This document provides guidance on developing contingency plans to address critical business processes that support HIPAA transactions. It defines key terms like contingency planning, disaster recovery planning, and continuity of operations plans. It discusses performing a risk analysis to identify critical processes and potential failures. Alternatives and workarounds are identified for different scenarios. The document provides guidance on developing a continuity of operations plan, including identifying triggers, response teams, procedures, training, and updating the plan over time. It emphasizes the importance of testing contingency plans periodically.
You want to learn how to rank your equipment based on criticality then this chapter from the "Rules of Thumb for Maintenance and Reliability Engineers Handbook.
This document will describe the structured evaluation methodology used to “Identify Critical Equipment”. Criticality Analysis identifies the assets which contribute the most asset reliability, throughput, safety, etc. Without an effective criticality analysis an organization lacks focus on what assets contribute the most to their business.
If you have questions about asset criticality analysis send an email to Ricky Smith at askrickysmith@gmail,com
I designed this Tool Box Talk to hopefully help people understand more about asset criticality and why it needs to be developed a specific way in order to manage asset health effectively. Let's make the right decision at the right time on the right asset.
You want to learn how to rank your equipment based on criticality then this chapter from the "Rules of Thumb for Maintenance and Reliability Engineers Handbook.
This document will describe the structured evaluation methodology used to “Identify Critical Equipment”. Criticality Analysis identifies the assets which contribute the most asset reliability, throughput, safety, etc. Without an effective criticality analysis an organization lacks focus on what assets contribute the most to their business.
If you have questions about asset criticality analysis send an email to Ricky Smith at askrickysmith@gmail,com
I designed this Tool Box Talk to hopefully help people understand more about asset criticality and why it needs to be developed a specific way in order to manage asset health effectively. Let's make the right decision at the right time on the right asset.
Don’t wait for Disaster to Strike! Be Prepared with Business Continuity Plans SRIIA Technologies, Inc.
A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity
Source: http://en.wikipedia.org/wiki/Disaster_recovery
Project risk management: Techniques and strategiesDebashishDas49
Risk identification techniques and mitigation techniques in the present dynamic scenario of the industry is described here. Also, the recent research area and probable topics that one could choose as a Ph.D. topic are described briefly.
This complete presentation has a set of thirty two slides to show your mastery of the subject. Use this ready-made PowerPoint presentation to present before your internal teams or the audience. All presentation designs in this Risk Analysis PowerPoint Presentation Slides have been crafted by our team of expert PowerPoint designers using the best of PPT templates, images, data-driven graphs and vector icons. The content has been well-researched by our team of business researchers. The biggest advantage of downloading this deck is that it is fully editable in PowerPoint. You can change the colors, font and text without any hassle to suit your business needs.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here
http://flevy.com/browse/business-document/itil-incident-management-workflow--process-guide-3020
DOCUMENT DESCRIPTION
This document establishes an Incident Management (IM) process according to ITIL v3 best practice and ISO 20000. (Word document including Visio diagram of the process)
This document introduces the Incident Management process Framework; the workflow, roles and responsibilities, RACI Matrix, KPIs, metrics, procedures, and policies needed to implement a high quality process.
Document contains suggested templates for:
Incident Life-cycle stages
Prioritization Matrix
Categorization
Incident Closure codes
Functional and Hierarchic Escalation Matrix
Major Incident Procedure
Reporting
Increasing the Probability of Project SuccessGlen Alleman
Risk Management is essential for development and production programs. Information about key cost, performance and schedule attributes are often uncertain or unknown until late in the program.
Risk issues that can be identified early in the program, which may potentially impact the program, termed Known Unknowns, can be alleviated with good risk management. -- Effective Risk Management 2nd Edition, Page 1, Edmund Conrow, American Institute of Aeronautics and Astronautics, 2003
Don’t wait for Disaster to Strike! Be Prepared with Business Continuity Plans SRIIA Technologies, Inc.
A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity
Source: http://en.wikipedia.org/wiki/Disaster_recovery
Project risk management: Techniques and strategiesDebashishDas49
Risk identification techniques and mitigation techniques in the present dynamic scenario of the industry is described here. Also, the recent research area and probable topics that one could choose as a Ph.D. topic are described briefly.
