HIPAAcompliance

How do we get there, from here??

• Assessment, Planning, Implementation & Maintenance
  
• Business Associates
  
• Certification
  
• Identifiers
  
• Specific Covered Entity Groups
  
• Whitepapers

General

Keeping Up With HIPAA Compliance, Health Data Management, December 1, 2006
A recent survey of healthcare providers and payers found comprehensive compliance with the HIPAA privacy and security rules remains low in some cases and stalled in other areas. However, more than one-and-a-half years after the HIPAA security rule's compliance date, and three-and-a-half years after the privacy rule's deadline, some healthcare organizations continue to work toward maintaining-and augmenting-compliance.

HIPAA Gives Birth to the CMO by Sean M. Megley, Health IT World, October 26, 2004
It's no wonder that internal IT departments cannot become regulatory compliance experts. As organizations face the HIPAA Security compliance deadline, the benefits of an outsourced compliance maintenance organization (CMO) that will provide compliance management systems and expert advice for security, systems management, and operations ought to be considered.

A Five-Phase Process for HIPAACompliance: A Case Study in Process

Communicating to Patients about HIPAA Privacy: Have We Achieved Compliance or Complacency? by Randa Upham, Consulting Editor, and D’Arcy Gue, Executive Vice President, Phoenix Health Systems, June 2004

11th Hour HIPAA: How Can You Meet the Deadlines? by D’Arcy Guerin Gue, with Tom Grove, Health Management Technology, January 2003
Even though this article was written before the April 14, 2003 HIPAA Privacy deadline, it's still sage advice for anyone working on becoming compliant.

Health Care Goes Digital by Laura Landro, reprinted by HIMSS News from the Wall Street Journal, June 17, 2002
New federal rules aimed at protecting the electronic transfer of medical data will be virtually impossible to comply with unless hospitals upgrade their information systems. So, the issue now is not whether to get new IT systems, but what to buy first, how to pay for it, and how to train health-care workers -- from physicians to lab technicians -- to do their jobs differently.

Assessment:

• Steps for Providers: HIPAA Gap Assessment/Risk Analysis - A checklist from Phoenix HIPAA Solutions Staff
  
• Self-evaluation Checklist from AFEHCT
  
• Organizing Your HIPAA Efforts
  Define a HIPAA steering committee as a first step to organizing HIPAA preparation efforts.

Planning:

• Strategize Now to Take Advantage of HIPAA Opportunities by Michael Doscher, HealthLeaders.com, July 24, 2002
  The healthcare industry must counter significant resistance and passivity to meet or exceed minimal compliance with HIPAA.
  
• Patient Access: "Getting HIPAA Right" by John Thompson, Phoenix Health Systems
  
• The Step Child of HIPAA Compliance: Culture Change by D'Arcy Guerin Gue, Phoenix Health Systems

Implementation

• HIPAA Security: Don't Disband the Committee Just Yet by Stephen C. Brown, Journal of AHIMA, May 2005
  In order to maintain compliance with the HIPAA security rule, information security diligence needs to evolve from a project to an everyday operation. Data security is a moving target and so is HIPAA compliance.
  
• The State of HIPAA Privacy & Security Compliance Survey from AHIMA (PDF)
  
• Implementation Summary: 25-Point Action Overview
  
• Cost Estimates:
  
• Fitch Report Projects HIPAA-related Costs to Be Less Than Anticipated According to a study by Fitch, HIPAA-related costs for hospitals and health systems will be less than originally anticipated, due to health providers' recent revenue cycle management initiatives that have led to system upgrades, many of which concurrently have met HIPAA compliance requirements. Fitch expects that standardized claims will produce operating efficiencies that will ultimately exceed the cost of meeting compliance.
  
• BCBS March 2001 Analysis of HHS Cost Estimates for the Final HIPAA Privacy Regulation (PDF)
  BCBS estimates that the final privacy regulation will cost more than $42.9 billion over five years to implement.
  
• AHIMA vs. Blue Cross Blue Shield on Privacy Cost Study
  AHIMA disagrees with Blue Cross and Blue Shield estimates.

