Post on 04-Jan-2016
Security and Privacy Workgroup
SMALL PRACTICE IMPLEMENTATION
WEDI/SNIP Security and Privacy Workgroup
White PaperVersion 2.0 – Dated
April 2004
Security and Privacy Work Group
Background
White Paper based on Final Security Rule issued February 20, 2003
White Paper for education and awareness use only
Security and Privacy Work Group
Background White paper intended for use by trusted entities
– associations, consultants, and others – to inform small practices about HIPAA
Outlines awareness campaign to enable small practices to come into compliance with Security Rule
Two central goals:– Present strategy to inform small practices about
HIPAA Security Rule– Give guidance to small practices to enable them to
become compliant with Security Rule
Security and Privacy Work Group
Background
Important to keep in mind small practices need basics – not detailed discussion of the more esoteric points – Practices want simple, straightforward, and, to
extent possible, non-technical information– Recommended non-technical language be used
and practices be encouraged to keep implementation as simple as possible
– Technical language will make no sense to small practices
Security and Privacy Work Group
HIPAA and Small Practices
HIPAA applies to small provider practice if that practice submits claims electronically either directly or through a billing service or “clearinghouse”
Does not apply to practice that does not submit any standard transactions electronically
ASCA requires submission of electronic claims to Medicare, except if small practice with less than 10 full-time equivalent employees
Security and Privacy Work Group
Initial Information Version 1.0 of white paper reviews Security
Rule in detail – specification by specification Translates rule into language understandable
by small practices Provides specific guidance on how to proceed
in more complex areas– Future versions will provide more specific
guidance as industry consensus starts to continues to take shape around these issues
Security and Privacy Work Group
Specific Requirements
White paper reviews each requirement of Security Rule
Addresses administrative, physical, and technical security separately
Provides initial guidance on each of the 18 security “standards” in rule
Provides initial guidance on each of the 36 “implementation specifications” in rule
Security and Privacy Work Group
Future Direction
Future versions of white paper will provide more specific information regarding how to approach and implement each standard and implementation specification
Where appropriate, templates and other documents may be developed, similar to WEDI/SNIP Small Practice Privacy Implementation White Paper
Security and Privacy Work Group
Conclusion
Task of ensuring small practices come into compliance significant
Requires concerted effort by many individuals and organizations
White paper provides road map for trusted sources to provide consistent information
Information in white paper can be used by trusted sources to design specific guidance for their small practices
Security and Privacy Work Group
White Paper
Much more depth and guidance in White Paper
Download White Paper at snip.wedi.org– Go to Workgroups, Security and Privacy,
White Papers If you have questions, contact the Security
and Privacy Workgroup at snip@wedi.org
Security and Privacy Work Group
Acknowledgements
WEDI/SNIP thanks the following individual for preparing this presentation:
– Andrew Melczer, Ph.D., Illinois State Medical Society, melczer@isms.org