Data file.technical drs.hipaa presentation may 2011


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Data file.technical drs.hipaa presentation may 2011

  1. 1. Notification of Breach Release of Information Discussion Presented By: Janine Akers from DataFile TechnologiesTechnical Doctor, Inc.Connecting Technology & Professionals
  2. 2. About DataFile Technologies •Privately Held Kansas City Company •Work with Major EMRs •National Partnership with Multiple CompaniesTechnical Doctor, Inc.Connecting Technology & Professionals
  3. 3. Overview • HITECH Act Changes to HIPAA g Notification of Breach • Release of Information Best Practice Resources • How our eROI Services can work for You.Technical Doctor, Inc.Connecting Technology & Professionals
  4. 4. Notification of Breach Do we need to notify a patient?Technical Doctor, Inc.Connecting Technology & Professionals
  5. 5. HITECH Historical View Brief History of HITECH Act Subtitle D—13400’s Section August 2009 1st Set of Proposed Rules for HIPAA Privacy Privacy, Security and Enforcement Rules February 2010 F b Above proposed rules are finalized July 2010 Above final was recalled and 2nd set of proposed rules were published d l bli h dTechnical Doctor, Inc.Connecting Technology & Professionals
  6. 6. HITECH Proposed Changes Changes Proposed in Current Comment Period Notice of Privacy Practices Changes to definition of medical necessity Immunization records & deceased records Definitions of electronic media Breaches – Guidance for Significant RiskTechnical Doctor, Inc.Connecting Technology & Professionals
  7. 7. What is a Breach? How does HITECH Act define a breach? Was the protected health information secure? Do one of the exclusions apply? Is there a significant risk of financial, reputational, or other harm to the individual?Technical Doctor, Inc.Connecting Technology & Professionals
  8. 8. The Exclusions What are the exclusions provided by HITECH? Workforce use • Unintentional acquisition, access or use of PHI by a workforce member if the PHI is not further used or disclosed in a manner that violates the Privacy Rule Workforce disclosure • Unintentional disclosure of PHI by a workforce member to another workforce member if the PHI is not further used or disclosed in a manner that violates the Privacy Rule No way to retain the information • Unauthorized di l U th i d disclosure t which th CE or BA h a good to hi h the has d faith belief that the unauthorized person to whom the PHI is disclosed would not reasonably have been able to retain info.Technical Doctor, Inc.Connecting Technology & Professionals
  9. 9. Guidance for Significant Risk What guidance is provided by HITECH? Covered Entity to Covered Entity • Inadvertent disclosure of PHI from one covered entity or BA y employee to another similarly situated covered entity or BA employee, provided that PHI is not further used or disclosed in any manner that violates the Privacy Rule. Immediate steps to mitigate • Were immediate steps taken to mitigate the harm including return or destruction of the information and a written confidentiality agreement ? Types of information included • Was the information disclosed limited to the name of the individual indi id al or a limited data set?Technical Doctor, Inc.Connecting Technology & Professionals
  10. 10. Notification Components What are the required notification components? A description of what happened including the date of breach and date of discovery y A description of the types of PHI involved Steps the individual should take to protect themselves Steps taken by the provider to investigate, mitigate and protect against further disclosure Contact information for questions including a toll-free telephone number, email address, website or postal address b it t l ddTechnical Doctor, Inc.Connecting Technology & Professionals
  11. 11. Example Letter of NotificationTechnical Doctor, Inc.Connecting Technology & Professionals
  12. 12. Penalties & Reporting What are the penalties & reporting obligations? Defined d D fi d and enacted b k i F b t d back in February 2009 i in original ARRA/HITECH Act - HIPAA Section to apply to both the Breach and the NotificationNature of Violation Fine Per Violation Annual MaximumUnknowing $100 $25,000Reasonable Cause $1,000 $100,000Willful Neglect $10,000 $10 000 $250,000 $250 000Willful Neglect Not $50,000 $1,500,000Corrected Technical Doctor, Inc. Connecting Technology & Professionals
  13. 13. Reporting Reference Records  Authorized  Proactive approach for preventive Date Patient Originated  Incident How mistake happened Mistake discovered Mistake rectified and Notification Recipient measures from Clinic After it has been brought to our  Starting with date and  attention that there has been an  Starting with date and  name of employee  oversight, mistake, or HIPAA  supervisor’s name, document  initiating report and  violation (regardless of how big or  Starting with date and  how we will use this occurrence  Patient  Description of  correcting the problem,  Medical  small)‐ we will document, research  resource, describe in  to train the entire staff regarding Date Name &  Requestor the unique  describe in detail actions  Practice and come to understand what  detail how this mistake  our best practice procedures to  p p DOB occurrence.  taken to correct the  t k t t th happened and describe in detail how  was discovered. prevent the possibility of a  problem and how patient  this occurred.  Include date and  similar occurrence happening  and covered entity were  employee names involved in the  again.   notified.   communication trail. Technical Doctor, Inc. Connecting Technology & Professionals
  14. 14. Limit Your Liability • Staff training • Process improvement • Transfer the liability yTechnical Doctor, Inc.Connecting Technology & Professionals
  15. 15. Why DataFile? Improve customer service Improve customer service Mitigate risk Offer rapid response p p Eliminate training expenses Take fewer callsTechnical Doctor, Inc.Connecting Technology & Professionals
  16. 16. DataFile Technologies eROIHow do our services work? Technical Doctor, Inc. Connecting Technology & Professionals
  17. 17. How It Works: Step 11. Establish HIPAA secure network connection Technical Doctor, Inc. Connecting Technology & Professionals
  18. 18. How It Works: Step 22. Set up a User in the EMR for “DataFile” Technical Doctor, Inc. Connecting Technology & Professionals
  19. 19. How It Works: Step 33. Scan/attach appropriate Patient and Task or Message to user  “DataFile” Technical Doctor, Inc. Connecting Technology & Professionals
  20. 20. Start a Request to DataFileTechnical Doctor, Inc.Connecting Technology & Professionals
  21. 21. Status Update on RequestTechnical Doctor, Inc.Connecting Technology & Professionals
  22. 22. The Brass Tacks What is the cost for eROI services? • T i ll Typically… NONE • The variables involved in eROI include – Specialty – Number of Providers – State • Providers can maximize service while eliminating costs with eROI servicesTechnical Doctor, Inc.Connecting Technology & Professionals
  23. 23. Questions & Thank You Janine B. Akers, MBA DataFile Technologies, LLC 816‐437‐9134Technical Doctor, Inc.Connecting Technology & Professionals