Question

Develop a training plan for new HIM employees that will ensure that they understand the HIPAA regulations and what their role is in maintaining them.

The plan should include:

Content (What will the content of the training include?)
Classes for employees - How will you break the students into different types of classes based on their role within the department (coder, ROI staff, etc.)?
The skills that the trainers need
Amount of time needed for the course
Format of class
Resources needed

Answer 1

In the year 1996 April 21 the HIPAA was signed into a law. The HIPPA was mainly created due to the improvement of health insurance coverage continuity and for proper health care services administration In the healthcare system the effectiveness and efficiency was highly improved during the processing of healthcare data and information electronic transactions.

(HIPAA) created a set of uniform standards and had several main objectives; here are just a few:

To improve portability of health coverage when employees switch jobs

To combat waste, fraud and abuse in health insurance

To simplify the administration of health insurance

To protect the privacy and security of health information (which is the primary focus of this course)

Major points and titles covered under HIPAA

Point I: Health care access, portability, and renewability

Point II: Preventing health care fraud and abuse, and administrative simplification medical liability reform

Point III: Tax-related provisions

Point IV: Prevention of private data and stopping CYBER CRIMES

Point V: Recurring revenue offsets in companies

The following is the evolution of HIPAA

Key terms in HIPAA

PHI or Protected Health Information

PHI is identifiable health information protected under HIPAA that relates to an individual’s past, present or future treatment and payment for treatment

It must be protected whether stored or transmitted;

It can exist as a form of media, electronic, oral or through papers.

Covered Entity or CE:

The covered entities are providers, health plans and clearing-houses.

BA or Business associate:

A person or organization that performs functions or activities on behalf of a covered entity that involve the use or disclosure of PHI.

BAA or Business associate:

The contract between a covered entity and a business associate who performs activities on behalf of the covered entity, if those activities involve the use and disclosure of PHI.

Use vs. Disclosure (in relation to PHI):

Use - covered entities and business associates use PHI within their organization as part of normal treatment, payment and healthcare operations activities

Disclosure – when a covered entity or business associate releases PHI outside their organization.

HIPAA – Transactions, Code Sets and Identifiers:

Transactions facilitate standardized information exchange between providers and payers

Code Sets are standardized encoded data elements that help eliminate subjectivity and ensure uniformity of data.

Identifiers are codes that uniquely identify each entity sending or receiving a HIPAA transaction.

HIPAA – The Security Rule:

The CEs and BAs must implement security controls to ensure the confidentiality, integrity, and availability of PHI.

Security Rule provides a framework of administrative, physical, and technical safeguards to support the privacy requirements in the Privacy Rule.

HIPAA – Breach notice:

Any type of unauthorized access or use defines a breach.

Investigation determines that the PHI in question had been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology.

HIPAA – Penalties:

Huge monetary penalties according to the breach or violation.

Develop a constant monitoring and feedback tool which gathers information from associates and avoids any violation of HIPAA by physical means of through the use of technology (Cyber crimes).