 Does your organization have a Disaster Recovery and Contingency Plan to meet the HIPAA Security Standards? 21 Has your organization developed security policies and procedures with regard to confidentiality statements, individually identifying information system users, passwords, automatic logoff, acceptable use, e-mail, internet usage, authentication of workstations, monitoring and documenting unauthorized access, audit trails of users, sanctions for misuse or disclosure and termination checklists? 22 Has your organization provided for the overall physical security of your information systems, facility, staff, and medical records? 23 Has your organization developed job descriptions for HIPAA required positions and all other positions in your organization? National Identifiers 24 Have you located, printed and read the Proposed Regulations for National Identifiers to include National Provider Identifier and National Payer Identifier, National Employer Identifier? General Information 25 Have you developed a comprehensive training program for your organizations staff (both present and future) covering all HIPAA standards to include responsibilities and penalties for non-compliance? 26 Does your organization have a Compliance Officer and General Compliance Plan to cover such things as fraud and abuse, codes of conduct, whistle-blower suits, auditing and monitoring, disciplinary standards and personnel issues, responding to problems, investigations and corrective actions? E Baker, JD, CRCMP
PROTECTED INFORMATION All "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI).“ “Individually identifiable health information” is information, including demographic data, that relates to: • the individual’s past, present or future physical or mental health or condition, • the provision of health care to the individual, or • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g. E Baker, JD, CRCMP
De-Identified Health Information. There are no restrictions on the use or disclosure of de-identified health information. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: 1) a formal determination by a qualified statistician; or 2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual. Required Disclosures. A covered entity must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation or review or enforcement action E Baker, JD, CRCMP
Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object – Facility directories and or Notification and Other Purposes; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities – Required by Law, Public Health Activities, Victims of Abuse, Neglect or Domestic Violence, Health Oversight Activities, Judicial and Administrative Proceedings, Law Enforcement Purposes, Decedents, Cadaveric Organ, Eye or Tissue Donation, Research, Serious Threat to Health or Safety, Essential Government Functions or Worker’s Compensation; and (6) Limited Data Set for the purposes of research, public health or health care operations. Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make. E Baker, JD, CRCMP
Authorization. A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization, except in limited circumstances. An authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party. All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data. Covered entity must limiting use and disclosure of information to the minimum amount necessary to accomplish the intended purpose of the use, disclosure or request. Develop and Implement policies and procedures that restrict access and uses of PHI based upon the specific roles of employees within the covered entities. E Baker, JD, CRCMP
Privacy Policies and Procedures. A covered entity must develop and implement written privacy policies and procedures that are consistent with the Privacy Rule. Privacy Personnel. A covered entity must designate a privacy official responsible for developing and implementing its privacy policies and procedures, and a contact person or contact office responsible for receiving complaints and providing individuals with information on the covered entity’s privacy practices. Workforce Training and Management. Workforce members include employees, volunteers, trainees, and may also include other persons whose conduct is under the direct control of the entity (whether or not they are paid by the entity). A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity must have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule. Mitigation. A covered entity must mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its workforce or its business associates in violation of its privacy policies and procedures or the Privacy Rule. Data Safeguards. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. E.g. shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes. Complaints. A covered entity must have procedures for individuals to complain about its compliance with its privacy policies and procedures and the Privacy Rule. The covered entity must explain those procedures in its privacy practices notice. Among other things, the covered entity must identify to whom individuals can submit complaints to at the covered entity and advise that complaints also can be submitted to the Secretary of HHS. Retaliation and Waiver. A covered entity may not retaliate against a person for exercising rights provided by the Privacy Rule, for assisting in an investigation by HHS or another appropriate authority, or for opposing an act or practice that the person believes in good faith violates the Privacy Rule. Documentation and Record Retention. A covered entity must maintain, until six years after the later of the date of their creation or last effective date, its privacy policies and procedures, its privacy practices notices, disposition of complaints, and other actions, activities, and designations that the Privacy Rule requires to be documented. Fully-Insured Group Health Plan Exception. The only administrative obligations with which a fully-insured group health plan that has no more than enrollment data and summary health information is required to comply are the (1) ban on retaliatory acts and waiver of individual rights, and (2) documentation requirements with respect to plan documents if such documents are amended to provide for the disclosure of protected health information to the plan sponsor by a health insurance issuer or HMO that services the group health plan E Baker, JD, CRCMP

Recomendados

Health Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCHealth Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCH2Kinfosys
 
Health insurance claim | Health Care Domain
Health insurance claim | Health Care DomainHealth insurance claim | Health Care Domain
Health insurance claim | Health Care DomainH2kInfosys
 
