|
|
|
Online Security, a global provider of computer forensics and information technology risk mitigation since 1997
|
|
Go back
| |
 |
The HIPAA Implementation Newsletter Issue #34 - May 17, 2002
|
|
| |
The HIPAA Implementation Newsletter
Issue #34 – May 17, 2002
| HHS Dates | Privacy Training | Internet Marketing | Security | IT Mgt Survey |
Posted: May 20 2002
Hal Amens
HHS Estimated Publication Dates
The Department of Health and Human Services' Semiannual Regulatory Agenda published in the Federal Register for May 13, includes updates on the status of some of the HIPAA Administrative Simplification requirements. HHS is required to publish a realistic forecast of the rulemaking activities that the Department will engage in over the next 12 months. The estimated publication dates are:
· Employer Identifier Final Rule - June 2002
· Security Final Rule - August 2002
· Modifications & Revisions to TCS Standards NPRMs - June 2002
· Claims Attachments NPRM - August 2002
· Health Plan Identifier NPRM - August 2002
· Next Action on the Privacy NPRM Undetermined
www.hipaadvisory.com/news
frwebgate.access.gpo.gov
---------------
Privacy: Training
The Privacy Regulations require training on policies and procedures related to protected Health care information: “(b)(1) Standard: training. A covered entity must train ALL members of its workforce [Workforce means employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity] on the policies and procedures with respect to protected health information required by this subpart, as necessary and appropriate for the members of the workforce to carry out their function within the covered entity.”
And, the training must be provided by the compliance date for the privacy regulations. New employees must be trained within a “reasonable period of time.” When a change in the regulations causes a change in policies and procedures, employees affected must be re-trained within a “reasonable period of time.” And, you must document when the training was given.
There is a significant administrative process required to map regulations to your organization’s policies and procedures and to then map policies and procedures to employees [more accurately members of the workforce] “as necessary and appropriate … to carry out their functions.” The maps must to be kept current as regulations, policies, procedures, job duties and job assignments change. A particularly troublesome area will be temporary assignments where the employee’s job functions and roles may change enough to require additional training.
Some issues that should be considered now:
* Checking current computerized employee records to identify options to add and maintain information about training that is required and that has been completed, and then develop a system solution as required.
* Reviewing current job classifications to determine whether they provide information adequate to determine who will require training in specific policies or set of policies and procedures, the extent of training that is“appropriate,” and then develop solutions as required.
* Identifying the information requirement to establish and maintain the relationships between regulations, policies, procedures, job classifications and employee job functions, (including eligibility for temporary assignments to other jobs) and then begin the selection or development of a system solution.
* Establish a working relationship between the people working on these topics and the people reviewing/developing policies and procedures to assure that the policies and procedures provide the information required to implement the solutions.
* By the way, do not forget to include provision for the tracking of sanctions for the violation of policies and procedures as required by the regulations.
* Develop a high level training plan to assure that you have time to identify training requirements, develop training material and find time in busy schedules to conduct training by April 14, 2003.
More at: § 160.103 Definitions and § 164.530 Administrative requirements
aspe.hhs.gov
---------------
Privacy: Summaries of State Laws
The Health Privacy Project has released revised summaries of the health privacy statutes of nine states: Arkansas, Arizona, Colorado, District of Columbia, Florida, Idaho, Michigan, Minnesota, and New York. These updated summaries reflect changes in state health privacy statutes that have been made since our original report, The State of Health Privacy: An Uneven Terrain (A Comprehensive Survey of State Health Privacy Statutes), was published in 1999. We will continue to issue updated state summaries over the next few months.
“It is important to note that these are summaries of state statutes. In general, we did not research or include regulations or common law, both of which ultimately must be understood in order to appreciate the full range of protections at the state level. The summaries focus predominantly on the use and disclosure of information gathered and shared in the context of providing and paying for health care. Furthermore, we have not analyzed how these state laws will interact with the federal health privacy rule issued by the U.S. Department of Health and Human Services. We are extremely grateful to the Robert Wood Johnson Foundation for supporting this initiative.”
More at: www.healthprivacy.org
---------------
Internet: Permission Based Marketing
“For millions of chronic disease sufferers, staying abreast of the latest findings on their medical conditions has been nearly as challenging as living with the disease itself. …But as with so many other areas, the Internet is changing all that. Consumers are taking more responsibility for their health. They're using the Internet to find alternative medications, treatments and practitioners. In fact, Cyber Dialogue, an Internet customer relationship management company, estimates that more than 25 million Americans-or nearly half of all U.S. adults currently online use the Internet to access medical information. That number is expected to grow to 88.5 million by 2005. The healthcare industry is paying close attention.
“… a return-on-investment analysis shows that a dramatic gap divides online versus off-line [advertising] effectiveness. While drug manufacturers spent an average of $220 on print ads and $197 on TV ads to drive a single, specific drug request by a consumer, it took just $14 of spending on the Internet to drive a similar request.