Maintenance

• HIPAA Gets 'Teeth' by Jennifer Willcox, Corporate Compliance & Regulatory Newsletter, August 31, 2006
  The recently finalized HIPAA Enforcement Rule may signal a new era of HIPAA enforcement. Given the HIPAA regulators' vast authority and the significant penalties that can be imposed under these rules, a compliance monitoring plan can be a cost-effective way to reduce your potential exposure.

• HIPAA Security: Don't Disband the Committee Just Yet by Stephen C. Brown, Journal of AHIMA, May 2005
  In order to maintain compliance with the HIPAA security rule, information security diligence needs to evolve from a project to an everyday operation. Data security is a moving target and so is HIPAA compliance.

To OHCA or Not to OHCA – at This Late Date? by Clyde Hewitt, Phoenix Health Systems

Privacy Implications of HIPAA on State Workers' Compensation Systems This white paper from the International Association of Industrial Accident Boards and Commissions addresses privacy and confidentiality in the handling of individually identifiable health information collected and used in connection with the adjudication, payment, and regulatory compliance of claims filed under state workers' compensation systems.

Auditing and Reporting for HIPAA Compliance
Accounting principles help healthcare providers shoulder the burden of proof.

Enforcing HIPAA Effectively Starts First Within the Covered Entity
by Michael Doscher and Richard Richel, HealthLeaders News, March 10, 2003
The first round of HIPAA compliance occurs this April, but the promised enforcement rule has not materialized. Although the industry knows which agencies are responsible for enforcing the different HIPAA provisions, no one yet understands how HIPAA will be enforced. This article reviews the various likely aspects of enforcement including the possible roles of hospital, medical group and health plan accreditation organizations, emerging HIPAA accreditation authorities and self-certification.

Capitalizing on HIPAA Compliance by Ellen G. Lanser, with Joe Pokorney,
Phoenix Health Systems

How to Use an Internet-Based Medical Records Repository and Retain Patient Confidentiality
This paper proposes a "patient controlled, cross sectional medical record that is accessible via the world wide web."

Record Retention Periods by Sue Dill Calloway RN MSN JD

Go to TOP

Identifiers

Tackling NPI: The Right Strategies Can Minimize Risks by Rosemary Abell, Healthcare Informatics, August 2005
The National Provider Identifier (NPI) regulation, mandated as a part of HIPAA, got under way May 23 as application for NPI numbers began. Organizations should be careful that they do not underestimate the time and effort required to shift to the new system and the impact it will have on business and services. The following tips can help ensure successful, cost-effective, on-time implementation.

Business Associates

Special Report – Overseas transcription: Is it safe? by Robert Lowes, Medical Economics, June 18, 2004
If you want to take advantage of offshore transcription, it's imperative to HIPAA-proof yourself as much as possible.

Doctors Also Ship Work Overseas (but they don't always know it) by Tyler Chin, AMNews, November 10, 2003
Offshore outsourcing can save physicians money, but can also present potential HIPAA problems. If physicians are notified that a business associate is violating the BA agreement, they are supposed to take steps to correct it; they are on the hook if they are notified of a problem and ignore it.

Many HIPAA Wrinkles for At-Home, Offshore Business Associates
by Jonathan Bogen, Health-IT World
The HIPAA Privacy Rules became effective for all covered entities on April 14, 2003. After that date, they must comply with all the pertinent requirements to protect protected health information (PHI). If they are a covered entity and contract with a medical transcription firm, what issues should they consider? How do the HIPAA rules apply to associates, including offshore companies, that routinely handle medical information?

Shaping Up Your Business Associates -- A Case Study on Compliance and Better Relationship Management by DeDee Birdsall

Tips on Contracting for Health Information Sharing and Processing
Suggested Areas for Negotiation with Business Associate Contracts and Chain of Trust Agreements

Contracting for "HIPAA Compliant" Software and Devices

Go to TOP

Certification

HIMSS & AHIMA Combined Certification for Health Info Security & Privacy
HIMSS offers the Certified in Healthcare Security (CHS) and AHIMA the Certified in Healthcare Privacy (CHP). The two organizations jointly offer a combined certification covering both disciplines, the Certified in Healthcare Privacy and Security (CHPS) credential. AHIMA will begin administering the CHP examination in the fall of 2002. HIMSS will begin administering the CHS examination in February 2003 at the Annual HIMSS Conference and Exhibition. The CHPS exam will be offered in February 2003.

Go to TOP