ࡱ> RTMNS`!9‰~'t;_Tv Xki9x}vH@QRY uzS"Zjk{~ ^zk{egg/@3g9&@r6K~6fx1dŬl73Rk̓Igwꯪvog~_*ٿf75C-y ~+7Jg Woz3{y6͕NֻYO$ 7};{:3HhHu->B?:/|fay4CmZ֛7w{Xkz7~Am' ?Iߣcxt1PW t|uFk&octA/A->.C{6Fv3oްk<܎gv~|/:GE3q|_q|Gˏ ~6t8>ct8>ct8>P_8 ~- ٗO`78OO|ymԣ=ʺ\'e:2+^}ixe~z}{Y/Z٢z+M}~$K5A`rĆKba w$ݿ"Ӆ7dTS e ~oqQX#ֵG V&\CuN~%:3EҒRC?!o{bݨg˺<9G>NXz.8oK\0BUD-l|b'zhWFB\_G gSev"=x&rᏰE,-M6H-r -kWDOQ0G3eƅ\џћ^OYvAf]&,o45| Ma7Q\r++):gJk*1@=&:1~唵qԐqn GݘSmxT> Z6d ~ȴBh"C2Z7#MIX<7;yEÖ6ˏRo"\ߐe/xgfRe}NnӃz.cGBSD ,m93vF9<7f,gt1o(jJ:lnҡ1ϸ[% cQpt, W|CIűB&DGW)\l#ʺYmQ^n [8*H`O&,5G#jZOđ◥q.feLVbߐe#3JMg1Gs&f-ә2GuL; !`mU3tf29beIVNyfEˢOڟF\0rfQeɕEo0K{30qle̪y>!F$ ܼTdr2)j ύS1qʖmA(F2&EzevNyÓDn;P˼čR>s)ʀ+Y1t97-S`<3~QDKKli|~7Uȭ [Jf924&s ſ|*A.3Qs߾2}XN*]啮{̓FEX9&S\.EYikb3s;)_ցBYFS<<)ծ1iR TnyC}^>e\lr4K;N&?ZN2dK.fٸ\cY_z1Y,d'/_7CfE+H+tAk ˨@@qGieƶwmE|*7jc7Ueo.}Iĺ'*& (yhTz+b3$ɯ vYX!p{QV.J"Ikl9_Frj{j3e$6.j)%5Q4Ӭ(ʹ)ĪHAZh&N,;ꙉ"vC1OTUg^yZM2XX6 PlZBM5sm"'K_RC:48 0kfG7͗|3P2iz2 T1:/fTR U/ E+]vLy7طt6+ٜIi="QV!ϓ`9%gQ,#W0p:dMd$*E;@OӢ.kzmr @9gꀲha(}-"^"3|b$%B=j"l M,UTZKU_<,ܪSf8;A\x]E: 6RACNICŻ 257J1IbD- W$)[3`hi' Fda?F='@ta\& ~Ͳ$ٞq'&%^je؉2Lŕ}C=lR_>ÕŲLg2QaJfCMµ-T_KܼD¯ 7lS>p x+$Wf0Pg_@y)8+ZGGQݰ}>" k F&T+(lF|y_x{ Bj;[^%,ǂø%/Y[S|&52a}FJۻUqQ-,fX,P0#HκavE4Yē ?C0{4 J_=ОDC4smGM]poַ \ YRH U q}=a 𡚤eG1'Q2g 3Y(#I`"]LL3ֳRiR%t~!xkǪ eW+wAzv%:r J꒒E/PxH@׬ P0N{"K/߂ϖKָNF\RfH ( 漉}TU^H4i*١tdցCUպBN<O|<v"vU_@BK{2yZL~n()w'[w{Ձ{խgklbTѶj [}ޯǑ1S:Hڡ(uȲu{"]n-~mj>C.T9@X$ޔvopwW/I7WQ;),!5Ϸx~,"ӗOEb IC]%X~TP̩oBߠc?C2X݂v -AeNص A}D^}hB`%ɗo`"V_dCk] PnqvӦp$-HE"<]"e2'PSb-=u`[T.aT$61O; AycƎ-1:_"o}.܏쾥BsxR@sk:onw`ebRTD8TT̸3$2T~vwfʘ_X'n82QsxzWfSb33y"(GDJE._; mhWhfWYffO`aRȚKb-ևrck9'euQ2i±FVH4SBL$%5圑zYY%&oDu  &>[R}UȚ+[XZM2&J +cF d R^p@V(:L"1})A檊Jz!\DR2dfҺ%l$ô,2/}/V e99Ij}pPz\f! X*m]CV۪4G[exw]Jer9oA_別hAZƵ]0JU8Bh8bΩʖݵkó}۪i!/EN5"=`9_hIt_MFe^fhbedQCH-x?CdEpi| pk=p{0n2moмv9ᨆx r;Y79|Xa)+Nm =l}IIҌ+rk3մ&^AWfLC-V-'=H 禍q)Ңe] W6a[  ۂ.=* %|Gu5ɣVe-'Ț%g 4URQMd8յ!ݶ[Dl N-N)o`9,(+/F#p=9Y-A cUi܉(ƃZwF ҷf!2+KmIjɖ[-/fIsiG)Wrd<hFtdONmy^젒gZ<`dJE%wkwIqjRUaXj"Ky!vH&4 'R^QQE'M[\,rnE\+ZNgz@E983;Y[깈-e1opHR0l)IU6ղ:onsx-T[2E5Y]Ca@$Wqɳt9J"`m>Dnպt1ZAf ')Y (gLkE {!6`qed)N.$ezqgߘ^!1Nb9rm$V(+b| yƐHa:es)Oաq xP20SQGYBePznOJ{4vG gۍo|ZV 4e¡3he*ܣq.]B D̲|>쵥ɫqA!dcPVիrrGBF̴ f 3eDh,dC u5 5D zK1(tV` bR&9v 6 >@Oa%%+ڗ RwY1BJ6(w$ZٔHRfrҬcv$ދyzPJnw*5W ԳTtJigqh[Zk>׭m{/lc! (l+U0a_uUN[-+DlMwаmy{B `=7luEaZ-[|T;9Xܒ.J)z&}= DTS8]mLa:1;{e~mq_ܷq"&`WEO@H.k{( w{oTvlWź ^O Ph]OЂ]pO"⢅[mK~tvw4@emG2=w&؝O[bS62s2kr%ae%FyҕLU{E=u@t׈XA% /rj=y-拂1g"{PHR9p~F5a;A]^\Ԟ}k?;׽gE[>O2vu5k ({בW 9` qԭW޲8U_pUwiW{#F y ^bt- mM''nx`J{Ta ZG)8@,=fiO3򆢟,}y1i2OYًz|'4,Q^ Ǩ`E@uu |r< h3W \9?F 6*@{r2#E Oܑ%hF\.(y-5yC#lWf57"IІa@Q+bgK:?B[#}Tj鈱}i"m T @ǧ? :O~e SP N: $ȶyIhÑ Nlw %KPt:]j1Ry}\+=!0aOg"Hzl&H)>iځ/eT ^A6ѼpdF{!oL3"hyܑdW, qY ƍFD[<\ M5թAK"G& ȳpFmG=r ivA$y+vof%@<\ sg7w]EVP uxc| 3:SңLpsRZ4oPOgq PU&[n<|Ly>\WJVN1hު\2oDgOz<>9$+Vj%ҒUtf`u 1ǚb"+"5Pt*zI=>P ܣ dFV)篒W}xHaڢ%l)/,3`^~#Qng-  ,Z)_r5Xڋ~.+bJL6cEg%\[HDuA3}RRdvrcfܤ%ٞHe0.4T65mw>PGbAbR3:ɥՁ** \+1"簟p+Q[[Y5LKnVoe#^F6UMLܵ!J׺A2 :&/^L8q7*s/Z([qH<"FkDU{;}ȴƑ \-J^?z_~'⺌ Ay.)g)uo.%٩y.v&Y/ Һx=ux;:h;&PZXzCt3Dڌ9NQtj[vl9sJ2q]MV2݋Bq/祃/_oeuY8^){{Yh-ppSxI')9o[ᚇLˡ_zR먜oxƕI[#SPshlF b!V+z4N7^J Lh~LTWZ^6Blor9!MC.ؖ\Z% eGƹuVA1#/5ἭWlz]6MFGPBϚ ZW2>{;k<T@K g@ ܁AIq̮yp ֤ 3pm)#q8s^ Wg Ez8=Z E<&dy#i.\_vK^P5ф"!KԠo._*e*QY/b% `qW(x07HlLXjvww vJl7niҳy/#A"D&eY1D/3WQ #Y~"|(Il2mB U Ȱ^рh:gH\D޺f22'Ce9WfPИQ !#(FM^%<' Zq4XDPVF4:Jj6z(#ueuc+cmD9gU #Ù.Tފ0>Q>ZklX#jCm7L\ZFĵ T\i0(юMDYM.7'Wi&ڱi CR -h0s$fJW~/"cbªuݑn۹0Ǜ k419Gĝq jHjģcA{MّeNL͚XJQ> ]C %sjke} j ]oUu}.*ET@ړhe"4aIQ]CV͏@ym4TTxKV΍qYW^Þ(::MKU^b6xh⺺rk" Κl*N sUNf]8#XWr _<"+Uά[sQMWm55 Ҷ=KuVVk*F<6+k <`Ub>:YR`)q*eJ*,m qȼwwї5qkj.̊Y8P 77Uk6RZ*"߫j<8u,\?Mf3 s0|/ 蘆,7M^/8W1b_Rv[Ǻ *¹ xDP^7x:g9I>D`&.tscfU݇pc-OӧSoH]FF/I`|a#h5r90m@"H&\NUCX 5Zᷨθcjy0|釓OT)ijHU/%$[S.uu3M,AO?tia*ji,0T|A͏N{͏p#g3 }|/ k`0v3.aRY9sK޽@eX!