Top Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityTop Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityHarmony Healthcare International (HHI)
 
Skilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsSkilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsHarmony Healthcare International (HHI)
 
Documenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyDocumenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyHarmony Healthcare International (HHI)
 
Medicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of ComplianceMedicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of ComplianceHarmony Healthcare International (HHI)
 
The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?Harmony Healthcare International (HHI)
 
Win, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipWin, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipHarmony Healthcare International (HHI)
 

Recomendados

Health Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCHealth Care Project Overview from H2kInfosys LLC
Health Care Project Overview from H2kInfosys LLCH2Kinfosys
 
Health insurance claim | Health Care Domain
Health insurance claim | Health Care DomainHealth insurance claim | Health Care Domain
Health insurance claim | Health Care DomainH2kInfosys
 
Top Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityTop Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityHarmony Healthcare International (HHI)
 
Skilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsSkilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsHarmony Healthcare International (HHI)
 
Documenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyDocumenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyHarmony Healthcare International (HHI)
 
Medicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of ComplianceMedicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of ComplianceHarmony Healthcare International (HHI)
 
The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?Harmony Healthcare International (HHI)
 
Win, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipWin, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipHarmony Healthcare International (HHI)
 
Introductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare AppealsIntroductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare AppealsHarmony Healthcare International (HHI)
 
Documenting the Long-term Care You Provide
Documenting the Long-term Care You ProvideDocumenting the Long-term Care You Provide
Documenting the Long-term Care You ProvideHarmony Healthcare International (HHI)
 
Denials Management from ADR to ALJ
Denials Management from ADR to ALJDenials Management from ADR to ALJ
Denials Management from ADR to ALJHarmony Healthcare International (HHI)
 
Unusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit ClimateUnusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit ClimateHarmony Healthcare International (HHI)
 
Healthcare Training Module
Healthcare Training ModuleHealthcare Training Module
Healthcare Training ModuleIndrani Sanyal
 
RAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for LeadersRAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for LeadersHarmony Healthcare International (HHI)
 
The RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and BeyondThe RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and BeyondHarmony Healthcare International (HHI)
 
Irf Medical Necessity
Irf Medical NecessityIrf Medical Necessity
Irf Medical NecessityDarlene D'Altorio-Jones
 
MUI for Ohio DD (9/2013)
MUI for Ohio DD (9/2013)MUI for Ohio DD (9/2013)
MUI for Ohio DD (9/2013)House of New Hope
 
Top Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ HearingTop Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ HearingHarmony Healthcare International (HHI)
 
SNF Consolidated Billing - Q & A
SNF Consolidated Billing - Q & ASNF Consolidated Billing - Q & A
SNF Consolidated Billing - Q & AKarna *
 
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)SironaHealth
 
Medicare 101 understanding medicare final
Medicare 101 understanding medicare finalMedicare 101 understanding medicare final
Medicare 101 understanding medicare finalTara Ritter, CPC, CPC-H, CPC-I
 
Current Policy: Medicaid Expansion - Public Policy in Health Care Presentation
Current Policy: Medicaid Expansion - Public Policy in Health Care PresentationCurrent Policy: Medicaid Expansion - Public Policy in Health Care Presentation
Current Policy: Medicaid Expansion - Public Policy in Health Care PresentationJennifer Reynolds, Healthcare Administration
 
Medicare 101: The A,B,C, and D\’s of Medicare
Medicare 101: The A,B,C, and D\’s of MedicareMedicare 101: The A,B,C, and D\’s of Medicare
Medicare 101: The A,B,C, and D\’s of MedicareMark Lane
 
2016 medicare presentation
2016 medicare presentation 2016 medicare presentation
2016 medicare presentation Robin Lee
 
Medicare Basics
Medicare BasicsMedicare Basics
Medicare BasicsMedicineAndHealth
 
Financial Concerns Community Education Class
Financial Concerns Community Education ClassFinancial Concerns Community Education Class
Financial Concerns Community Education ClassThe LIVESTRONG Foundation
 
R Bays - Antitrust implications for Healthcare ACO’s
R Bays - Antitrust implications for Healthcare ACO’sR Bays - Antitrust implications for Healthcare ACO’s
R Bays - Antitrust implications for Healthcare ACO’sRichard Bays JD, MBA, RN, CPHQ
 
SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...
SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...
SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...Florida Agency for Health Care Administration
 
HIPAA Glossary
HIPAA GlossaryHIPAA Glossary
HIPAA Glossarytimmcguinness
 
Conditions of participation presentation
Conditions of participation presentationConditions of participation presentation
Conditions of participation presentationlearfield
 