This complete presentation has a set of thirty two slides to show your mastery of the subject. Use this ready-made PowerPoint presentation to present before your internal teams or the audience. All presentation designs in this Risk Analysis PowerPoint Presentation Slides have been crafted by our team of expert PowerPoint designers using the best of PPT templates, images, data-driven graphs and vector icons. The content has been well-researched by our team of business researchers. The biggest advantage of downloading this deck is that it is fully editable in PowerPoint. You can change the colors, font and text without any hassle to suit your business needs.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here
http://flevy.com/browse/business-document/itil-incident-management-workflow--process-guide-3020
DOCUMENT DESCRIPTION
This document establishes an Incident Management (IM) process according to ITIL v3 best practice and ISO 20000. (Word document including Visio diagram of the process)
This document introduces the Incident Management process Framework; the workflow, roles and responsibilities, RACI Matrix, KPIs, metrics, procedures, and policies needed to implement a high quality process.
Document contains suggested templates for:
Incident Life-cycle stages
Prioritization Matrix
Categorization
Incident Closure codes
Functional and Hierarchic Escalation Matrix
Major Incident Procedure
Reporting
Increasing the Probability of Project SuccessGlen Alleman
Risk Management is essential for development and production programs. Information about key cost, performance and schedule attributes are often uncertain or unknown until late in the program.
Risk issues that can be identified early in the program, which may potentially impact the program, termed Known Unknowns, can be alleviated with good risk management. -- Effective Risk Management 2nd Edition, Page 1, Edmund Conrow, American Institute of Aeronautics and Astronautics, 2003
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
A business continuity plan (8CP) is a document that includes the key info a company requires to continue running in the case of a crisis.
A business continuity plan incorporates preparations for business operations, capital, people personnel, and strategic partners - any component
of the firm which could be affected. It describes how well a company will keep running through an unforeseen interruption in operation.
What is the purpose of a business continuity plan?
The business continuity plan outlines the fundamental operations of the company, points out the systems and procedures that should be
maintained, and provides instructions regarding how to do so. It ought to account for any potential turbulence in the organization.
A business continuity plan addresses vulnerabilities such as computer hacking, epidemics, natural calamities, and human negligence. A business
continuity plan is essential for an organization to possess to maintain its viability and credibility given the variety of potential hazards. A sound
business continuity plan reduces the likelihood of expensive IT or brownouts.
The strategy is frequently made by IT professionals. The executive staff, on the other hand, takes a role in the process and contributes to the control
and expertise of the business. They likewise see to it that the business continuity plan is frequently updated.
5 forces incident problem mgmt-presentationAnna Sadokhina
Academic course: Business Process Management and Modelling
Process improvements and new processes design for IT-department of Leroy Merlin Italia with the focus on Incident and Problem management.
Activities: Analysis and organization for process improvements for currently existing incident management process, strategies proposals for smooth process improvements implementation. Analysis, description, mapping, design and modelling (with use of ARIS platform) of Problem Management processes from scratch.
Corporate Disaster Prevention And Preparedness PowerPoint Presentation Slides SlideTeam
Presenting this set of slides with name - Corporate Disaster Prevention And Preparedness Powerpoint Presentation Slides. This complete deck is oriented to make sure you do not lag in your presentations. Our creatively crafted slides come with apt research and planning. This exclusive deck with thirty two slides is here to help you to strategize, plan, analyse, or segment the topic with clear understanding and apprehension. Utilize ready to use presentation slides on Corporate Disaster Prevention And Preparedness Powerpoint Presentation Slides with all sorts of editable templates, charts and graphs, overviews, analysis templates. It is usable for marking important decisions and covering critical issues. Display and present all possible kinds of underlying nuances, progress factors for an all inclusive presentation for the teams. This presentation deck can be used by all professionals, managers, individuals, internal external teams involved in any company organization.
Business continuity and disaster recovery are not the same but complement each other. Planning on BCP and DRP is necessary for all business. This slide contains information on how to achieve and maintain them.
