View
217
Download
0
Category
Tags:
Preview:
Citation preview
HIPAA: Is it for us?
ISAC TRAINING
SEPTEMBER 18, 2002
Vision Statement
Counties and the public will benefit from adopting policies and changing procedures to safeguard confidential information.
HIPAA
Health Insurance Portability and Accountability Act
What needs to happen
Counties need to determine what they will do in response to the new Federal law, if anything
An assessment of the amount of Protected Health Information within the county will help decide the strategy
Increasing the awareness of potential pitfalls is important
Today’s situation:
Polk County has identified significant amounts of Protected Health Information in various county departments and offices
The policies and protocols for safeguarding and accessing the information come from different sources, e.g., State law, medical ethics, and other sources
Today’s situation:
Personnel files– Initial employee physical– Worker’s compensation information– Claims for accidents– Filtered back information from self-insurance
health claim files (Plan sponsor role)– Time records with health status implications
Today’s situation:
General assistance files– 20,000 files– Most stored in 6 shelf lateral shelves with no
doors; some info and coding on main frame computer
– Files located in locked area– All employees have access to area– Approximately one-third have medical information– Tax suspension—300-400 files
Today’s situation:
Youth and shelter detention files– Initial history and physical for each youth served– Mental and behavioral health information a key to
services delivered– Files generally locked in office drawers or central
file room
Veteran’s affairs– Health information in many files
Today’s situation:
Mental health records– Polk County Health Services, a private non-profit
corporation, houses most mental health information– Records are stored for 18,000 persons with PC legal
settlement– 99% of the storage is electronic plus 30 filing cabinets of
paper files– Other paper files: Cluster Board, exceptions to policy,
appeals, lawsuits, etc
Today’s situation:
Mental health files (continued):– Mental health commitment files– Auditor’s office has copy of servers– Three in Auditor’s Office have full access to all
mental health files– Mental health electronic files available to General
Assistance, and three others in Community/Family services
Today’s situation:
Auditor’s Office– All mental health records– Legal settlement information– Commitment information for mental health and
substance abuse– Mental health institutional placement information
Today’s situation:
Public Health Department– Employee physicals– HIV initial testing and treatment– Sexually transmitted disease testing and followup
About 40 boxes
– Substance abuse testing results for all of 5th Judicial District supervised persons, e.g., juvenile court parents, criminal case followup
– Mainframe records which can be drilled down
Today’s situation:
Community and Family Services Victim Services Senior Services
– 6800 seniors attended “wellness” clinics, such as arthritis screening, blood pressure, podiatry, hearing, physician assistant screenings, etc.
– 1 file drawer of medical documentation for special diets, – Meals on wheels, para transit—10,000 total; 2000-3000
new per year.
Today’s situation:
Family Enrichment Center (case management for employment support to families)– Health and mental health information can be
found in client files– Stored in locked file cabinets
Today’s situation:
Archived administrative files—both on and off site storage systems– Many are in boxes in the basement of the
administrative building, stacked on open shelves with mixed access
– Paid secure storage off-site—where the computer back up files are kept; daily access
Attorney files
How did we get here?
Current laws protect some information, but
the laws and policies have never been standardized
Mistakes have been made, usually in other places. We hear about the lawsuits.
How did we get here?
People are getting more sensitive about privacy issues.
Giving out private information might have serious consequences to the individual, such as the loss of a job or job opportunity, or disqualification from insurance coverage
Storage issues
Privacy and security are difficult to maintain in open boxes of files
Existing laws are prompting an improvement in storage methods aside from any HIPAA requirements
It is improvident to spend large amounts on file cabinet storage when “imaging” technologies will be available within a matter of years.
Available options
Do nothing and wait for a complaint. Implement everything immediately.
– Costly, disruptive, and possibly ineffective
Change only the minimum required by Federal law by April, 2003.
Make gradual changes over the next 2-3 years.
Recommendation
Implement gradually and in a reasonable manner. Do what makes sense to protect the type of information you have.
Counties appear to be a hybrid organization under the HIPAA regulations.
Action Steps
Convene centralized committee for the purpose of developing a work plan.
Develop a policy statement for the implementation of HIPAA county-wide and seek BOS endorsement of resolution adopting the policy.
Offer training for all county units on the impact of the policy statement in modifying behavior.
Action Steps
Identify gaps in physical and electronic storage Begin process of developing Information Practices
statements and notices. Possible plan—use a workshop format and an outline.
Develop and train on workstation practices Develop access log systems where needed Identify business partners and develop agreements
Corporate Compliance
Policy Oversight
Training
Discipline Monitor
Why bother?
Counties have a wide variety of confidential, personal information about people, including medical information.
Some sensitive information is required to be given in order to receive services or to qualify for county activities
Even the unintentional release of personal information may be harmful to the individual
Why bother?
As our society becomes more complex, the danger of unintended release of information increases.
Congress is concerned about the need to be more careful in the storage and handling of sensitive health information. There will soon be new “rules of the game” for providers and insurance companies. Counties need to keep up.
Why bother?
Our constituents and employees will expect us to be careful with their sensitive information about their health.
There are stiff penalties for failing to comply.
User Groups
Monthly meeting Policy Development Privacy Notices Communications with operating units
Storage issues….
More storage issues….
And more storage issues…
And still more storage issues!
Recommended