|zѦ0#i'O\R8_Ϗt#D\48Da;Б&?@@m8Z?|w,HW%*k w4 =i*=[Ϲ`+MSU "9`؞>}cwy9p6И&GY6|4,1'0K59JCM 4(96f#Zڊ]ݞ; wwSNAgNfnl.:hI| ~/B4'ǚmJ_D w$ b lnj4cb7c$0Gqk/i _pe„ӽ>*&2-H:&G{,5O}'9m*~p/B.&m°wU mbBn,T/<㊦mϹrJ22_ίreq495Ktl[)lJ7zy\So -l.EI7Dd.8^UqEUv3n7K;o6lܫ A7zNzѴwwέ!7vsg6itx[p*#;ԼAl@N[P|w2EV(j |,sT\ҟtd.`]\ 0{vzGDSC:܀xd-5yCff򠥠%m dwYo^8m~å: @F99,]/q/n4L>|rqu]4ݱs".oTsq; ^}\,pm̀ҫl ZXUjZW gdk8!CkaQcb =k ko͸RU֘vj}OʌK7e58`{nĦ5!]]qR.liZET,&=+c$hnÓ֬t0@ҮA3.W\(@(T:M,b(&7{o˥_U(0>xʻZŽ#jV NDs.Y֚tE(M[2 yCTg]Ғ Kj}q|J1.Qv\ٕƱMu}l2eo̙?7׏G^?q o#]}s>OMwv>±`!9c3\3gV(Cv Xki9x}vH@QRY uzS"Zjk{~ ^zk{egg/@3g9&@r6K~6fx1dŬl73Rk̓Igwꯪvog~_*ٿ}ijot m&T:+fs|Ã+_; 7W;Yf)>,?L\ !Qbt Hn쿘͛ _Md'kqP[oޔo~߭7\>cc~3_$m'gkw߂ϛ7o7ActA_:@O:盨^{t(LX ̯?ٿgsolgq7sm [6ϳٿqf,|Y8g_8g_p~ 8H߈Gq|aCA3/8fA3/8fA3/I|A8A w}8} At4˷yxٖJ=j_ۣ%~:[x3|.3ߗF'[6~_'zYw9ߡ-GIT&GlH$p~O+H8]zO&yI5P7OK.k%.-ܔTsSWX4li(&5 Ywf&_6=2Z|.4NA ,ҖSz>co3s\`FʲIIgv #Ϧ/)*JK;Y5X0ŪH Gpzno79d_+d"Ntd{;>)Ii^a&dRz42oFy̭D) Μ!*~YZށo8Gk_xm( Y8{i.I1TCAx4goF2)LQ/cTǴ&f[uN\l6IJj/<؅iNZ㐠h#5y44d_.sQ {C FrEJ5x|`qbO&KcmmsHLj"_ো,KwaRf^(3TP\h N94&I? :\Y,t&d6Dt.\)9HKXαnOLK*:p/{>3IRXzmuFoIȋ}t Kn?_/"߰@nd"Lu:&jmdj̗G? *UyȒ~,1QE=na9U9]-g-\S!6؇a [pr-aƏŢ3h= h-e &_BWawvJXqu)rgJIoG.ZR-˰ԭ.)YUPD dx͚DlHѱ7+9_@-hlZtk넽o%eD`Λmp޷MUUU.ԭM󐜦JJGk_tsU5ÿ";R |[=k"9}YDZd >nM[@A[ȜAf*t :1=TZ!-nנ~` _߂4\P]GU߇*:{j*-]: V쑋| > (b5HAP=t>&ռ ލ}@*`=mZ wMbނ:Q+b5*RIMP/? K,}^1Vp|v} VF &JECNAmAOŌ;C C%뇯anHzgq↎#S05\ۯwk9*<3(B:zATo QІV~y f&y|eVaZ8ΣY,6BRT.͑w}ZvȎ̐iFE1z hG^c0ii$rp1 #3x&21T⑁iO gz^spY%Ӧ*q;ȑx1VI xRfCI-rXL> h*4U .]4rբҹ,/_+W)w.vxE((I[cprgحS2O:E Miт#gȜFD%_%&~?: 6誹 cqi" scPW#ǎI2i0U*,{v4@ F9m8*E,mhE!d"#kQ|ʳ1> N ):JMJ'+3oTNi5PDy BV,)- x50DW% &V4E@ZQfb>"aܞ𩢍Q(>84VEWZ,M$+S sdJ̈́9x9DVƬ2f%1"EggT8qFL<$Y)V&f[rCV]hri"=g XsMAz> Οч 7 Kb#V!p1sNfY:䘊+Ʋ3BgE3*&W,$x6Q 148'ot^t1RX›aUe)qY ǹTmqsp2U qWR+5dިLMӹ^57?\BJLߌ3`Ypxh8j6LDTo2TuiZv1xA)uc7W͘8ThZV5^knNse\f}UT&ΛUXk\څ T3!t!Fc,v윚lY]6<[ط!RY#,-p]VDtmt Pe&QH5 Pt߂סk:OV& ׻n[ *9;+(oښjh,us͇8?ۮk;Vңwq$͸"6[Mk"5D-~}kF4ԋB or܃Yk|n"-Qrep -3pZKp[·q}^!PcY3m /5Zc9QH>y3U#=Z|r-8R>GrJI9hUj+7(},oLpj0SfA&J>p_\[cXA8`(wTxcBn 9/&ec .1jS~ TtMXR}@.uez_#nmQxh`gAM٘ˍ8/em,ǯ}- 8fgKRq(|׭i {Rp@=[KE)[aA*qNp庶#pZx۶v;:¶RQ cƣ4aYjߔ *`M'/ą7DmTDf3ƸQ{!i!L,Z!U5iW{AVVA?]zR?1]EO"նoMmHv{][UXWEﴥ۲RK4t 6-Tp f sYK]BN @+G-颔hbS@D;~;WM}{*hvU/]q$HɝpPfP-q1VI^;kvU[Yy 25-x*RY!.ZՖm{Aw@j`x7MT{$#@C | ?lUP!6eInӱ+3<'C]O&[VVmA-]TWxYC_[WdN^H|u .^ DP{r 7h#b(c{?j.eO/wjT6uIM \Hٗv_.?}s{]S*(Jqcǟ|WÞN~@mDGk#hE>p#M\ q2 I=GtS'Tyo-TSy{+bvޤkT?iD/|xÜ>HB؏x"q͵hcz;N5g@%{몦nۨG!҆@En<<0Nq|q άDW`9e<%p@섡~Lhl˛tx =yvgLRKJӥ+5xε"_pÈ@ ;O(+^v p;9;T!)Kb ς T%} x%B+DNaagAyS#lgퟠq|>$50D1("L'ЂGv4<|`Lfw$Ìl^~EA14/ZxIa$hgGw1mI=v O}Tp{ L# t&MGVa Z:HŻム/+*(0@vrРm_jTIi|a QRDPS.dInЎ< w`vds)ǰ} ^f7)D"noV t@|1:ysUouPW_1vw0qAL*=S>%=$oO #~Ti+oKZ7i=jWĥC> %eYjK>_F`XyeLFeI9ϔCg?tNzF]NjIe$w2<#S˩v83^󜋚Xj^=(mdDOrQ(\܇qPQ[umE\-$Og P\@&V[W+0EA,J(gG+JUəNs"}~)YS]6vZᕍ1 \[Mpz7GĥK{Ik]OY^y$Vmfb._=}']TbND#4:!qMwL[%~,xQtF?_ɵΌK[w_41xq8'%e:OVj(7fM ]R9 !\tXB{HkSv uo 4J!I.UP+ 8\:_Wɕ+bpYѻ w_E庥]ʴ;n6_6UidSD]t-S^m`cńwS2ҭe.n1S.Zs%$+-/& Uv!L}?JuO%ϱ8٫5:p -m!SCƳAep QP_k @' o oMZ0זB=-pmCA2F-q}g#*+Sms:|xPh `pނKDy֨{ۨf QGx]IU0v >54Yzs6~-gj={G]ԋ]0ukZ խ  wqFMwKm7*?TC1k*?Wb .# xe `55\0{t xOʰ \q M|-yϭ߈ʣ.NULŸ~@bo4>v zLo.%Fb8$H Etbd H|hqJr< X{BճoZÛH FZ. u׼Aq+Cnj\3Նujs_whO#υ]w؆Ǡpg,\pW!n#%& .T[CPU#Qle‘u1щ6U#M(2D kF_"ȪJZ5Xb /n!-]wU"~H{Ħ]̈́f7lzwPpJ1xk:4͆{3FL}-=˛2.ә ke/ϤKwF˾r%jd!SY >MRLfS@ kCp)<vE!rY,gH1d4~ @CM:Ž\-ڸeRf?4vz*(SXҳgrkΐKNzAO*ӲLv&Gy)Njf,+ml,pځX 9  sąKkm&#?~2T3ό}eu 2bUQ3NqrGEeeKSksw8QWVy92I(FsV[<2YNqB學 죮=6u86&}Dn̥e$O\@e59MՄXrsrEK&ai{z а::$ Kr]O 3W@btw"2--P춝 sp VNs/O9拤I <:viV5}{=7Ht:}:UedT.g&<_x+F /d¥Q5(?E0Ps~ꌋ8~8Y-A5rQHPRYIҩ5RW7Q虝ïOv) ݝfZ Auɧ鄁0W mnΚn8rf1A }?h qp٧7BmnzH9`RH ā Fuç~?