An Introduction to Business Contingency Planning for the New Planner
You can download additional resources here: https://intrustcloud-my.sharepoint.com/personal/tim_rettig_intrust-it_com/_layouts/15/guestaccess.aspx?guestaccesstoken=H62iIK9BNH6l%2fLt%2bxDK4AXZhOHk%2fpu3rQ%2fl84I6ijd4%3d&docid=0c3b81a446d4c42f9bedff529b6b413c1
Adverse Event or Near Miss Analysis DetailsAt.docxcoubroughcosta
Adverse Event or Near Miss Analysis
Details
Attempt 1Available
Attempt 2NotAvailable
Attempt 3NotAvailable
Toggle Drawer
Overview
Write a 5–7-page a comprehensive analysis on an adverse event or near miss from your professional nursing experience. Integrate research and data on the event and use as a basis to propose a quality improvement (QI) initiative in your current organization.
Health care organizations strive for a culture of safety. Yet despite technological advances, quality care initiatives, oversight, ongoing education and training, laws, legislation and regulations, medical errors continue to occur. Some are small and easily remedied with the patient unaware of the infraction. Others can be catastrophic and irreversible, altering the lives of patients and their caregivers and unleashing massive reforms and costly litigation.
Show More
Toggle Drawer
Context
The purpose of the report is to assess whether specific quality indicators point to improved patient safety, quality of care, cost and efficiency goals, and other desired metrics. Nurses and other health professionals with specializations and/or interest in the condition, disease, or the selected issue are your target audience.
Toggle Drawer
Questions to Consider
As you prepare to complete this assessment, you may want to think about other related issues to deepen your understanding or broaden your viewpoint. You are encouraged to consider the questions below and discuss them with a fellow learner, a work associate, an interested friend, or a member of your professional community. Note that these questions are for your own development and exploration and do not need to be completed or submitted as part of your assessment.
Show More
Toggle Drawer
Resources
Required Resources
MSN Program Journey
The following is a useful map that will guide you as you continue your MSN program. This map gives you an overview of all the steps required to prepare for your practicum and to complete your degree. It also outlines the support that will be available to you along the way.
MSN Program Journey
|
Transcript
.
Show More
Assessment Instructions
Preparation
Prepare a comprehensive analysis on an adverse event or near-miss from your professional nursing experience that you or a peer experienced. Integrate research and data on the event and use as a basis to propose a Quality Improvement (QI) initiative in your current organization.
Note
: Remember, you can submit all, or a portion of, your draft to Smarthinking for feedback, before you submit the final version of your analysis for this assessment. However, be mindful of the turnaround time for receiving feedback, if you plan on using this free service.
The numbered points below correspond to grading criteria in the scoring guide. The bullets below each grading criterion further delineate tasks to fulfill the assessment requirements. Be s.
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
1. Contingency Planning:
Addressing Critical Business
Processes That Support
Implementation of
HIPAA Transactions
Marie Margiottiello, CMS
Henry Chao, CMS
February 12, 2003
New Orleans
2. Overview
� Definitions
� Risk Analysis
� Analyzing Risk Relative to HIPAA Impact
� Identification of Critical Business Processes
� Identification of Potential Failures
� Business Impact Analysis
� Minimum Acceptable Levels
� Identification of Alternatives/Contingency
� Develop The COOP
� Testing
� Training & Updating the Plan
� Examples
3. Definitions
�DISASTER RECOVERY PLAN:
The document that defines the resources,
actions, tasks and data required to
manage the business recovery process in
the event of a business interruption. The
plan is designed to assist in restoring the
business process within the stated
disaster recovery goals.
Source: Disaster Recovery Journal
4. Definitions
�CONTINGENCY PLAN:
A plan used by an organization or
business unit to respond to a specific
systems failure or disruption of
operations. A contingency plan may use
any number of resources including
workaround procedures, an alternate
work area, a reciprocal agreement, or
replacement resources.
Source: Disaster Recovery Journal
5. Definitions
�DISASTER RECOVERY PLANNING:
The technological aspect of business continuity
planning. The advance planning and
preparations that are necessary to minimize
loss and ensure continuity of the critical
business functions of an organization in the
event of disaster.
