Post on 27-Mar-2015
Todd FrechOcius Medical Informatics6650 Rivers Ave, Suite 137North Charleston, SC 29406
843-576-1426
http://www.ocius.biz
Health Insurance Portability and
Accountability ActGeneral Overview for Software Vendors
Background
• Originally proposed in 1996 as part of a comprehensive set of reforms targeting health insurance
• Administrative Simplification section created in response to the commercialization of health information and the potential for abuse with the increased use of electronic systems
• Prior to HIPAA, there were no federal regulations to govern the use of personal health information (PHI)
Some Significant Abuses
• Marketing• Employment Screening• Inappropriate release of private
information
Legislative Authority
• Department of Health and Human Services– Defines requirements– Educates and inspects (Office of Civil
Rights)– Fines for minor offences
• Department of Justice– Criminal prosecution
What is HIPAA?
• Four Components– Transaction Standards– Privacy Regulations– Security Regulations– National Provider ID
• Regulation of individually identifiable health information
What is HIPAA?
• Covers electronic systems– Billing– EMR– Scheduling
• Impacts– Health plans– Health care providers– Health care clearing houses
HIPAA’s Goals
• Reduce administrative burdens• Protect the privacy of individually
identifiable health information• Ensure the security, integrity and
availability of health information
Transaction Standards
• Creates standard transaction sets for communicating health information via electronic interfaces
• Creates a standard definition of data elements
• Impacts billing, enrollment, disenrollment and authorization transactions
• Final rule published in August 2000• Requires implementation within 24
months
Privacy Standards
• Requires a covered entity to make a reasonable effort to obtain a patient’s permission to use their PHI for Treatment, Payment and Healthcare Operations (TPO)
• Requires a covered entity to obtain a patient’s permission for any non-TPO use of health information
• Defines the approved uses of health information• Defines the process for gaining approval• Gives patients the right to dispute information in
their health records• Defines the process for patient disputes
Security Standards
• Regulate integrity, confidentiality, unauthorized access, and availability
• Five components:– Administrative procedures – Physical safeguards– Technical security services– Technical security for networks– Electronic signature
Impact on Software Vendors
• Transaction Standards– Implementation by 10/2004– Standard data elements and transaction
formats
• Privacy Standards– Implementation by 4/2003– Minimal impact on software vendors
• Security Standards– No implementation date (12 months from final
rule date)– Largest impact on software vendors
Operational Issues
• Legal requirements– Business Associate Agreements
• Changes to policies and procedures– System Access– Training
• Software enhancements– Audit– Security
Client Issues
• Interpretation and implementation of three standards in a short period of time
• Developing appropriate polices and procedures
• Training, training, training
Regulatory Issues
• Enforcement– Office of Civil Rights– Department of Justice
• Fines and Penalties– Monetary fines for inappropriate
disclosure of PHI– Potential jail time for willful
misuse of PHI
Risk and Opportunities
• Timeline for implementation of security requirements
• Client focus during the implementation process
• Development of new policies and procedures
• Additional or upgraded network infrastructure
Got Questions?