=qǂt\¨@p1ЛIГ3 R4Q"W'i:F}ט' nInO{eçA!sy ˸ԭ^4DIh#/M`62)/0}ww<Zĉ._ItQdF沚ʗ;N"DqzyѦETpG MI>1.vC8FRs6W,L8룢m"ӂcxRwӦB_I`< "(1b, {X؜*&M?h\,o$ ,#,7XV7]OS3 KǶuB̦twџǻȵ9l0¦r_qOnyCMRSQeWT5`Gʻ1#~#fSOƽ BZt4jMW)p_/Bpl7wm6N q1c@@{0DZ露?Zg1xG!Xdrʸ~8;H% (iAGZ ۅϵSWiGwL1e; x|7N{ݲQ7d6`&Z ZҖ@vՈ7\apk `oaB. 2lnF×;N/WEcH;'%5%431H0/.-,+*)($# "@:2!!'>&<< C^p H /X2$‰~'t;_T92$c3\3gV(C99 gֳgֳ     A@  A5% 8c8c     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||S" 3MMM)))@8w4DdDd0jpppppp p@ p`p` 4ʚ;mNʚ;<4!d!dЁ 0<4ddddЁ 0<4BdBdЁ 01___PPT9n/ 0zF? %O  kdHIPAA Administrative Simplification and Nebraska SNIP (Strategic National Implementation Process) :ex% , WHIPAArLaw & Intent Who is affected Standards Current issues to track Implementation Process (SNIP) Additional resources O'HIPAA Administrative Simplification LawHealth Insurance Portability and Accountability Act of 1996  HIPAA H.R. 3103  Kasselbaum/Kennedy Bill Title II  Subtitle F  Administrative Simplification Signed into Law August 21, 1996 Public Law 104-191 Part C of Title XI of Social Security Act xDHdn$HdnWHdn=HdnnD$W>XIntent of HIPAA Reduce the costs and administrative burdens of healthcare with standardized, electronic transmission of many administrative and financial transactions. Protect the security and confidentiality of electronic health information. Enable individual to control own health information.ZWho is affected by HIPAA?Providers Health Plans Employers acting as Self Insured Groups Payers Third Party Administrators Clearinghouses All trading partners of above6(O(O[HIPAA Standards7Transactions & Code Sets Privacy Security Identifiers$Transactions and Code Sets StandardsFinal Rule Published in August 17, 2000 Federal Register Compliance is required by October 16, 2002 (October 16, 2003 by small health plans) NDC code retraction On May 29, 2001, Tommy Thompson retracted the standard of using NDCs on institutional and professional claims.6on\Transaction standards:Data Element Required vs. Conditional Formats Codes Values& . .  Transaction Sets X12 Version 4010 Claim - 837 Payment/Remit - 835 Claim Status - 276/277 Eligibility 270/271 Referral - 278 Enrollment & benefits Maintenance - 834 Premium Payments - 820 Claims Attachments - 275* First Report of Injury - 148* NCPDP * expected later...FZZZ ]Code sets StandardskService & Diagnosis Codes ICD-9-CM Volumes I, II & III CPT-4 HCPCS CDT NDC No Local Codes will be allowed\3$2 $ Information Between Health Plans! (*Coordination of Benefits Claims Processing5Is a provider required to send claims electronically?No, but if you do, they have to be HIPAA compliant. You can use a clearinghouse to handle the translation of the data from your current form into HIPAA compliant..Failure to Comply with Transactions Standards Privacy StandardsFinal Rule Published in December 28, 2000 Federal Register Compliance is required by April 14, 2003 (April 14, 2004 by small health plans) OCR issued guidance on July 6, 2001 Additional guidelines are expected bPrivacy6Summary of Privacy regulation: Consumer Control over Health Information Use and Disclosure Boundaries Ensure the Security of Protected Health Information Establish Accountability for Use and Release Balancing Public Responsibility with Privacy Protections Preserving Existing, Strong State Confidentiality Laws, a DefinitionsPrivacy is what happens to information after the appropriate person has it (I only use the data for the agreed purpose) Confidentiality is the control of the information at all times, providing  need to know access to only those appropriate Security is the enforcement and protection afforded