Más contenido relacionado

La actualidad más candente

Healthcare Training Module
Healthcare Training ModuleHealthcare Training Module
Healthcare Training ModuleIndrani Sanyal
 
SNF Consolidated Billing - Q & A
SNF Consolidated Billing - Q & ASNF Consolidated Billing - Q & A
SNF Consolidated Billing - Q & AKarna *
 
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)SironaHealth
 
Medicare 101: The A,B,C, and D\’s of Medicare
Medicare 101: The A,B,C, and D\’s of MedicareMedicare 101: The A,B,C, and D\’s of Medicare
Medicare 101: The A,B,C, and D\’s of MedicareMark Lane
 
2016 medicare presentation
2016 medicare presentation 2016 medicare presentation
2016 medicare presentation Robin Lee
 
Financial Concerns Community Education Class
Financial Concerns Community Education ClassFinancial Concerns Community Education Class
Financial Concerns Community Education ClassThe LIVESTRONG Foundation
 
R Bays - Antitrust implications for Healthcare ACO’s
R Bays - Antitrust implications for Healthcare ACO’sR Bays - Antitrust implications for Healthcare ACO’s
R Bays - Antitrust implications for Healthcare ACO’sRichard Bays JD, MBA, RN, CPHQ
 

La actualidad más candente (20)

Introductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare AppealsIntroductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare Appeals
 
Documenting the Long-term Care You Provide
Documenting the Long-term Care You ProvideDocumenting the Long-term Care You Provide
Documenting the Long-term Care You Provide
 
Denials Management from ADR to ALJ
Denials Management from ADR to ALJDenials Management from ADR to ALJ
Denials Management from ADR to ALJ
 
Unusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit ClimateUnusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit Climate
 
Healthcare Training Module
Healthcare Training ModuleHealthcare Training Module
Healthcare Training Module
 
RAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for LeadersRAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for Leaders
 
The RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and BeyondThe RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and Beyond
 
Irf Medical Necessity
Irf Medical NecessityIrf Medical Necessity
Irf Medical Necessity
 
MUI for Ohio DD (9/2013)
MUI for Ohio DD (9/2013)MUI for Ohio DD (9/2013)
MUI for Ohio DD (9/2013)
 
Top Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ HearingTop Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ Hearing
 
SNF Consolidated Billing - Q & A
SNF Consolidated Billing - Q & ASNF Consolidated Billing - Q & A
SNF Consolidated Billing - Q & A
 
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
Hospital Readmission Reduction: How Important are Follow Up Calls? (Hint: Very)
 
Medicare 101 understanding medicare final
Medicare 101 understanding medicare finalMedicare 101 understanding medicare final
Medicare 101 understanding medicare final
 
Current Policy: Medicaid Expansion - Public Policy in Health Care Presentation
Current Policy: Medicaid Expansion - Public Policy in Health Care PresentationCurrent Policy: Medicaid Expansion - Public Policy in Health Care Presentation
Current Policy: Medicaid Expansion - Public Policy in Health Care Presentation
 
Medicare 101: The A,B,C, and D\’s of Medicare
Medicare 101: The A,B,C, and D\’s of MedicareMedicare 101: The A,B,C, and D\’s of Medicare
Medicare 101: The A,B,C, and D\’s of Medicare
 
2016 medicare presentation
2016 medicare presentation 2016 medicare presentation
2016 medicare presentation
 
Medicare Basics
Medicare BasicsMedicare Basics
Medicare Basics
 
Financial Concerns Community Education Class
Financial Concerns Community Education ClassFinancial Concerns Community Education Class
Financial Concerns Community Education Class
 
R Bays - Antitrust implications for Healthcare ACO’s
R Bays - Antitrust implications for Healthcare ACO’sR Bays - Antitrust implications for Healthcare ACO’s
R Bays - Antitrust implications for Healthcare ACO’s
 
SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...
SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...
SMMC Long-term Care Provider Webinar: Developmental Disabilities Waiver Serv...
 

Similar a Complying with HIPAA Privacy Rule

Conditions of participation presentation
Conditions of participation presentationConditions of participation presentation
Conditions of participation presentationlearfield
 
Harnessing the Power of Medicare Data
Harnessing the Power of Medicare DataHarnessing the Power of Medicare Data
Harnessing the Power of Medicare DataProtik Sandell
 
54843060_Pages from Module 2-Medical Billing_1.pdf
54843060_Pages from Module 2-Medical Billing_1.pdf54843060_Pages from Module 2-Medical Billing_1.pdf
54843060_Pages from Module 2-Medical Billing_1.pdfRajv360
 