SIMILAR TERMS: Contingency Planning;
Business Resumption Planning; Corporate
Contingency Planning; Business Interruption
Planning; Disaster Preparedness.
Source: Disaster Recovery Journal
6. Definitions
�CONTINGENCY PLANNING:
Process of developing advance
arrangements and procedures that enable
an organization to respond to an event
that could occur by chance or unforeseen
circumstances.
Source: Disaster Recovery Journal
7. Definitions
� CONTINUITY OF OPERATIONS PLAN (COOP):
A COOP provides guidance on the system
restoration for emergencies, disasters,
mobilization, and for maintaining a state of
readiness to provide the necessary level of
information processing support commensurate
with the mission requirements/priorities identified
by the respective functional proponent. This term
traditionally is used by the Federal Government
and its supporting agencies to describe activities
otherwise known as Disaster Recovery, Business
Continuity, Business Resumption, or Contingency
Planning. Source: Disaster Recovery Journal
8. Definitions
� For consistency, use Continuity Of
Operations Plan (COOP)
� COOP can be inclusive of all
activities associated with previous terms
� Organizational readiness begins with clear
recognition, understanding, and commitment
to the scope of your COOP
� You get what you pay for
10. Risk Analysis
� Specify probability and criticality
� Product of: (probability) x (criticality)
� Probability: chance that the future event will occur
(if present, it’s a problem, not a risk)
� Criticality: the impact of a future event
(no impact = no risk)
11. Risk Analysis
� Degrees of probability
� High – nearly certain (80 – 99%)
� Moderate – probable, possible (20 – 80%)
� Low – improbable (< 20%)
� More ranges may be appropriate
12. Risk Analysis
� Degrees of Criticality
� High – total failure or serious degrading of
business function
� Moderate – impaired performance
� Low – little impact, but more than none
� More ranges may be appropriate
13. Analyze Risk Relative to HIPAA
�Use accurate stats for your operations
�Number of beneficiaries
�Number of providers
�Volume of transactions (by provider type, if possible)
�$ value of transactions
�MCOs
�Helpline/Hotline call volume
�Payment cycles
�Waiver programs
�Contractors’ roles
�Are there state-level coordination issues?
14. Identification of Critical
Business Processes
� Identify events with potential to degrade
ability to do business
� Eligibility - Inquiry & Response
� Beneficiary Enrollment / Disenrollment
� Authorization – Request & Response
� Claim / Encounter
� Remittance / Payment
� Claims Status - Inquiry & Response
15. �
�
Identification of Potential Failures
Describe expected outcome of each event:
� Eligibility
Inquiry not possible (receipt, validation, processing)
� Response not possible (generation, translation, transmission)
� Enrollment / Disenrollment
Enrollment not possible (generation, translation, transmission)
� Disenrollment not possible ( generation, translation, transmission)
� Authorization
� Request not possible (receipt, validation, processing)
� Response not possible (generation, translation, transmission)
16. Identification of Potential Failures
� Claim
� Claim receipt not possible (receipt, translation)
� Claim processing not possible (validation, adjudication)
� Remittance / Payment
� RA not possible (generation, translation, transmission)
� Claim Status
� Status inquiry not possible ( receipt, validation,
processing )
� Status response not possible ( generation, translation,
transmission)
17. Identification of Potential Failures
� Identify users and areas likely and seriously
affected
� System areas modified but not tested thoroughly
� System areas tested only internally (not tested via actual
B-2-B)
� Areas of end-user unfamiliarity (new processes, new
outputs, new interfaces)
� Trading partner issues (process, product)
� Multiple degradations/failures, source of problem not
easily determined
� Trickle down effect, identify other business associates
affected
18. Business Impact Analysis
� Identify business process affected
� Determine tolerance level if function(s)
are degraded, disrupted, or completely
unavailable
19. Business Impact Analysis
� Analyze process and ask “how BAD is it
(really), if:”
� Providers can’t determine if patients are eligible,
or what they’re eligible for ?
� Recipients can’t get enrolled into a health plan ?
� Medical services can’t be authorized ?
� Claims aren’t received electronically ?
� Claims can’t be processed ?
(validated, adjudicated, rejected, archived, etc.)
