1 / 16

National Governor’s Association “Preparing State Government for HIPAA”

HIPAA - The North Carolina Experience. National Governor’s Association “Preparing State Government for HIPAA”. Presented by: Sarah Brooks and Karen Tomczak NC DHHS April 3, 2003. In the beginning…. NC Statewide Initiative. Statewide Assessment Project

max
Télécharger la présentation

National Governor’s Association “Preparing State Government for HIPAA”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA - The North Carolina Experience National Governor’s Association “Preparing State Government for HIPAA” Presented by: Sarah Brooks and Karen Tomczak NC DHHS April 3, 2003 Slide 1NC DHHS HIPAA Office

  2. In the beginning… Slide 2NC DHHS HIPAA Office

  3. NC Statewide Initiative • Statewide Assessment Project • Identify and document HIPAA requirements • Report to the legislature • Managed by DHHS • Directed by budget office, state CIO, DHHS • Statewide assessment (by agency) • Developed common assessment tools • Recommended timelines • Assisted with implementation budgets • Reported to the legislature Slide 3NC DHHS HIPAA Office

  4. Legislative Report • Assessed 42 entities (including 480 divisions) • State agencies • Universities • Community colleges • Boards/commissions • 21 percent were covered, hybrid entities • 7 percent were business associates, trading partners Slide 4NC DHHS HIPAA Office

  5. Statewide Impact • Covered Entities • State Health Plan (includes HealthChoice for Children) • UNC Health Care • Business Associates • Department of Justice • Office of the State Auditor • Office of the Controller • Hybrid Entities • Dept of Administration • Dept of Correction • Dept of Health and Human Services • Office of Information Technology Services* • East Carolina University • University of NC at Chapel Hill • University of NC at Greensboro Slide 5NC DHHS HIPAA Office

  6. Medicaid Public health State Lab State Center for Health Statistics Local health services Children’s special health services Developmental education clinics (13) Education School for the blind (1) Schools for the deaf (2) Mental health, substance abuse State mental hospitals, substance abuse, nursing (7) Mental retardation centers (5) Adol treatment programs (2) Other divisions Controller’s Office Information Resource Mgmt Communications Internal Auditor Research, Demonstrations, and Rural Health Development DHHS Impact Slide 6NC DHHS HIPAA Office

  7. Surprises • Number of Impacted Agencies Was Smaller Than Originally Anticipated • Change in “health plan” definition (major factor) • Introduction of “hybrid entity” concept • Exemption of education-related facilities (FERPA) • Long Delay of Security Regulations • State Budget Crisis Impact to HIPAA Funding • Statewide HIPAA office (Senate Bill 1115) Slide 7NC DHHS HIPAA Office

  8. Redefining “Reasonable” Slide 8NC DHHS HIPAA Office

  9. Impact of Not Complying • Possible Litigation • Potential Withholding of Federal Medicaid and Medicare Funds • Federal Medicaid Share in NC in @ 4.5 billion • In DHHS, more than $300 million in revenues at risk • Penalties • Civil Monetary for Violations of Each Standard • Wrongful Disclosure of Protected Health Information Slide 9NC DHHS HIPAA Office

  10. Complaint Driven Cure Period Compliance Audits - Not for a While Direction from OCR and CMS Slide 10NC DHHS HIPAA Office

  11. Cost Schedule Quality Optimal In Compliance Tolerable Bare Minimum Partial Reasonable vs. The Best • Draw the Line Between “Compliance” and “Non-compliance” • Examine remaining compliance activities to determine whether a graduated approach can be applied • Standards are fixed but the level and degree of remediation are self-directed • Try not to set goals that are unattainable given existing personnel and financial constraints Graduated Levels of Compliance Slide 11NC DHHS HIPAA Office

  12. Rethinking of Concepts Physical, Administrative, and Technical Safeguards under Privacy Access Controls Physical Security Reduce scope of Privacy Policies Apply policies that reflect best business practices to all DHHS agencies Apply HIPAA specific policies (e.g., Notice) to covered components only Delay Security until after July 2003 Apply limited resources to Transactions, Code Sets, and Privacy in 2001-2003 Reasonable vs. The Best Slide 12NC DHHS HIPAA Office

  13. Concentrate on Privacy Policies With Specific Impacts to Consumers Initially Perform ‘General’ Staff Training Before 4/14/03 Evaluate training methodologies Provide training in cost-effective forum Training Booklet - self instructional Web-based training Video Instructor led After Development of All Privacy Policies, Follow up With More Specific, Focused Training Reasonable vs. The Best Slide 13NC DHHS HIPAA Office

  14. DHHS Priorities (FY2003) • Addressing critical needs • Developing privacy policies (DHHS) • Developing training tools (templates, guidance) • Implementing business associate contracts • Focusing resources on core requirements • Scope reductions • Eliminated staff to assist with end-user training • Eliminated compliance verification program • Discontinued security activities • Eliminated new positions (Security & Privacy Officers) • Reduced existing staff (HIPAA office, applications) Slide 14NC DHHS HIPAA Office

  15. HIPAA GIVEShttp://www.hipaagives.org GovernmentInformationValueExchange forStates • Internet-based forum for states to resolve HIPAA-related issues • Information clearinghouse • All states have joined Slide 15NC DHHS HIPAA Office

  16. Other Resources • North Carolina Healthcare Information and Communications Alliance (http://www.nchica.org) • NC DHHS’ HIPAA Office (http://www.dirm/state.nc.us/hipaa/) • HHS Office for Civil Rights (OCR) (http://www.hhs.gov/ocr/hipaa/) • Centers for Medicare and Medicaid Services (http://www.cms.gov/hipaa) Slide 16NC DHHS HIPAA Office

More Related