Data file.technical drs.hipaa presentation may 2011
-
Upload
technical-doctors -
Category
Technology
-
view
415 -
download
1
Transcript of Data file.technical drs.hipaa presentation may 2011
Notification of BreachRelease of Information Discussion
Presented By: Janine Akers from DataFile Technologies
Technical Doctor, Inc.Connecting Technology & Professionals
About DataFile TechnologiesAbout DataFile Technologies
•Privately Held Kansas City Company
•Work with Major EMRs•Work with Major EMRs
•National Partnership with Multiple Companies
Technical Doctor, Inc.Connecting Technology & Professionals
OverviewOverview
• HITECH Act Changes to HIPAA gNotification of Breach
• Release of Information Best Practice Resources
• How our eROI Services can work for You.
Technical Doctor, Inc.Connecting Technology & Professionals
Notification of BreachNotification of Breach
Do we need Do we need to notify a to notify a patient?patient?patient?patient?
Technical Doctor, Inc.Connecting Technology & Professionals
HITECH Historical ViewHITECH Historical View
Brief History of HITECH Act Subtitle D—13400’s Section
August 2009 1st Set of Proposed Rules for HIPAA Privacy1st Set of Proposed Rules for HIPAA Privacy, Security and Enforcement Rules
F b 2010February 2010Above proposed rules are finalized
July 2010Above final was recalled and 2nd set of
d l bli h dTechnical Doctor, Inc.Connecting Technology & Professionals
proposed rules were published
HITECH Proposed ChangesHITECH Proposed Changes
Changes Proposed in Current Comment Period
Notice of Privacy Practices
Changes to definition of medical necessity
Immunization records & deceased records
Definitions of electronic media
Technical Doctor, Inc.Connecting Technology & Professionals
Breaches – Guidance for Significant Risk
What is a Breach?What is a Breach?
How does HITECH Act define a breach?
Was the protected health information secure?
Do one of the exclusions apply?
Is there a significant risk of financial, reputational, or other harm to the individual?
Technical Doctor, Inc.Connecting Technology & Professionals
The ExclusionsThe Exclusions
What are the exclusions provided by HITECH?Workforce useWorkforce use• Unintentional acquisition, access or use of PHI by a
workforce member if the PHI is not further used or disclosed in a manner that violates the Privacy Ruledisclosed in a manner that violates the Privacy Rule
Workforce disclosure• Unintentional disclosure of PHI by a workforce member to
another workforce member if the PHI is not further used oranother workforce member if the PHI is not further used or disclosed in a manner that violates the Privacy Rule
No way to retain the informationU th i d di l t hi h th CE BA h d• Unauthorized disclosure to which the CE or BA has a good faith belief that the unauthorized person to whom the PHI is disclosed would not reasonably have been able to retain info.
Technical Doctor, Inc.Connecting Technology & Professionals
Guidance for Significant RiskGuidance for Significant Risk
What guidance is provided by HITECH?
Covered Entity to Covered Entity• Inadvertent disclosure of PHI from one covered entity or BA y
employee to another similarly situated covered entity or BA employee, provided that PHI is not further used or disclosed in any manner that violates the Privacy Rule.
Immediate steps to mitigateImmediate steps to mitigate• Were immediate steps taken to mitigate the harm including
return or destruction of the information and a written confidentiality agreement ?confidentiality agreement ?
Types of information included• Was the information disclosed limited to the name of the
indi id al or a limited data set?
Technical Doctor, Inc.Connecting Technology & Professionals
individual or a limited data set?
Notification ComponentsNotification Components
What are the required notification components?
A description of what happened including the date of breach and date of discoveryyA description of the types of PHI involvedSteps the individual should take to protect themselvesSteps taken by the provider to investigate, mitigate and protect against further disclosuremitigate and protect against further disclosureContact information for questions including a toll-free telephone number, email address,
b it t l ddTechnical Doctor, Inc.Connecting Technology & Professionals
website or postal address
Example Letter of NotificationExample Letter of Notification
Technical Doctor, Inc.Connecting Technology & Professionals
Penalties & ReportingPenalties & Reporting
What are the penalties & reporting obligations?D fi d d t d b k i F b 2009 iDefined and enacted back in February 2009 in original ARRA/HITECH Act - HIPAA Section to apply to both the Breach and the Notification
Nature of Violation Fine Per Violation Annual Maximum
Unknowing $100 $25,000Reasonable Cause $1,000 $100,000Willful Neglect $10 000 $250 000Willful Neglect $10,000 $250,000Willful Neglect Not Corrected
$50,000 $1,500,000
Technical Doctor, Inc.Connecting Technology & Professionals
Reporting ReferenceReporting Reference
Date PatientRecords
Originated from Clinic
Authorized Recipient
Incident How mistake happened Mistake discovered Mistake rectified and NotificationProactive approach for preventive
measures
DatePatient Name & DOB
Medical Practice
RequestorDescription of the unique
After it has been brought to our attention that there has been an oversight, mistake, or HIPAA
violation (regardless of how big or small)‐we will document, research and come to understand what
Starting with date and resource, describe in
detail how this mistake
Starting with date and name of employee initiating report and
correcting the problem, describe in detail actions t k t t th
Starting with date and supervisor’s name, document how we will use this occurrence to train the entire staff regarding our best practice procedures to
DOB occurrence. happened and describe in detail how
this occurred. Include date and employee names involved in the
communication trail.
was discovered.taken to correct the
problem and how patient and covered entity were
notified.
p pprevent the possibility of a
similar occurrence happening again.
Technical Doctor, Inc.Connecting Technology & Professionals
Limit Your LiabilityLimit Your Liability
• Staff training
• Process improvement
• Transfer the liabilityy
Technical Doctor, Inc.Connecting Technology & Professionals
Why DataFile?Why DataFile?
Improve customer serviceImprove customer service
Mitigate risk
Offer rapid responsep p
Eliminate training expenses
Take fewer calls
Technical Doctor, Inc.Connecting Technology & Professionals
DataFile Technologies eROIDataFile Technologies eROI
How do our services work?
Technical Doctor, Inc.Connecting Technology & Professionals
How It Works: Step 1How It Works: Step 1
1. Establish HIPAA1. Establish HIPAA secure network connectionsecure network connection
Technical Doctor, Inc.Connecting Technology & Professionals
How It Works: Step 2How It Works: Step 2
2. Set2. Set up a User in the EMR for “DataFile”up a User in the EMR for “DataFile”
Technical Doctor, Inc.Connecting Technology & Professionals
How It Works: Step 3How It Works: Step 3
33. Scan/attach appropriate Patient. Scan/attach appropriate Patient and Task or Message to user and Task or Message to user “DataFile”“DataFile”
Technical Doctor, Inc.Connecting Technology & Professionals
Start a Request to DataFileStart a Request to DataFile
Technical Doctor, Inc.Connecting Technology & Professionals
Status Update on RequestStatus Update on Request
Technical Doctor, Inc.Connecting Technology & Professionals
The Brass TacksThe Brass Tacks
What is the cost for eROI services?T i ll NONE• Typically…
• The variables involved in eROI
NONE
include – Specialty
Number of Providers
• Providers can maximize service while
– Number of Providers– State
Providers can maximize service whileeliminating costs with eROI services
Technical Doctor, Inc.Connecting Technology & Professionals
Questions & Thank YouQuestions & Thank You
Janine B. Akers, MBADataFile Technologies, LLC
[email protected]‐437‐9134
Technical Doctor, Inc.Connecting Technology & Professionals