� Providers can’t be paid ?
� Providers can’t tell what the status of a claim is ?
20. What Is The Tolerance?
� Determine risk actions to be taken based on varying
levels of tolerances for critical processes
� Accept risk
(do nothing)
� Watch it
(monitor)
� Mitigate
(reduce criticality and/or probability)
� Plan for contingencies
21. Business Impact Analysis
� Document risk analysis (description and
rationale)
� Prioritized listing of critical business
processes
� Business processes should be identified,
evaluated, and then ranked in order of
importance
24. Minimum Acceptable Levels
� Eligibility – inquiries & responses
� Enrollments & Disenrollments
� Authorization – requests & responses
� Claims – receipt & adjudication of EDI and
paper
� Remittance
� Claims Status – inquiries & responses
25. Identification of Alternatives
Selection of Contingency
� For each critical business process, identify
all the possible alternatives (workarounds)
� Select ONE alternative for each business
process / scenario
26. Develop The COOP
� Each contingency needs to specify:
� Assumptions (baseline parameters for planning)
� Triggers (indication of failure)
� Notification (who to tell)
� Resource Assignments (who does what)
ERT
� Procedures (the work-around)
� Duration (for how long)
� Monitoring (see how it goes)
27. Develop The COOP
� Analyze and document required resources
to support the plan
� Establish command, communication, and
control procedures for executing the plan;
Includes:
� Timely recognition of trigger of disruption
� Designated plan invoker
� Organized, responsive, and accessible
emergency response team (ERT)
28. Develop The COOP
� Does your Incident Reporting mechanism work like
this:
…or slightly faster…
� Require tested and operational Incident Reporting
mechanism to support all communication channels
29. Develop The COOP
� Minimum Acceptable Level of Service: This is
some predetermined level of service. It may be a
percent of volume or length of time, etc.
� Triggers:
cause a COOP to be invoked.
separated from triggers by a period of time before
These are the specific failure points that
Events may be
the contingency is invoked
� Concept of Operations: The concept of operations
is a short summary paragraph providing a macro
level view of how the workaround will unfold
30. Develop The COOP
� Emergency Response Teams
� ERTs are tailored for each business process
� The information should include positions,
names of “who” is assigned, function, and
telephone numbers [work, home, cell, pager],
etc.
� Contact procedures for ERT members: This
section should indicate “what” method will be
used to contact the ERT members: e.g. phone
trees with home/cell/work numbers, ‘code’
announcements for state employees, email,
other alternate means
31. Develop The COOP
� Escalation of Problems and Reporting Procedures:
This is the information that is conveyed in the
execution of the COOPs…verbal, written, frequency
� Training Plan: This section explains the “why”
training is conducted, “when” it will be done, “who”
conducts and receives training, and “how”. (Prep for
doing the CPs, periodic, and just-in-time.)
� Validation Plan: This section describes a process for
testing and validating the COOP.