information under both conditions nKF,kN c(Consumer Control over Health InformationNotice of Privacy Practice Patient access to their health records and right to amend Patient consent before information is released Recourse if privacy protections are violated Accounting for release of health informationeUse and Disclosure BoundarieszEnsuring that health information is not used for non-health purposes Providing the minimum amount of information necessary{{g3Ensure the Security of Protected Health InformationWAdopt written privacy procedures Train employees on privacy Designate a privacy officerXXj:Establish Accountability for Protected Health Information k8Balancing Public Responsibility with Privacy ProtectionsIn limited circumstances, the final rule permits, but does not require, covered entities to continue existing disclosures of health information for specific public responsibilities without individual authorization. "n6Preserving Existing, Strong State Confidentiality LawsNational "floor" of privacy standards that protects all Americans, but in some states individuals enjoy additional protection. Stronger state laws (like those covering mental health, HIV infection, and AIDS information) continue to apply. $"Security Standards[Proposed Rule Published in August 12, 1998 Federal Register Final Rule expected this year pSecurityThe security standard is a set of requirements with implementation features that providers, plans, and clearinghouses must include in their operations to assure that electronic health information pertaining to an individual remains secure. The standard does not reference or advocate specific technology. The standard does not address the extent to which a particular entity should implement the specific features. Individual security requirements and which technology to use is a business decision that each organization must make.  "rSecurityQBest Security is what we can do ourselves 75% of security breaches happen inside.sSecuritydAdministrative Procedures Physical Safeguards Technical Data Security Technical Security MechanismstAdministrative ProceduresCertification Chain of Trust agreement Contingency Plan Formal Mechanism for Processing Records Information Access Control Internal AudituAdministrative ProceduresPersonnel Security Security Configuration Management Security Incident Procedures Security Management Process Termination Procedures Training vPhysical SafeguardsAssigned Security Responsibility Media Controls Physical Access Controls Policy/Guideline on Workstation Use Secure Workstation Location Security Awareness TrainingwTechnical Data Security^Access Control Audit Controls Authorization Controls Data Authentication Entity AuthenticationxTechnical Security MechanismspIntegrity controls Message authentication Access controls or Encryption Entity authentication Event reporting "oZZqyTechnical Security MechanismsIn addition, if using a network for communications, the following implementation features would be in place: Alarm Audit trail Entity authentication Event reportingZzElectronic Signature`Digital Signature - Optional, but if used: Nonrepudiation User Authentication Message integrity>55_Unique Health IdentifiersProvider Will not replace TIN Will eventually replace the UPIN Employer - Will be TIN Health Plan - may include Sub ID Patient - still under discussionn 6[6 Status of IdentifiersNational Provider Proposed Rule Published in May 7, 1998 Federal Register National Employer Proposed Rule Published in June 16, 1998 Federal Register Final Rules??? `Status of IdentifiersMovement on this portion of HIPAA has not occurred