Patient-Centered Medical Home: The Process and Initiative
Patient-Centered Medical Home: The Process and InitiativePatient-Centered Medical Home: The Process and Initiative
Patient-Centered Medical Home: The Process and InitiativeGreenway Health
 
Social security and medicare & medicaid fall 2013 abridged
Social security and medicare & medicaid fall 2013 abridgedSocial security and medicare & medicaid fall 2013 abridged
Social security and medicare & medicaid fall 2013 abridgedShepard Joy
 
Social security and medicare & medicaid spring 2014 abridged
Social security and medicare & medicaid spring 2014 abridgedSocial security and medicare & medicaid spring 2014 abridged
Social security and medicare & medicaid spring 2014 abridgedShepard Joy
 
UB04 EXAMPLE JONES
UB04 EXAMPLE JONESUB04 EXAMPLE JONES
UB04 EXAMPLE JONESEbony Holden
 
Ccd prevention regulation comments draft
Ccd prevention regulation comments draftCcd prevention regulation comments draft
Ccd prevention regulation comments draftThe National Council
 
Ccd prevention regulation comments draft
Ccd prevention regulation comments draftCcd prevention regulation comments draft
Ccd prevention regulation comments draftThe National Council
 
12 Introduction to Health Information Privacy and Security .docx
12 Introduction to Health Information Privacy and Security .docx12 Introduction to Health Information Privacy and Security .docx
12 Introduction to Health Information Privacy and Security .docxmoggdede
 
Contracts and Memorandums of Understanding - Requirements and Responsibilities
Contracts and Memorandums of Understanding - Requirements and ResponsibilitiesContracts and Memorandums of Understanding - Requirements and Responsibilities
Contracts and Memorandums of Understanding - Requirements and ResponsibilitiesCompliatric Where Compliance Happens
 
2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...
2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...
2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...Compliatric Where Compliance Happens
 
Hit Potential Peg Schible
Hit Potential Peg SchibleHit Potential Peg Schible
Hit Potential Peg Schiblepegscheible
 
2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf
2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf
2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdfCompliatric Where Compliance Happens
 
NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...
NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...
NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...CHC Connecticut
 
The meaning of meaningful use 2010 05-14 missouri rural hospital hit conference
The meaning of meaningful use 2010 05-14 missouri rural hospital hit conferenceThe meaning of meaningful use 2010 05-14 missouri rural hospital hit conference
The meaning of meaningful use 2010 05-14 missouri rural hospital hit conferencelearfield
 
2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx
2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx
2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docxnovabroom
 

Similar a Complying with HIPAA Privacy Rule (20)

HIPAA Glossary
HIPAA GlossaryHIPAA Glossary
HIPAA Glossary
 
Conditions of participation presentation
Conditions of participation presentationConditions of participation presentation
Conditions of participation presentation
 
Harnessing the Power of Medicare Data
Harnessing the Power of Medicare DataHarnessing the Power of Medicare Data
Harnessing the Power of Medicare Data
 
54843060_Pages from Module 2-Medical Billing_1.pdf
54843060_Pages from Module 2-Medical Billing_1.pdf54843060_Pages from Module 2-Medical Billing_1.pdf
54843060_Pages from Module 2-Medical Billing_1.pdf
 
2010 17207 pi
2010 17207 pi2010 17207 pi
2010 17207 pi
 
Patient-Centered Medical Home: The Process and Initiative
Patient-Centered Medical Home: The Process and InitiativePatient-Centered Medical Home: The Process and Initiative
Patient-Centered Medical Home: The Process and Initiative
 
Social security and medicare & medicaid fall 2013 abridged
Social security and medicare & medicaid fall 2013 abridgedSocial security and medicare & medicaid fall 2013 abridged
Social security and medicare & medicaid fall 2013 abridged
 
Social security and medicare & medicaid spring 2014 abridged
Social security and medicare & medicaid spring 2014 abridgedSocial security and medicare & medicaid spring 2014 abridged
Social security and medicare & medicaid spring 2014 abridged
 
UB04 EXAMPLE JONES
UB04 EXAMPLE JONESUB04 EXAMPLE JONES
UB04 EXAMPLE JONES
 
Ccd prevention regulation comments draft
Ccd prevention regulation comments draftCcd prevention regulation comments draft
Ccd prevention regulation comments draft
 
Ccd prevention regulation comments draft
Ccd prevention regulation comments draftCcd prevention regulation comments draft
Ccd prevention regulation comments draft
 
12 Introduction to Health Information Privacy and Security .docx
12 Introduction to Health Information Privacy and Security .docx12 Introduction to Health Information Privacy and Security .docx
12 Introduction to Health Information Privacy and Security .docx
 
Contracts and Memorandums of Understanding - Requirements and Responsibilities
Contracts and Memorandums of Understanding - Requirements and ResponsibilitiesContracts and Memorandums of Understanding - Requirements and Responsibilities
Contracts and Memorandums of Understanding - Requirements and Responsibilities
 
2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...
2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...
2023 Compliatric Webinar Series - Contracts and Memorandums of Understanding ...
 
