Advance Case Studies in HIPAA Implementation Practical Application

Advance Case Studies in HIPAA Implementation: Practical Application of Privacy and Security Policies & Procedures March 28, 2003

Panelists q David Ermer, Partner, Gordon & Barnett q Beth Kranda, Privacy Director, ACS, Inc. q Ken Yale, Vice President, Edu. Neering, Inc. q Nadine Zabierek, Privacy Officer, Health Care Service Corporation CONFIDENTIAL MATERIAL: This material may not be reproduced or distributed without the permission of Edu. Neering, Inc.

General Issues q How do we get P&P into plain language and with the right level of specificity & practicality? q How to create a P&P template? What makes a good policy? What should we include? q How to get buy-in from the top and the bottom? How do we train the troops? q How can we be sure to keep P&P scalable, flexible, reasonable? q How do Privacy and Security P&P overlap or interact? CONFIDENTIAL MATERIAL: This material may not be reproduced or distributed without the permission of Edu. Neering, Inc.

Top Ten HIPAA P&P Headaches q Training and documentation of training q Minimum Necessary q Phone Calls: verification, first contact q Security and Privacy interaction/overlap q Documentation in accounting for disclosures q Amendment documentation and procedures q Tracking disclosures of PHI outside of TPO q Internal audits, evaluations of compliance q Access control: Privacy vs Security q State regulations on consent CONFIDENTIAL MATERIAL: This material may not be reproduced or distributed without the permission of Edu. Neering, Inc.

Resource Documents q WEDI/SNIP • • P&P Resource Documents: Privacy: http: //www. wedi. org/snip/public/articles/ privacy_pp 1115_02. pdf Security: http: //www. wedi. org/snip/public/articles/ 072402 securitypxpv 12. pdf q URAC Accreditation Standards: q Privacy: http: //www. urac. org/urac. asp? id=88 q Security: http: //www. urac. org/urac. asp? id=89 CONFIDENTIAL MATERIAL: This material may not be reproduced or distributed without the permission of Edu. Neering, Inc.