HIPAA Update

1. HIPAA Update Randy Snyder

2. Topics Today • Security Primer • Electronic Transactions Clearinghouse Update • Secure Certificates

3. Where are we at with HIPAA? • Privacy Practices • Policies and Procedures available at ISAC website • Electronic Transactions • Electronic Transaction Clearinghouse • 28E ETC via ISAC • Security Regulations (April 2005) • Policies and Procedures TBA

4. Privacy Practices • Implemented in April 2003 • Changes in Policies and Procedures • Available via ISAC Website • http://www.iowacounties.org

5. Electronic Transactions & Code Sets • October 2003 Implementation • Payers must be capable of accepting HIPAA Compliant Transactions if requested by Provider • 28E ETC (Electronic Transaction Clearinghouse) administered by ISAC • https://etc.iowacounties.org

6. 28E ETC • Available to all counties currently 65 signed up • CPC, Jail, General Assistance typical initial HIPAA users (currently inbound only) • EDI Transactions capability • Future potential other uses could include electronic ordering, invoicing and payments for use by other departments

7. ETC Features • Internet Access • SSH FTP for Providers (Medical Practitioners) • Secure Website for Counties • Option for SSH FTP for file transmissions to counties • Support by ISAC’s Tammy Norman • Voice Phone: 515-244-7181 • E-mail: tnorman@iowacounties.org • Secure Hosting Facility by Quilogy

8. Processes 837/835 Claims 277/276 Eligibility 270/271 Status Multiple Dept Capable Requires separate Taxpayer Identification Number Internal Process Independent Printable Transactions Auditable Transaction Numbers E-Mail Notification Future updates/ changes dependent on County input ETC Features cont.

9. Security Regulations Compliance • April 2005 Compliance Date • Policies and Procedures being developed by HIPAA Security Committee (Chaired by Jim Rice, Cerro Gordo) • To be published via ISAC Website

10. Assign Security Officer Role Establish Policies and Procedures Look for Boilerplates on ISAC Website Perform Risk Assessment Resolve Findings in Risk Assessment Develop & Implement Risk Mgmt Plan Continuity Plan Disaster Recovery Data Backup Security Procedures Server/Workstation Network Infrastructure Physical/Logical Security Action Plan

11. Components of Security • People • Awareness • Competency • Process • Policies • Procedures • Technology • Perimeter Hardening • Critical Core Strengthening

12. Resources • ISAC • www.iowacounties.org • ICIT • www.icit.state.ia.us • SNIP • www.wedi.org/snip/

13. Questions?