Hit Potential Peg Schible
Hit Potential Peg SchibleHit Potential Peg Schible
Hit Potential Peg Schible
 
2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf
2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf
2023 Compliatric Webinar Series - HRSA HAB Audit Tips for Part C.pdf
 
NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...
NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...
NTTAP Webinar Series - May 18, 2023: The Changing Landscape of Behavioral Hea...
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 
The meaning of meaningful use 2010 05-14 missouri rural hospital hit conference
The meaning of meaningful use 2010 05-14 missouri rural hospital hit conferenceThe meaning of meaningful use 2010 05-14 missouri rural hospital hit conference
The meaning of meaningful use 2010 05-14 missouri rural hospital hit conference
 
2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx
2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx
2 2 6L e a r n i n g O b j e c t i v e sPrice is what.docx
 

Más de Elizabeth Baker, JD, CRCMP

The intersection of the practice of law and compliance
The intersection of the practice of law and complianceThe intersection of the practice of law and compliance
The intersection of the practice of law and complianceElizabeth Baker, JD, CRCMP
 
Corporate Workflow Process - Complaints and Legal Matters (illustration)
Corporate Workflow Process - Complaints and Legal Matters (illustration)Corporate Workflow Process - Complaints and Legal Matters (illustration)
Corporate Workflow Process - Complaints and Legal Matters (illustration)Elizabeth Baker, JD, CRCMP
 
Third Party Vendor Contract – Risk Management
Third Party Vendor Contract – Risk ManagementThird Party Vendor Contract – Risk Management
Third Party Vendor Contract – Risk ManagementElizabeth Baker, JD, CRCMP
 

Más de Elizabeth Baker, JD, CRCMP (12)

EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
AML BSA - GAMING INDUSTRY
AML BSA - GAMING INDUSTRYAML BSA - GAMING INDUSTRY
AML BSA - GAMING INDUSTRY
 
The intersection of the practice of law and compliance
The intersection of the practice of law and complianceThe intersection of the practice of law and compliance
The intersection of the practice of law and compliance
 
Identifying critical security controls
Identifying critical security controlsIdentifying critical security controls
Identifying critical security controls
 
MiFID II – 2018 compliance deadline looms
MiFID II – 2018 compliance deadline loomsMiFID II – 2018 compliance deadline looms
MiFID II – 2018 compliance deadline looms
 
HOA Liens – Washington
HOA Liens – WashingtonHOA Liens – Washington
HOA Liens – Washington
 
Corporate Workflow Process - Complaints and Legal Matters (illustration)
Corporate Workflow Process - Complaints and Legal Matters (illustration)Corporate Workflow Process - Complaints and Legal Matters (illustration)
Corporate Workflow Process - Complaints and Legal Matters (illustration)
 
BSA/AML in the USA and AML/CTF in the Caymans
BSA/AML in the USA and AML/CTF in the CaymansBSA/AML in the USA and AML/CTF in the Caymans
BSA/AML in the USA and AML/CTF in the Caymans
 
Third Party Vendor Contract – Risk Management
Third Party Vendor Contract – Risk ManagementThird Party Vendor Contract – Risk Management
Third Party Vendor Contract – Risk Management
 
Banking regulations – risk management
Banking regulations – risk managementBanking regulations – risk management
Banking regulations – risk management
 
Managing employee risk
Managing employee riskManaging employee risk
Managing employee risk
 
3 Step Contract Management System
3 Step Contract Management System 3 Step Contract Management System
3 Step Contract Management System
 

Último

The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,18822020000445musaib
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act2020000445musaib
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791BlayneRush1
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 

Último (20)