Focus is on implementation of standards for data and on final privacy and security regulations (~Current Issues To TrackFederal legislation H.R. 1975 and S. 836 are in the House and Senate to delay HIPAA s administrative simplification provisions. Some members of Congress are considering overturning the privacy rule Case constitutionally challenging HIPAA SC Medical Assoc, Physicians Care Network, LA State Medical Society vs. US Dept of Health and Human Services AAPS vs. US Dept of Health and Human Services ZoZoZZZooD,(Current Issues To TrackJFinal rule on health data security Due out this year  HHS must ensure the final security rule is compatible with the final privacy rule  published in late 2000 (and likely to undergo some changes) Additional Guidance on Privacy Standards Additional code changes as implementation progressesN#ZZ^Z#(5 NOW WHAT???Where do I go from here ???pCompliance with HIPAA Administrative Simplification Nebraska SNIP (Strategic National Implementation Process):qx4(;( }Why collaborate?dImplementing HIPAA requires coordination and collaboration among trading partners There is no competitive advantage to be  HIPAA Ready , if your trading partners aren t ready Collaboration and coordination will limit costly implementation efforts Avoid the  re-inventing the wheel all over again syndrome3n3 Why collaborate?Standards are dependant on consistent policies, practices and technology among business partners Actions of a business partner may generate liabilities for one s own organization Sloppy planning and inefficient implementation will be costly to everyonex0*Key Elements for Collaborative Environment++( Trust Commitment Clear Vision!!$1Trust (z Joint ownership Joint accountability No dominant player Balanced interests No hidden agendas Neutral meeting ground JixxyD Commitment  (~ NE Health and Human Services System Key providers Leading health plans/payers Trade associations & societies Key vendors J%Yxx}6 Clear Vision (Use HIPAA as an opportunity to redesign business process Remember patient rights in process Improve efficiency of healthcare through information technology!~Regional ApproachesImplementation will occur locally Healthcare crosses local political and business boundaries National coordination and guidance will be exceedingly helpfulxBNebraska SNIP FormationBlue Cross and Blue Shield of Nebraska Health Data Management Mutual of Omaha NE Assn of Hospitals and Health Systems NE Health and Human Services System NE Medical Association8 Nebraska SNIPR & is a collaborative healthcare industry-wide process resulting in the implementation of standards and furthering the development and implementation of future standards.$9 Nebraska SNIP>Promote general healthcare industry readiness to implement HIPAA standards. Identify education and general awareness opportunities for the healthcare industry to utilize. Recommend an implementation time frame for each component of HIPAA for each stakeholder and identify the best migration paths for trading partners.??: Nebraska SNIPEstablish opportunities for collaboration, compile industry input, and document the industry  best practices . Identify resolution or next steps where there are interpretation issues or ambiguities within HIPAA standards. Serve as a resource for the healthcare industry when resolving issues arising from HIPAA implementation.GG"Nebraska SNIP ApproachFacilitate planning among: Providers Health Plans State Government Vendors Trade associations and professional societies playing a key role.:0B0B#NE SNIP Steering Committee(Goal: Develop overall strategy for addressing HIPAA compliance