“How are pharmaceutical companies reaching an obviously receptive online audience? Primarily through "permission marketing," …Here's how it works: Healthcare organizations ask their patients if they would like to receive timely, relevant information on a medical issue that concerns them, such as asthma. Patients who give permission are placed on an e-mailing list. Pharmaceutical companies are able to purchase this targeted mailing list and send informational
e-mails on their products or services to individuals on the list. Drug makers pay the sponsoring healthcare organization as much as $3 per hit. Privacy issues are of significant concern is this arena, however. Naturally, permission-marketing campaigns must assure participants complete privacy and anonymity. They must promise that only specific information sometimes as basic as name, education level and age-will be distributed to vendors. Furthermore, these promises are required by the federally mandated Health Insurance Portability and Accountability Act.
“With these protections in place, permission marketing can become a valuable disease-management tool. Consumers clearly want more information on the health issues that concern them. Permission marketing can bring this data to them in a very secure, polite, non-threatening manner.
More at: www.healthleaders.com
---------------
Use of email by Physicians
E-mail improves physician/patient communication, but increases staff workload. Physicians are more amenable to e-mail communication with patients when using a triage system, in which nurses and other staff members first sort the messages and pass them on to physicians as appropriate, according to the first large study of physician/patient e-mail. … patients who used e-mail were not the same patients who frequently called or visited their physicians, said Dr.
Steven Katz, director of the study. Instead, they were “new communicators taking advantage of a new way to reach their doctor,” Katz said.
More at: www.ihealthbeat.org
---------------
Security: Palm Pilots
“Companies face many snares, some of which are hidden, when protecting sensitive information and maintaining security, said lawyers addressing the Massachusetts Software and Internet Council. "I was amused to read in the paper that the Harvard Medical School was giving PalmPilots out to all its medical students," said David S. Szabo, a lawyer at Boston firm Nutter, McClennen & Fish LLP. "This is a radioactive device filled with medical data." Szabo said that it's impossible to guess the school's liability if one of the devices were lost or stolen. HIPAA Privacy rules say such data has to be protected. The question, he said, then arises: What would constitute protection in such a case?
More at: www.cnn.com
---------------
Transactions: Permutations
FYI - with the 837I alone there are about 68 permutations of claim submission types that can trigger the use (or not) of over 750 situational data elements - most of which would need to be accommodate in the business process. And then there is the testing process...
Tom Hanks
Director Client Services
Health Care Practice
PricewaterhouseCoopers LLP
From: HIPAAlive! Phoenix Health Systems/HIPAAdvisory.com
---------------
Consulting Arms to Wave Goodbye
“Two major accounting firms whose consulting operations are prominent names in health care information technology are spinning off their consulting businesses. New York-based PricewaterhouseCoopers announced plans for an initial public stock offering for PwCC Limited, the new name for PwC Consulting, the firm’s consulting arm. The move will affect all management consulting and technology services businesses. New York-based Deloitte & Touche is expected to follow suit sometime in June, spinning off Deloitte Consulting, its consulting division. The moves have been widely anticipated as some of the largest accounting firms seek to separate their bookkeeping and consulting services as a result of Arthur Andersen’s plight in the Enron scandal.
More at: www.healthdatamanagement.com
---------------
Healthcare IT Management Satisfaction
“The first HIMSS/Hersher Associates, Ltd. Survey, which includes responses from over 360 individuals, suggests that salary and career growth are top considerations used to evaluate satisfaction. Work/life issues are mixed and benefits are the least important among considerations.
“Respondents most frequently identified salary as an item they evaluate regarding satisfaction level with their current position. Forty percent of respondents believed they were not paid market value. Respondents most frequently cited career growth as the reason they left their last position. Fifty-four percent indicated future career growth opportunities would improve their
satisfaction with their current position. This is also a top consideration when making a decision to accept a new position.
“Respondents who rate their superiors as good coaches/mentors are more likely to be satisfied in their jobs than are individuals who feel that their superiors make poor coaches/mentors.
“Almost two-thirds of the survey respondents, 67%, were from healthcare provider organizations. Another 12% represented consulting firms. The remaining respondents were from a variety of organizations, including vendor firms, managed care/insurance companies, military/VA/government facilities, and academic institutions. Over two-thirds of the respondents (68%) have been in the healthcare IT industry for ten years or more. The majority of the respondents have been in their current position for four years or less.”
More at: www.himss.org
---------------
Update
We have added:
Links to HIPAA Comply Assistant by Blass Consulting, LLC and HIPAA Comply Online on the Tools Page
lpf.com
---------------
HIPAA Conferences
Emerging Technologies and Healthcare Innovations Congress – ETHIC 2002 June
19-21, 2002 Washington D.C. Includes a HIPAA Compliance track
www.ethic2002.com
HIPAA Colloquium at Harvard University, August 10 - 23, 2002, in Cambridge, MA
Information about last years Colloquium www.ehc-info.com
---------------
The HIPAA Implementation Newsletter is published periodically by Lyon, Popanz & Forester. Copyright 2002,
All Rights Reserved. Issues are posted on the Web at lpf.com/hipaa concurrent with email distribution. Past issues are also available there. Edited by Hal Amens hal@lpf.com
Information in the HIPAA Implementation newsletter is based on our experience as management consultants and sources we consider reliable. There are no further warranties about accuracy or applicability. It contains neither legal nor financial advice. For that, consult appropriate professionals.
Lyon, Popanz & Forester lpf.com is a management consulting firm that designs and manages projects that solve management problems. Planning, and project management for HIPAA are areas of special interest.
Go Top
|
|
|
|
