Notes
Slide Show
Outline
1
TOTAL HIPAA
  • Providing Computer Technology for HIPAA Compliance and Administrative Support Systems
2
What is HIPAA?
  • What does HIPAA stand for?
  • Health Insurance Portability and Assurance Act
  • How did it come to pass?
  • It was passed in 1996 as part of privacy issues raised in congress. It is only now becoming due and with mandatory compliance.
3
Who is HIPAA intended for?
  • HIPAA aimed at health care providers and the people who do business with them:
    • Healthcare providers – hospitals, pharmacies, nursing homes, home health agencies.
    • Health Plans – HMO’s MCO’s
    • Clearing houses – Billing services, re-pricing agencies third party administrators, life insurers, health Web sites
    • Business associates – contractors, lawyers, data processing, etc. providing services to the above.
4
What are the HIPAA components?
  • Transactions - EDI
  • Code Sets
  • Unique National Health Identifiers
  • Security & Electronic Signatures
  • Privacy Regulations
5
Implementing HIPAA
  • Many companies have some of the HIPAA procedures and requirements in place
  • There are both administrative and technological components
  • Some HIPAA providers may not cover all areas of HIPAA
6
TOTAL HIPAA
  • A comprehensive, one-stop approach:
    • Analyze
    • Propose solution
    • Install technology systems
    • Install matching support administration systems
    • Train staff
7
Summary
  • Transactions, Code Sets, and Identifiers compliance may involve changing software applications and programs
  • Administrative systems must match the computer technology systems.
  • Make sure your administrative systems are correctly matched for your technology.
    • HIPAA technical details follow in the next section…
8
Transactions - EDI
  • When data is exchanged or transacted, it must be formatted in a standardized manner.
    • HIPAA requires adoption of the chosen standards, ANSI X12N version 4010, for the following 9 administrative and financial transactions:
9
Code Sets
  • Codes sets are encoding applied to patients, treatments, and other aspects.
  • Here are the "medical" coding schemes :
    • ICD-9-CM (volume I and II): These are the diagnosis codes. The International Classification of Diseases, 9th edition, Clinical Modification codes are for most diseases, injuries, impairments, other health problems and causes of injury, disease, and impairment.
    • ICD-9-CM (volume III): This code set will be used for inpatient and hospital services.
    • CPT4: The Current Procedural Terminology level 4 code set will be used for physician services.
    • HCPCS: The HCPCS will be used for physician services and certain other healthcare services and for substances, durable medical equipment, supplies, and other items.
    • CDT3: This code set will be used for Dental services.
    • NDC: the National Drug Codes will be used for drugs and biologicals.
    • Other: The "administrative" code set
10
Unique IDs – National Health Identifiers
  • The system calls for unique ID’s to be given to providers and patients for greater accuracy and matching up of records.
    • Provider Identifier: Proposed rules were published in May, 1998. The rules include the development of a new unique identification number called a national provider identifier (NPI) for all healthcare providers. The NPI is a 10 position alphanumeric identifier with a checksum digit. NPI will not replace the tax identification number but will eventually replace the Universal Provider Identification Number (UPIN). NPI will be issued by the National Provider System (NPS) based on information entered into the NPS by one or more organizations known as "enumerators".
    • Health Plan Identifier: Rules have been published for a 10 position alphanumeric identifier with a checksum digit. This identifier is expected to carry no embedded intelligence. The number is assigned to health plans, including TPAs, IPAs, PPOs, etc.
    • Employer Identifier: The DHHS proposes using the Employer Identification number (EIN), the taxpayer identifying number of employers that is assigned by the Internal revenue Service (IRS). The IRS has agreed to the use of the EIN.
    • Individual Identifier: Individual identifiers have been controversial because of the perception that access to all information on an individual could be obtained through a single identifier and due to the intense pressure from various interest groups, its development has been put on indefinite hold.
11
Security Issues
  • HIPAA security issues include:
    • Physical Safeguards
      • Security Responsibility
      • Media Controls
      • Physical Access
      • Controls
      • Policy - Workstation Use
      • Secure Workstation
        Location
      • Security Awareness
        Training
    • Technical Security Services
      • Communications/
        Network Controls
      • Integrity Controls
      • Message
        Authentication
12
Privacy Regulations
  • The HIPAA Privacy regulation defines standards to protect the privacy of individually identifiable health information. The key elements in the privacy rule are:
    • Covers Protected Health Information (PHI) stored or transmitted irrespective of the medium - electronic, paper, or oral.
    • Minimum Necessary Disclosure and use.
    • No authorization necessary when PHI used for permitted healthcare operations. Authorization required for all non-routine use.
    • Designated privacy officer and business associate contracts.