The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 

Complying with HIPAA Privacy Rule

  • 1. Complying with HIPAA Privacy Rule http://hipaanews.org/Documents/privacysummary.pdf
  • 2. • Who has to comply with HIPAA Privacy Rules • Health Care Providers • Health Care Clearinghouses • Health Care Plans • Checklist to help your Company become Compliant • Awareness & Education – training • Project Planning • Electronic Transactions • Privacy • Security • National Identifiers • General Information – Compliance monitoring, policies and procedures E Baker, JD, CRCMP
  • 3. Does person, business entity or agency (i) provide, (ii) bill, or (iii) receive payments for health care (1) in the normal course of business? NO YES NOT a Health Care Provider Is the person, business entity or agency conducting a covered transaction: (2) 1. claims, 2. inquiry about benefit plan, 3. referral certification or authorization, 4. claim status, 5. enrollment/disenrollment, 6. payment or remittance advice, 7. premium payment, 8. coordination of benefits YES Are the covered transactions transmitted in electronic form? (3) NO This IS a Health Care Provider YES NO #1 An individual, business entity or agency that is a (1) health care provider (HCP), (2) conducting covered transaction, and (3) in electronic form or E Baker, JD, CRCMP
  • 4. Footnote 1 Health care is defined as: care, services, or supplies related to the health of an individual. It includes, but is not limited to, the following: (1) Preventive, diagnostic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and (2) Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription. See 45 C.F.R.160.103. E Baker, JD, CRCMP
  • 5. Footnote 2 Covered transactions are transactions for which the Secretary has adopted standards (see 45 C.F.R. Part 162). If a healthcare provider uses another entity (such as a clearinghouse) to conduct covered transactions in electronic form on its behalf, the health care provider is considered to be conducting the transaction in electronic form. A transaction is a covered transaction if it meets the regulatory definitions for the type of transactions as follows: 45 C.F.R.162.1101: Health care claims or equivalent encounter information transaction is either of the following: (a) A request to obtain payment, and necessary accompanying information, from a health care provider to a health plan, for health care. (b) If there is no direct claim, because the reimbursement contract is based on a mechanism other than charges or reimbursement rates for specific services, the transaction is the transmission of encounter information for the purpose of reporting health care. E Baker, JD, CRCMP
  • 6. 45 C.F.R.162.1201: The eligibility for a health plan transaction is the transmission of either of the following: (a) An inquiry from a health care provider to a health plan, or from one health plan to another health plan, to obtain any of the following information about a benefit plan for an enrollee: (1) Eligibility to receive health care under the health plan. (2) Coverage of health care under the health plan. (3) Benefits associated with the benefit plan. (b) A response from a health plan to a health care provider's (or another health plan's) inquiry described in paragraph (a) of this section. 45 C.F.R.162.1301: The referral certification and authorization transaction is any of the following transmissions: (a) A request for the review of health care to obtain an authorization for the health care. (b) A request to obtain authorization for referring an individual to another health care provider. (c) A response to a request described in paragraph (a) or paragraph (b) of this section. 45 C.F.R.162.1401: A health care claim status transaction is the transmission of either of the following: (a) An inquiry to determine the status of a health care claim. (b) A response about the status of a health care claim. E Baker, JD, CRCMP
  • 7. 45 C.F.R.162.1501: The enrollment and disenrollment in a health plan transaction is the transmission of subscriber enrollment information to a health plan to establish or terminate insurance coverage. 45 C.F.R.162.1601: The health care payment and remittance advice transaction is the transmission of either of the following for health care: (a) The transmission of any of the following from a health plan to a health care provider's financial institution: (1) Payment. (2) Information about the transfer of funds. (3) Payment processing information. (b) The transmission of either of the following from a health plan to a health care provider: (1) Explanation of benefits. (2) Remittance advice. E Baker, JD, CRCMP
  • 8. 45 C.F.R.162.1701: The health plan premium payment transaction is the transmission of any of the following from the entity that is arranging for the provision of health care or is providing health care coverage payments for an individual to a health plan: (a) Payment. (b) Information about the transfer of funds. (c) Detailed remittance information about individuals for whom premiums are being paid. (d) Payment processing information to transmit health care premium payments including any of the following: (1) Payroll deductions. (2) Other group premium payments. (3) Associated group premium payment information. 45 C.F.R.162.1801: The coordination of benefits transaction is the transmission from any entity to a health plan for the purpose of determining the relative payment responsibilities of the health plan, of either of the following for health care: (a) Claims. (b) Payment information. E Baker, JD, CRCMP
  • 9. Footnote 3 In electronic form means: using electronic media, electronic storage media including memory devices in computers (hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the internet (wide-open), extranet (using internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media. Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media, because the information being exchanged did not exist in electronic form before the transmission. E Baker, JD, CRCMP