in an orderly & effective manner Defined Work Groups: Transactions, Codes and Identifiers Privacy Security Awareness, Education and Training\ @W@@  W$.Transactions, Codes and Identifiers Work Group// Goal: Develop consensus on sequence and timing for implementation of transactions & codes Activities Issue and publicize Target Date Guidelines Build critical mass of providers, health plans, clearinghouses, vendors and gov t agencies for transaction testing ZZV-@ @@V &Privacy Work GroupDGoal: Understand impact of final regulations Activities: Develop working knowledge of Privacy regulations and impact Determine organization s current level of HIPAA privacy compliance Develop gap analysis, checklists, and guidelines for policies & procedures to implement Privacy Standards Z'-PZ PZPZjPZZ& i    Security Work GroupBGoals: Understand HIPAA requirements for security of data and communications Activities: Investigate secure transaction & interoperability among trading partners Develop self-assessment checklist / tool to determine organization s current level of HIPAA security compliance - gap analysisZG)Pn PnPnG '*Awareness, Education & Training Work Group++$Goals: Develop programs to share HIPAA information. Collaborate with professional groups and agencies to promote and deliver programs. Activities: Survey to determine awareness and readiness. Leverage current planned activity in NE Develop Nebraska SNIP communication and information sharing |nn  QSteering Committee ContactsBrenda Block Health Data Management Corp. 402-965-8158 bblock@hdmcorp.com Kevin Conway NE Assn of Hospitals & Health Systems 402-458-4910, kconway@nahhsnet.org NESNIPSTEERING@yahoogroups.com n!n """"-""%""$"""J.Transactions, Code Sets & Identifiers Contacts// Don Butler Blue Cross and Blue Shield of Nebraska 402-398-3843, don.butler@bcbsne.com NESNIPTRANSACTIONS@yahoogroups.com NESNIPTRANSACTIONS-subscribe@yahoogroups.com Ynn$n.n  ""&""$""Q""Privacy ContactsLori Umberger, RN, BSN Creighton Cardiac Center 402-280-4603, lumberg@cardiac.creighton.edu Kathleen Zeitz Methodist Health System 402-354-2174, kzeitz@nmhs.org NESNIPPRIVACY@yahoogroups.com NESNIPPRIVACY-subscribe@yahoogroups.com n n)n""%"/""""""I"HSecurity ContactsSusan Heider Regional West Medical Center 308-635-3711, heiders@rwmc.net Sue Huenniger Mutual of Omaha 402-351-8622, sue.huenniger@mutualofomaha.com NESNIPSECURITY@yahoogroups.com NESNIPSECURITY-subscribe@yahoogroups.com n!n*n """"""""""""J"L+ Awareness, Education and Training Contacts",(+Brenda L. Block Health Data Management Corp. 402-965-8158, bblock@hdmcorp.com Rick Hain BryanLGH Medical Center 402-481-8521, rick.hain@bryanlgh.org NESNIPAWARENESS @yahoogroups.com NESNIPAWARENESS -subscribe@yahoogroups.com n"n,n""""!"" ""&"N"Nebraska SNIP ActivitiesFirst Meeting March 15, 2001 HIPAA background Other regional efforts NE SNIP mission NE SNIP organization Next NE SNIP Meeting Next NE SNIP Meeting September 18, 2001, Kearney Work Group and sub group meetings\ZbZZZ"ZbTAdditional HIPAA ResourcesHealth Insurance Portability and Accountability Act of 1996 Public law 104-191, 104th Congress, August 21, 1996 aspe.hhs.gov/admnsimp/pl104191.htm Department of Health and Human Services Administrative Simplification aspe.hhs.gov/admnsimp/index.htm Centers For Medicare and Medicaid Services (HCFA) www.hcfa.gov/hipaa/hipaahm.htm HCFA fact sheet on HIPAA s provisions www.hcfa.gov/facts/f9702as.htm HIPAA Security Accreditation information www.ehnac.org/securityaccreditation/default.html&<Z4Z#Z(ZZ Z2ZZ'ZZ)Z1Z<4#(   2  F  )0HIPAA Resources cont...