32. Develop The COOP
� Outreach Plan: This section explains “how” and
“when” the Medicaid enterprise will communicate
to beneficiaries and providers that contingency
operations have started and ended
� Plan Maintenance Procedures:
describes “how” the COOP will be reviewed,
This section
changed, updated and “who”is responsible
� Day One Strategy: Procedures for the initial
transition to the COOP
� Distribution: This section lists “who” and
“where” copies of the COOP are located
33. Develop The COOP
� Disaster Recovery Plan: This section may be where
a copy of the DRP (May be your F/A) is located for
reference (IT and infrastructure)
� Alternative Strategies:
identification of all possible workarounds from
which one is selected (with justification)
This section provides for the
Example: Provider Claims
� hold all claims until system is recovered
� pay percentage of historical (previous month, quarter, year)
� pay prioritized list of providers most significantly impacted if not paid
� first in – first out
34. Develop The COOP
� Business partners affected: This section should
identify all the business partners / other agencies
affected by the implementation of the COOP --
“who”
� Resources and cost estimates to implement the
COOP: This is a list of those things necessary to
execute the COOP -- “what”
� Restore to normal ops: This section contains
procedures for transitioning back to normal
operations after a contingency is no longer
required
35. COOP Organization
Public Relations
Crisis Coordination
Enterprise
Management Team
(XMT)
Emergency
Management Team
(EMT)
Emergency
Response Team
(ERT)
Contractors
Financial
Institutions
Other
Stakeholders
Other Federal
Agencies
Other
State Agencies
Providers
Media
Governor
CMS
Beneficiaries
36. COOP Testing
� Exercise COOP to ensure:
� Adequacy of assumptions
� Staff comprehension of COOP procedures
� Under duress, staff can accomplish in expected
timeframes, produce expected outcomes
(for example, MALS)
� Assigned COOP resources (alternate site,
equipment, lines, ERT, etc.) are functional,
available
37. �
Training
� Raise Awareness
Periodic presentations to team members, management, new
employees
� Offer external COOP training, conference opportunities,
create library of publications
� Conduct Validation Exercises
� Desktop walk-thru or more realistic simulation “fire drill”
� Pre-exercise brief, audit the process, document progress, allow
participant feedback, and debrief
� Establish change control procedures
� Establish uniform distribution of plan; version control
38. Updating the COOP
� As personnel change
� As situations change
� Cycle of continuous improvement
TestingTesting
RevisingRevising
TrainingTraining
39. Table of Contents From Actual State BCCP/COOP Plan
� I. Introduction – Current Business Process Overview
� II. Assumptions
� III. Concept of Contingency Operations
� a. – Rapid Response Organization:
– i. Executive Team
– ii. Operating Team
– iii. Business Contingency Plan Managers
� b.
� c. Phone Trees
� IV. Eligibility Verification
� V. Claims Processing/Reimbursement Services
� VI. Systems Management
� VII. General Administration
� VIII. Managed Care
� IX. Chronic Care
� X. Acute Care
Responsibilities
Incident Management Guide
� XI. Legal and Regulatory
� XII. [Fiscal Agent] Disaster Recovery Plan
40. Disruption to State
Payment and
Eligibility Function
Notify ERT
Alternate and/or
Co-Leader
Begin Assessment
of Impact to State
Functions
Decide Initial
Response
Procedure
Notify all ERT
Members
Notify Select
Members of ERT
Go to
Page 2
Estimate impact requires significant resources
Only need subset of ERT
No response
required
Go to
2
Disaster Event
Affecting State-
Level Medicaid
Operations
Start Event Log Entries
Verify with
Respective RO
Staff (Preferably
the RA or ARA)
CMS Central Office Response Process for State-Level Disaster/Disruption-Page 1
Notification may come from a variety of
sources including, but not limited to:
CMS Senior Staff
CMS Regional Office(s)
Press Office
Public Media
ERT Leader or
Designee
Exit point will be determined by the
ERT Leader.
emergency response is required,
ERT leader may designate a
monitoring function
complete exit.
Is the RO
Affected?
Go to
Page 4
Decide if disruption affects RO's
ability to operate normally
Yes
Page 4 lists the steps required
to address disruption to the RO
from the perspective of the CO.
Each RO may invoke individual
procedures, i.e., shift
operations to another RO
No
SMA Invoked
Contingency Plan?
RO Request copy
of BCCP
Forward to 018D
ERT Leader
RO Contact SMA
Staff to Asess
Intention to Invoke
BCCP
ERT Leader should be made aully aware of the
situation
018D indicates the use of a "Plan Invoker"--This is
either a senior-level manager or a RMS designated
contact
Yes
No
Communicate SMA
Intention to ERT
Leader
It is possible that the SMA invoked a systems disaster
recovery plan rather than a business continuity plan-
which is much more comprehensive.
Determine the kind of plan invoked and compare the
appropriateness of the response versus the disruption.