  • 10. Does business entity or agency (i) Process or (ii) Facilitate the processing of health information from nonstandard format or content into standard format or the reverse(4) 45 C.F.R. 160.103 NO YES NOT A HCC 1. Does the business or agency perform this function for another legal entity? YES NO THIS IS A HCC #2 A health care clearinghouse (HCC) or E Baker, JD, CRCMP
  • 11. Is the plan (individual or group or combination thereof) the provider or payer of the cost of “medical care” a. Amounts paid for diagnosis, cure, mitigation, treatment or prevention of disease or for the purpose of affecting any structure or function of the body, b. Amounts paid for transportation primarily for and essential to medical care in (a), and c. Amounts paid for insurance covering medical care in (a) and (b)? NO YES NO THIS IS A HEALTH PLAN Is the plan a “group health plan” – an employee welfare benefit plan (ERISA) that provides medical care to employees directly or through insurance, reimbursement or otherwise and has (1) 50 or more participants and (2) is self- administered (administered by an entity other than the employer that established and maintains the plan)? (45 C.F.R. 160.103) NOT A HEALTH PLAN YES Is the plan a health insurance issuer? 45 C.F.R. 160.103 (licensed to engage in business of insurance in a state) YES YES Is the plan an issuer of a Medicare supplemental policy? 42 U.S.C. 1395ss(g)(1)NO NO Is the plan an HMO? 45 C.F.R. 160.103 YES NO Is the plan a multi-employer welfare benefit plan? 45 C.F.R. 160.103 YES Does the program provide ONLY excepted benefits (accident or disability income insurance, supplemental to liability, worker’s compensation, etc.)? NO NO YES Is the plan an issuer of long- term care policies? NO Does the plan provide ONLY nursing home fixed indemnity policies? NO YES YES #3A Is the private benefit plan a “health plan” (HP)? E Baker, JD, CRCMP
  • 12. #3B Is the government-funded program a “health plan” (HP)? Is the program one of the listed government health plans? 1. Medicare A, B, C (42 U.S.C. 1395 et seq), 2. Medicaid (42 U.S.C. 1396 et seq) 3. Active military personnel health care program (10 U.S.C. 1074 et seq) 4. Veterans health care (38 U.S.C. Ch. 17) 5. CHAMPUS (10 U.S.C. 1061 et seq) 6. Indian Health Care Improvement Act (25 U.S.C. 1601) 7. Federal Employees Health Benefit Program (5 U.S.C. Ch. 89) 8. SCHIP (42 U.S.C. 1397 et seq) NO YES NOT A HEALTH PLAN NO THIS IS A HEALTH PLAN Is the program an individual or group plan that provides or pays the cost of medical care? NOT A HEALTH PLAN YES Is the program a high risk pool (as established under state law to provide health insurance coverage or comparable coverage to eligible individuals? YES NO Is the program a HMO? NO YES Is the principal activity of the program providing direct health care? YES NO Is the principal activity to make grants to fund providing direct health care (funding health clinics)? YES NO Is the principal purpose other than providing or paying for health care costs (e.g. operating prison, fellowship program, etc.)? YES Does the program provide ONLY excepted benefits (accident or disability income insurance, supplemental to liability, worker’s compensation, etc.)? NO NO YES E Baker, JD, CRCMP
  • 13. # Question Not Started In Process Completed Awareness & Education 1 Has your organization had any Awareness Education on HIPAA Regulations and Compliance? 2 Do you monitor or receive automated information regarding changes in HIPAA regulations Project Planning 3 Have you selected a Project Manager and Project Team for your HIPAA Project? 4 Have you created a Project Plan? Electronic Transactions 5 Have you applied for the ACSA Electronic Transaction extension for your organization? 6 Have you completed an inventory of all information systems and work flow processes with regard to Electronic Transactions? 7 Have you compiled a list of vendors, health plans, business associates and trading partners? 8 Have you gathered, reviewed and compared your current billing forms, policies, and procedures to the HIPAA Electronic Claims Transaction and Code Set regulations? NEW TO HIPAA? HIPAA CHECKLIST FOR BECOMING COMPLIANT E Baker, JD, CRCMP
  • 14. # Question Not Started In Process Completed Privacy 9 Has your organization designated an Information Privacy and Security Officer as required by HIPAA? 10 Have you developed a Notice of Information Practices to post in your office and distribute to each patient? 11 Have you gathered, reviewed and compared your current forms, policies, and procedures to the HIPAA Privacy Regulations and State Privacy Regulations? 12 Have you developed policies and procedures that meet the needs of your Human Resources Department with regard to Privacy requirements for the protection of health information of your staff? 13 Have you developed processes for documenting, retaining, distributing and discarding Protected Health Information (PHI) as required by HIPAA? 14 Have you developed processes for receiving, investigating and documenting individual complaints? 15 Have you developed or revised current consent forms for patients in line with HIPAA regulations? 16 Do you have all forms that must be read and signed by patients in languages appropriate to their culture? E Baker, JD, CRCMP
