13) HIPPA: The Compliance Plan

Question 1

What are the roles of HIPPA?

Answer 1

1. Standardization of electronic pt health, administrative, and financial data
2. Define unique health identifiers
3. Security standards protecting confidentiality and integrity of PHI, past, present, or future

Question 2

What are the penalties for non-compliance?

Answer 2

• Fines up to $25K for multiple violations in the same calendar yr OR
• Fines up to $250K and/or imprisonment up to 10yrs for knowingly misusing PHI

Question 3

What are compliance requirements?

Answer 3

• Initially build organizational awareness of HIPPA
• Have a comprehensive assessment of the org’s privacy practices, information security systems & procedures, and use of electronic transactions
• Have an action plan for compliance w/each rule
• Devo a technical and management infrastructure to implement the plans

Question 4

What are the different aspects of administrative simplification?

Answer 4

• Standards for Electronic Documentation
  
  • Electronic Health Transactions
  • Unique Identifiers
  • Security Rule
  • Privacy Rule

Question 5

Electronic Health Transactions

Answer 5

• Health Claims
• Health Plan Eligibility
• Enrollment/Dis-enrollment
• Payment for Care and Health Plan Premiums,
• Claim Status
• 1st Injury Reports
• Coordination of Benefits
• Related Transactions

Question 6

Unique Identifiers

Answer 6

• EIN
• NPI
• Health Plan Identifiers

Question 7

Security Rule

Answer 7

Facility needs to take measures to ensure that e-PHI isn’t available/disclosed to unauthorized persons

• Requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting PHI

Question 8

Privacy Rule

Answer 8

Intended to protect the privacy of all PHI

• Gives pt’s new rights to access their medical records, request changes, and learn how they have been accessed
• Restrict access by others
• Restrict access to only the people who need to see it
• States that all pt’s need to be informed about the facility’s privacy practices
• Allows pt’s to decide if they want to authorize the disclosure of their PHI for uses other than tx or healthcare business ops
• Establish new criminal and civil sanctions for improper use/disclosure of PHI
• Establish business associate agreements w/business partners that safeguard their use and disclosure of PHI

Question 9

What are the parts of a voluntary compliance program?

Answer 9

1. Conduct internal monitoring and auditing periodically
2. Implement compliance and practice standards through written standards and procedures
3. Designate a compliance officer/contact to monitor compliance efforts and enforce practice standards
4. Conduct training and education on standards and procedures
5. Respond appropriately to detected violations
   
   • Investigate allegations
   • Disclosure of incidents to appropriate entities
6. Devo lines of communication
   
   • Discussions at staff meetings re avoiding erroneous or fraudulent conduct
   • Community bulletin boards to keep people informed
7. Enforce disciplinary standards through well-publicized guidelines
8. Lock cabinets where PHI is stored

Question 10

What are the steps to implement a HIPPA compliance program?

Answer 10

1. Conduct an impact assessment to determine gaps btwn existing info practices and policies and HIPPA requirements
2. Review fxns and activities of business partners to determine where business associate agreements are needed
3. Devo and implement privacy policies
4. Update systems to ensure they provide adequate protection of pt data

Question 11

What are some HIPPA concerns for PT’s?

Answer 11

• Pt ID
• Eval Procedures
• Sign-in/Out Process
• Facility Layout
• Computer Use