<Workgroup for Electronic Data Interchange www.wedi.org/ Washington Publishing Company ANSI, ASC and X12N HIPAA Implementation Guides www.wpc-edi.com/hipaa Data Interchange Standards Association (DISA) www.disa.org/ Designated Standard Maintenance Organization (DSMO) www.hipaa-dsmo.org ANSI X12 Committee www.x12.org*/.4 */  .  4 HIPAA Resources cont...HIPAA Comply - security and privacy compliance www.hipaacomply.com Welcome to HIPAA Directory.com www.hipaadirectory.com HHS Office of Civil Rights www.hhs.gov/ocr/hipaa/ Nebraska SNIP www.nesnip.org 00      $/  ( ) *+-./347?@ACEI K!M"P#R%()*+,-Pl ` zTщ@U[|3` 3wf33f` MMM` v'Hщ@q̙` N3fщ@q` Mj*ED%щ@y` F<)$щ@c=Nf>?" dd@,?Pd@ `F `<@l``7 n?" dd@   @@``PR    @ ` ` p>> "(     BCDEF@? ))( m"V_x~eF<m:}6O+ K~zuErIi(ST@1 Z   2BCDEFy@? 11O8%. .:rT|k2Q mZPPX$Y2zt[tk$)UrUvR$wRoXO8cd@ DUZ   2BCDEF@? 11  uH5|;Oy1X~k{ mMV:~F x9u$&4&AdKVmaQ6ZE}!Xcd@vZ   2B C DEFyd@? 11V VdubjC__}u}jardx  pjNdHT  T@ rEcd@ ;D*   c BjC*DE|F? Xf>>(n^mW8@m GhGf) )+ihb#gG29Xf?@@ lZ   2BCDEFy@? 11 ~ tH5|:Ox0X}jy kMS:}C x5t#%0%>cHTk~_ O5XD|Xcd@  wZ   2B6C7DEFyd@? 112:,:]q9 42md'.u`,H/6]n]~  m$5/:OUq2cd@3 j    BC DElFtd@? hVt"+PE a*`  +8 'V^{  78@J!d   <A?   Z0gֳgֳ ?  T Click to edit Master title style! !:   Tgֳgֳ ? @  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S   Zgֳgֳ ?P  D*  Z0gֳgֳ ?   F*  Zgֳgֳ ?  F*Z  B޽h? ? zTщ@U[|3 FactoryY   @ (      BCDEF@? ))( m"V_x~eF<m:}6O+ K~zuErIi(ST@1 Z   2BCDEFy@? 11O8%. .:rT|k2Q mZPPX$Y2zt[tk$)UrUvR$wRoXO8cd@ DUZ   2BCDEF@? 11  uH5|;Oy1X~k{ mMV:~F x9u$&4&AdKVmaQ6ZE}!Xcd@vZ   2B C DEFyd@? 11V VdubjC__}u}jardx  pjNdHT  T@ rEcd@ ;D*   c BjC*DE|F? Xf>>(n^mW8@m GhGf) )+ihb#gG29Xf?@@ lZ   2BCDEFy@? 11 ~ tH5|:Ox0X}jy kMS:}C x5t#%0%>cHTk~_ O5XD|Xcd@  wZ   2B6C7DEFyd@? 112:,:]q9 42md'.u`,H/6]n]~  m$5/:OUq2cd@3 j   BC DElFtd@? hVt"+PE a*`  +8 'V^{  78@J!   BqC>DElFtd@? v?omi:ArB 5n=1 ray{-mep78@!>d  <A?  ZbYgֳgֳ ?p Y T Click to edit Master title style! !  T4xYgֳgֳ ? @p Y W#Click to edit Master subtitle style$ $  Z{Ygֳgֳ ?` Y D*  ZhYgֳgֳ ?`  Y F*  ZYgֳgֳ ?`@ Y F*T  <޽h? ? zTщ@U[|3 0 \T`(    TYgֳgֳ ?P   Y Z*    T`Ygֳgֳ ?   Y \*  j  s *1 ?  Y:  TYgֳgֳ ? @ Y RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S  ZYgֳgֳ ?`P  Y Z*    Z Ygֳgֳ ?`  Y \*  H  0޽h? ? ̙33p @8p(    TLNagֳgֳ ?P   a @*    TYgֳgֳ ?   a B*    Zgֳgֳ ?`P  Y @*    ZPagֳgֳ ?`  V B*  H  0޽h? ? ̙33 % |t0 (     T(Xgֳgֳ ? <$ 0 X H  0޽h ? zTщ@U[|3  `<(  ~  s *DW    ~  s *X  @  H  0޽h ? ̙33 # % 80Pp(  p p  ZQgֳgֳ ?     p  ZRgֳgֳ ? p<$ 0  H p 0޽h ? zTщ@U[|3  @6(  ~  s *0M    x  c $M `  H  0޽h ? ̙33  0<(  ~  s *>    ~  s *l?  @  H  0޽h ? ̙33   <(  ~  s *8    ~  s *X9  @  H  0޽h ? ___f3f  d<(  d~ d s *%    ~ d s *% @  H d 0޽h ? ___f3f  2*(  ~  s *    ~  s *  @ @  ~  s *|  @ P  H  0޽h ? ̙33  <(  ~  s *    ~  s *x  @  H  0޽h ? ̙33  <(  ~  s *    ~  s *ҹ  @  H  0޽h ? ___f3f  <(  ~  s *<    ~  s *  @  H  0޽h ? ___f3f [ 4, (  ~  s *     l P   #"]-P 4  Z͹1? jP  ZMultiple violations of an identical requirement or prohibition made during a calendar year[[ @`  ZV1?0j P  LNone @`  Zpѹ1?j0P  R Up to $25k   @`  Zd۹1? =j gSingle Violation of a provision   @`  ZPݹ1?0= j LNone @`   Z1?=0j L$100 @`    `p1? = OOffense @`    `<1?0 = Q Jail Time   @`    `X1?0= OPenalty @`xB   Ho ?rB  B1 ?==rB  B1 ?jjxB  Ho ?P P xB  Ho ?P rB  B1 ?00P rB  B1 ?  P xB  Ho ?P H  0޽h ? ___f3f  l<(  l~ l s *ඹ    ~ l s *  @  H l 0޽h ? ___f3f  <(  ~  s *d    ~  s *   @  H  0޽h ? ___f3f  <(  ~  s *    ~  s *<  @  H  0޽h ? 999MMM  <(  ~  s *<    ~  s * @  H  0޽h ? ___f3f  p<(  ~  s *h    ~  s *$  @  H  0޽h ? ___f3f  `<(  ~  s *6    ~  s * @  H  0޽h ? ___f3f  ldP$(  ~  s *     >j   $ #""@ p  Z+1?   Wrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm. @`  Z|1?  