  • 15. # Question Not Started In Process Completed Security 17 Has your organization completed a Security Evaluation on the information systems used in conjunction with maintaining your current and future Protected Health Information? 18 Does your organization have virus checking software, firewalls and operating systems that provide encryption and other security measures? 19 Does your organization perform back-ups of your data daily? 20 Does your organization have a Disaster Recovery and Contingency Plan to meet the HIPAA Security Standards? 21 Has your organization developed security policies and procedures with regard to confidentiality statements, individually identifying information system users, passwords, automatic logoff, acceptable use, e-mail, internet usage, authentication of workstations, monitoring and documenting unauthorized access, audit trails of users, sanctions for misuse or disclosure and termination checklists? 22 Has your organization provided for the overall physical security of your information systems, facility, staff, and medical records? 23 Has your organization developed job descriptions for HIPAA required positions and all other positions in your organization? National Identifiers 24 Have you located, printed and read the Proposed Regulations for National Identifiers to include National Provider Identifier and National Payer Identifier, National Employer Identifier? General Information 25 Have you developed a comprehensive training program for your organizations staff (both present and future) covering all HIPAA standards to include responsibilities and penalties for non-compliance? 26 Does your organization have a Compliance Officer and General Compliance Plan to cover such things as fraud and abuse, codes of conduct, whistle-blower suits, auditing and monitoring, disciplinary standards and personnel issues, responding to problems, investigations and corrective actions? E Baker, JD, CRCMP
  • 16. PROTECTED INFORMATION All "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI).“ “Individually identifiable health information” is information, including demographic data, that relates to: • the individual’s past, present or future physical or mental health or condition, • the provision of health care to the individual, or • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g. E Baker, JD, CRCMP
  • 17. De-Identified Health Information. There are no restrictions on the use or disclosure of de-identified health information. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: 1) a formal determination by a qualified statistician; or 2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual. Required Disclosures. A covered entity must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation or review or enforcement action E Baker, JD, CRCMP
  • 18. Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object – Facility directories and or Notification and Other Purposes; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities – Required by Law, Public Health Activities, Victims of Abuse, Neglect or Domestic Violence, Health Oversight Activities, Judicial and Administrative Proceedings, Law Enforcement Purposes, Decedents, Cadaveric Organ, Eye or Tissue Donation, Research, Serious Threat to Health or Safety, Essential Government Functions or Worker’s Compensation; and (6) Limited Data Set for the purposes of research, public health or health care operations. Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make. E Baker, JD, CRCMP
  • 19. Authorization. A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization, except in limited circumstances. An authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party. All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data. Covered entity must limiting use and disclosure of information to the minimum amount necessary to accomplish the intended purpose of the use, disclosure or request. Develop and Implement policies and procedures that restrict access and uses of PHI based upon the specific roles of employees within the covered entities. E Baker, JD, CRCMP
  • 20. Privacy Policies and Procedures. A covered entity must develop and implement written privacy policies and procedures that are consistent with the Privacy Rule. Privacy Personnel. A covered entity must designate a privacy official responsible for developing and implementing its privacy policies and procedures, and a contact person or contact office responsible for receiving complaints and providing individuals with information on the covered entity’s privacy practices. Workforce Training and Management. Workforce members include employees, volunteers, trainees, and may also include other persons whose conduct is under the direct control of the entity (whether or not they are paid by the entity). A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity must have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule. Mitigation. A covered entity must mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its workforce or its business associates in violation of its privacy policies and procedures or the Privacy Rule. Data Safeguards. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. E.g. shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes. Complaints. A covered entity must have procedures for individuals to complain about its compliance with its privacy policies and procedures and the Privacy Rule. The covered entity must explain those procedures in its privacy practices notice. Among other things, the covered entity must identify to whom individuals can submit complaints to at the covered entity and advise that complaints also can be submitted to the Secretary of HHS. Retaliation and Waiver. A covered entity may not retaliate against a person for exercising rights provided by the Privacy Rule, for assisting in an investigation by HHS or another appropriate authority, or for opposing an act or practice that the person believes in good faith violates the Privacy Rule. Documentation and Record Retention. A covered entity must maintain, until six years after the later of the date of their creation or last effective date, its privacy policies and procedures, its privacy practices notices, disposition of complaints, and other actions, activities, and designations that the Privacy Rule requires to be documented. Fully-Insured Group Health Plan Exception. The only administrative obligations with which a fully-insured group health plan that has no more than enrollment data and summary health information is required to comply are the (1) ban on retaliatory acts and waiver of individual rights, and (2) documentation requirements with respect to plan documents if such documents are amended to provide for the disclosure of protected health information to the plan sponsor by a health insurance issuer or HMO that services the group health plan E Baker, JD, CRCMP