Page
Although no formal
prior to a
41. HIPAA
Transaction
and
supporting
business
process
assessed
for HIPAA
impact
Completedasof
HIPAA
Transaction
and
supporting
system
functions
renovated
Completedasof
HIPAA
Transaction
with
Associated
Supporting
Business
and System
Functions
Tested End-
to-End
Start Date
of End-To-
End
Testing for
HIPAA
Transaction
Completedasof
HIPAA
Transaction
with
Associated
Supporting
Business
and System
Functions
Implemented
Start Date
of
Implementa
tion of
HIPAA
Transaction
Completedasof
COOP
Updated for
HIPAA
Transaction
Completedasof
Unable to
Meet
10/16/2003
Deadline for
HIPAA
Transaction,
Prioritze for
COOP
Y/N
Date or
Expected
Date Y/N
Date or
Expected
Date Y/N
Date or
Expected
Date
Date or
Expected
Date Y/N
Date or
Expected
Date
Date or
Expected
Date Y/N
Date or
Expected
Date
Indicate
Priority
Professional Claim/ Encounter [837P]
Inpatient Claim/ Encounter [837I]
Dental Claim/ Encounter [837D]
Pharmacy Claim/ Encounter [NCPDP]
Claim Receipt and Translation
Claim Adjudication/Pricing/Calculation
Capitation Payment
Managed Care Administration Fee Payment
Institutional LTC Payment
Premium Payment [820]
Medicare Buy-in Premium Payment
Private Health Insurance Premium Payment
Non-Standard Claim Payment
Mass Claim Adjustment Transaction
Claim, Encounter, and Payment Communications
Remittance Advice [835]
Claims Payment
Check/Warrant Processing
Claim Status Request, Voice/Fax/Electronic
Claim Status Response [277]
Claim Status Response, Voice/Fax/Electronic
Eligibility Verification Request [270]
Processing Request, Voice/Fax/Electronic
Eligibility Verification Response [271]
Processing Response, Voice/Fax/Electronic
Eligibility and Enrollment Notices and ID Documents
Recipient Maintenance, Communication/TPL/Appeals/Lock-in
Eligibility Data Exchange
Enrollment Transaction [834]
Enrollment Rosters to MCO
Request for Auth. of Service [278]
Response for Auth. of Service [278]
Prior Authorization Receipt, Voice/Fax/Paper/Electronic
Messages, Receipt/Acknowledge/Accept/Reject
Continuity of OperationsTestingGap Analysis Renovation Implementation and Transition
For each phase from Gap Analysis
through COOP, fill in the
corresponding cells for each HIPAA
transaction.
business processes are listed as
prompters to ensure these have been
addressed in each phase of HIPAA
implementation.
guideline and is not an exhaustive
list of processes that is necessary to
be addressed for HIPAA
implementation.
Italicized, indented
The list serves as a
42. Utilization Review
Review, Medical/Peer/Administrative
Generate and Distribute EOMBs
Catastrophic Case Management
SURS – Establish System Parameters
SUR Case Referrals for Investigation
Provider Prepayment Review
Retro DUR
Fraud Detection Processing, Data Mining
Quality Assurance, Medicaid/MCO/Enrollment Broker
Rate Setting
Rate Setting, Fee For Service/Managed Care/Co-Payment/Capitation Rates/Waiver Rates
Rate Calculation, Institutional/Outpatient/Pharmacy/Clinic/Encounter/Non-Institutional Practitioner
DME and Supplies Rates and Clinical Lab Fee Schedule
Fees, Case Management/Administration
Management Reporting
Reporting, EPSDT/MSIS/HEDIS
Decision Support
Claims History Inquiry
1099 Production
Public Health and Vital Statistics Reporting
Financial Management
Accounts Receivable/Payable/TPL Collection/Drug Rebate/Recoveries/Bank Reconcilliation
Drug Rebate
Drug Rebate Claim Selection
Drug Rebate Invoicing
Drug Manufacturer Response Processing
Auditing
Pharmacy Fill Fee Audit
Cost Settlement Audits
Quality Control
Medicaid Eligibility Quality Control
Claims Processing Quality Audits
Translator Administration
Translator Contract Management
Mapping to Adjudication System
Translator Maintenance
Trading Partner Administration
Data Exchange Information Acquisition
Data Exchange Information Maintenance
The following business processes are from Medicaid Administration and Utilization Management areas, which are impacted in varying degrees by some
oralloftheHIPAAtransactionsandwouldhavetobeaddressedinallphasesofHIPAAimplementationfromGapAnalysisthroughContinuityof
OperationsPlanning.