VUp to 10 years @`  Z11?   S Up to $250k   @`6  ZL<1? S  \Wrongful disclosure of individually identifiable health info committed under false pretenses]] @`  Z=1?S  U Up to 5 years @`   ZlK1?S  S Up to $100k   @`   ZdM1? S CWrongful disclosure of individually identifiable health informationDD @`   ZZ1? S T Up to 1 year   @`   Z\1?S R Up to $50k   @`   `j1?  OOffense @`   `r1?  Q Jail Time   @`   `z1? OPenalty @`xB  Ho ?rB  B1 ?rB  B1 ?SSxB  Ho ?  xB  Ho ? rB  B1 ? rB  B1 ?  xB  Ho ? rB   B1 ?  H  0޽h ? ___f3f  @<(  ~  s *    ~  s * @  H  0޽h ? ___f3f  0<(  ~  s *    ~  s *|   @  H  0޽h ? ___f3f   p<(  p~ p s *    ~ p s *x  @  H p 0޽h ? ___f3f ( 9(  ~  s *    ~  s *t  @    Z\շgֳgֳ ?p kHIPAA IS TECHNOLOGY NEUTRALH  0޽h ? ̙33  <(  ~  s *|    ~  s *8  @  H  0޽h ? ___f3f ) <(  ~  s *x    ~  s *4  @  H  0޽h ? ̙33   <(   ~   s *V   V ~   s *V  @ V H   0޽h ? ___f3f  $<(  $~ $ s *ŷ    ~ $ s *Dܷ  @  H $ 0޽h ? ___f3f  (<(  (~ ( s *η    ~ ( s *tȷ  @  H ( 0޽h ? ___f3f  ,<(  ,~ , s *ʷ    ~ , s *t˷  @  H , 0޽h ? ___f3f  0<(  0~ 0 s *    ~ 0 s *< @  H 0 0޽h ? ___f3f  4<(  4~ 4 s *\    ~ 4 s *  @  H 4 0޽h ? ___f3f  8<(  8~ 8 s *X   X ~ 8 s *X  @ X H 8 0޽h ? ___f3f  p<(  ~  s *    ~  s *  @  H  0޽h ? ̙33  `<(  ~  s *D    ~  s *  @  H  0޽h ? ___f3f  P<(  ~  s *    ~  s *؜  @  H  0޽h ? ___f3f  @H<(  H~ H s *    ~ H s *ċ  @  H H 0޽h ? ___f3f  0L<(  L~ L s *lo    ~ L s *p  @  H L 0޽h ? ___f3f  \<(  \~ \ s *w p  ~ \ s *y  @p  H \ 0޽h ? ___f3f* % zt(  t t  Zkgֳgֳ ? <$ 0  H t 0޽h ? zTщ@U[|3   % 80t(  t t  Zdgֳgֳ ?     t  Zegֳgֳ ? P<$ 0  H t 0޽h ? zTщ@U[|3  % 80(     Z^gֳgֳ ?       Zx_gֳgֳ ? P<$ 0  H  0޽h ? zTщ@U[|3  % 80(     Z4Xgֳgֳ ?        ZYgֳgֳ ? P<$ 0  H  0޽h ? zTщ@U[|3  % 80(     ZQgֳgֳ ?       ZRgֳgֳ ? P<$ 0  H  0޽h ? zTщ@U[|3  % 80$(  $ $  ZxXgֳgֳ ?   X  $  ZxXgֳgֳ ? P<$ 0 X H $ 0޽h ? zTщ@U[|3  % 80(     ZLgֳgֳ ?       ZpMgֳgֳ ? P<$ 0  H  0޽h ? zTщ@U[|3   % 80|(  | |  ZTDgֳgֳ ?     |  Z4Egֳgֳ ? @@<$ 0  H | 0޽h ? zTщ@U[|3  % 80(     Z6gֳgֳ ?       Z:gֳgֳ ? 0<$ 0  H  0޽h ? zTщ@U[|3  % 80(     ZH-gֳgֳ ?       Z(.gֳgֳ ? <$ 0  H  0޽h ? zTщ@U[|3  % 80p(     Z$gֳgֳ ?       Z'gֳgֳ ? <$ 0  H  0޽h ? zTщ@U[|3  % 80`(     ZTagֳgֳ ?   a    ZLagֳgֳ ? <$ 0 a H  0޽h ? zTщ@U[|3   % 80P(     Zgֳgֳ ? p      Zgֳgֳ ? P`<$ 0  H  0޽h ? zTщ@U[|3  % 80@(     Z gֳgֳ ? p      Zgֳgֳ ? p<$ 0  H  0޽h ? zTщ@U[|3  % 800(     Zgֳgֳ ?       Zgֳgֳ ? <$ 0  H  0޽h ? zTщ@U[|3  % 80 (     Zagֳgֳ ?    a    Zagֳgֳ ? <$ 0 a H  0޽h ? zTщ@U[|3 , % 80(     Zagֳgֳ ?   a    Zagֳgֳ ?  <$ 0 a H  0޽h ? zTщ@U[|3  % 80(     Zagֳgֳ ?   a    Zagֳgֳ ? PP<$ 0 a H  0޽h ? zTщ@U[|3 % % 80(     Zagֳgֳ ?   a    Zagֳgֳ ? PP<$ 0 a H  0޽h ? zTщ@U[|3 ! % 80<(  < <  Zagֳgֳ ?   a  <  Zagֳgֳ ? PP<$ 0 a H < 0޽h ? zTщ@U[|3 - % 80 (     ZYgֳgֳ ?   Y    ZYgֳgֳ ? PP<$ 0 Y H  0޽h ? zTщ@U[|3   % 804(  4 4  Zܸagֳgֳ ?   a  4  Zagֳgֳ ? PP<$ 0 a H 4 0޽h ? zTщ@U[|3 " % 80D(  D D  Zagֳgֳ ?   a  D  Zagֳgֳ ? PP<$ 0 a H D 0޽h ? zTщ@U[|3 + % 80(     Z$agֳgֳ ?   a    Zagֳgֳ ? 0<$ 0 a H  0޽h ? zTщ@U[|3  P<(  P~ P s *wa   a ~ P s *wa  @ a H P 0޽h ? ̙33  T<(  T~ T s *Tpa   a ~ T s *qa  @ a H T 0޽h ? ̙33  X<(  X~ X s *ia   a ~ X s *ja  @ a H X 0޽h ? ̙33> 0 P(     T1 ?   Y   TlYgֳgֳ ? @  Y  H  0޽h ? ̙33J} 0  x(  x x Z1 ?    x Zgֳgֳ ? @    H x 0޽h ? ̙33J~ 0  (    Z1 ?     ZѺgֳgֳ ? @    H  0޽h ? ̙33J 0  `(    Z1 ?     Zgֳgֳ ? @    H  0޽h ? ̙33J 0  p(    Z1 ??     Zgֳgֳ ? @    H  0޽h ? ̙33J 0  (    Z1 ??     Zgֳgֳ ? @    H  0޽h ? ̙33J 0  (    Z1 ??     Z`wgֳgֳ ? @    H  0޽h ? ̙33J 0  (    Z1 ?   a  Z(agֳgֳ ? @  a  H  0޽h ? ̙33J 0  (    Z1 ?     ZTgֳgֳ ? @    H  0޽h ? ̙33J 0  (    Z1 ?     Z(gֳgֳ ? @    H  0޽h ? ̙33J 0  (    Z1 ?     Zgֳgֳ ? @    H  0޽h