Recent Webcast offers tips for HIPAA compliance
Recent Webcast offers tips for HIPAA compliance
Use this template for regulatory success
With the end of the year close at hand, some health care organizations may find themselves in a scramble to put together and implement regulations that will meet the criteria of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Two speakers at the Aug. 29 SMS (Siemens Medical Solutions, a medical engineering company) National HIPAA Launch Webcast: Count-down to Compliance shared some of their insights on how health care organizations can go about implementing and instituting HIPAA-compliant standards.
Christine Stahlecker, manager for electronic commerce/national standards at Blue Cross/Blue Shield Association (BCBS ) in Washington, DC, spoke on several actions her company has taken toward compliance. Stahlecker said her company’s actions can be used as "template-type steps for those of you . . . [who] may not have taken such initiatives on yet and are looking for ways to get started."
Expanded the use of the Internet and extranet.
BCBS, said Stahlecker, turned to the Internet and extranet for its initial steps. "We published some information to our CEOs, actually issued by the president of the association. We created some listservs, some information repositories. We have toolkits and templates out and available to Blue Plan members." She encouraged other health care organizations to contact Blue Plan. "[BCBS does] have these tools at our disposal, and may be willing to share as trading partners with you."
Created the HIPAA Institute.
According to Stahlecker, BCBS’ objective was "to spread the word at the 101 level across all the components of the HIPAA standard." However, she acknowledged that creating the program took a certain degree of time and encouraged those with access to a Webcast to take advantage of such technology.
Targeted executive officers.
The Blue Cross/Blue Shield Association held a session that was geared just to executive officers, to raise the awareness of senior staff and to build support and momentum for a subsequent meeting that was held for the group’s implementation teams across the plan.
"Our learning objective for the Blue Member Plan Implementation Team was to target not just the director of the HIPAA implementation team and not just the programmers. In fact, that was [targeted] at that middle-management layer, those that would actually be responsible for implementing HIPAA," Stahlecker said.
Started with a half-day orientation.
The session, she said, had three tracks, which were conducted over several days and were held off-site. One track was designed for program management and one for transactions, but the most popular one, she said, was focused on a "combination of both security, privacy, and legal issues."
Got support from the health care community.
Stahlecker said that it takes one group or company to come forward and get the compliance ball rolling. From this action, business partners can come together and discuss and learn where they think the biggest threats to their security lie and how these different companies should strategize to move forward.
A second speaker, Connie Kinsella, associate director of fiscal affairs of the University of Wisconsin (UW) Hospitals and Clinics in Madison, explained how her company is preparing for the final regulations.
Formed a HIPAA task force.
UW Hospital has developed a task force composed of its CIO, corporate counsel, compliance officer, medical informatics director, and Kinsella. "We are actively recruiting at this time for a privacy officer," she said, who "when recruited, will chair this committee."
Inventoried the various data repositories.
Kinsella warned companies to study "PCs, Palm Pilots, the infinite variety of areas in which there may be individually identifiable patient data in an electronic format — where those might be and the users who have them."
An eye-opening experience’
She said such a project "will be an eye-opening experience for you once you begin to consider all of the infinite variety of possibilities for the storage of individually identifiable information and will make you fully appreciate why legislation regarding security and confidentiality is necessary."
Developed an e-based market strategy.
"We have begun to identify our business partners who are getting patient identifiable information," Kinsella said. "Our experience to date has been interesting in that what we have found, and this shouldn’t be surprising, is that our traditional health care partners or business partners engaged in the health care industry know about HIPAA, know what it is.
"They may not know yet exactly what the impact is going to be upon them; those in the payer community certainly do. Those in some of the other vendor communities — drug suppliers, film suppliers, software — may or may not."
Started educating business partners whose core business is not health care.
Many are quite taken aback by the prospect of HIPAA, Kinsella acknowledged. "This includes people like your couriers, your print vendors, your bank . . . . [Those are] the people, as I say, who are providing a service to you, are providing or have access to individually identifiable patient information, but businesses whose primary core business is not the health care industry." Those vendors, she added, are going to need a lot of lead time to be ready for this, and they are going to need you to hold their hand and bring them down this road. "I encourage you to start educating that section of the industry now."
Developed HIPAA compliance language in both service and managed care contracts.
"We have started to review . . . some of our revenue-stream processes, to find out where we can realize the savings," she said, a process that she encouraged all health care companies to follow.
(For more information, visit www.smed.com.)
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.