More HIPAA resources.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 23, 2000 3:00 PM
> To: HIPAAlert Newsletter
> Subject: [hipaalert] HIPAAlert: Volume 1 No. 3
>
>
> =============================================================
>
> H I P A A L E R T Volume 1 No. 3 January 24, 2000
> =============================================================
>
> This newsletter is sponsored by Phoenix Health Systems and
> HealthExecOnline, to help healthcare managers stay on top of
> current issues related to HIPAA security. HIPAALERT is published
> monthly or more often as events dictate. Have a question or
> comment? Email us anytime at: <mailto:[EMAIL PROTECTED]>
>
> Do you have interested associates? Forward them this issue!
> To sign up for a free subscription, or to access past issues
> click on:
> <http://hipaalert.com>
>
> =============================================================
>
> T H I S I S S U E
>
> 1. From the Editor: No News is Big News!
> 2. Compliance Countdown: Redux
> 3. First Steps to Compliance (& MEMBER SURVEY Announcement)
> 4. HIPAAlinks: Reg by Reg
>
> =============================================================
>
> 1 / F R O M T H E E D I T O R
>
> The BIGGEST HIPAA news in the last month was NO news -- or,
> to be exact, one to six-month FEDERAL DELAYS in publishing
> several final rules expected by now. Moreover, a delay on the
> final privacy rule, originally slated for late February, is also
> likely. In December, the Department of Health and Human Services
> succumbed to industry pressures to extend the public comment
> period on the proposed privacy rule six weeks, allowing all
> interested parties to get in their licks. Details of the REVISED
> COMPLIANCE SCHEDULE follows, in "Compliance Countdown: Redux".
>
> All of which leaves THE REAL QUESTION: WHAT NOW? Do we industry
> folks sit back and wait on HIPAA, counting the delays as one more
> millennial blessing? Or, do we make preparations for which we had
> no time while cleaning up our Y2K houses?
>
> In "First Steps Towards Compliance" below, HIPAAlert offers a
> preliminary Check List. And, in order to explore the question
> with you, we're sending you our "MEMBER SURVEY: FIRST STEPS" by
> separate e-mail. For the benefit of HIPAAlert's nearly 4000 members,
> please take a few moments to answer the questions on your
> organization's HIPAA priorities and preparations -- and we'll
> publish the results in the February issue. (Identity of
> participants will be kept anonymous.)
>
> ==============================================================
>
> 2 / C O M P L I A N C E C O U N T D O W N : R E D U X
>
> On January 19, DHHS published an amended schedule for publication
> of (and compliance with) HIPAA Administrative Simplification
> Regulations. Length of delays ranges from as little as one month
> (Claims Attachments) to as much as six months (National Provider
> Identifier). Delay periods are noted in the new schedule, below:
>
> -- TRANSACTIONS/CODE SETS: FINAL 3/2000 (was 11/99);
> EFFECTIVE 5/2000; COMPLIANCE by 5/2002
>
> -- NATL PROVIDER IDENTIFIER: FINAL 6/2000 (was 12/99);
> EFFECTIVE 12/2000; COMPLIANCE by 12/2002
>
> -- NATL EMPLOYER IDENTIFIER: FINAL 3/2000 (was 12/99);
> EFFECTIVE 5/2000; COMPLIANCE by 5/2002
>
> -- SECURITY / ELECTRONIC SIGNATURE: FINAL 5/2000 (was 12/99);
> EFFECTIVE 7/2000; COMPLIANCE by 7/2002
>
> -- NATL HEALTH PLAN IDENTIFIER: FINAL 4/2001 (was 12/99);
> EFFECTIVE 6/2001; COMPLIANCE by 6/2003
>
> -- CLAIMS ATTACHMENTS: FINAL 10/2000 (was 9/2000);
> EFFECTIVE 12/2000; COMPLIANCE by 12/2002
>
> -- NATL INDIVIDUAL ID: On hold pending privacy regulations
>
> -- PRIVACY & CONFIDENTIALITY: COMMENT PERIOD on proposed rule
> extended to 2/17/2000. FINAL due 2/21/2000, but delay
> expected due to comment period extension.
>
> (Per DHHS, implementation of each regulation is required within
> two years of its effective date -- which is generally 60 days
> after its publication. However, the effective date for the
> National Provider Identifier is planned for no earlier than
> December, 2000, to allow time for DHHS to develop an
> implementation system.)
>
> DHHS' revised compliance schedule also may be accessed at the
> DHHS Administrative Simplification Site at:
> <http://aspe.hhs.gov/admnsimp>
>
> ==============================================================
>
> 3 / F I R S T S T E P S T O C O M P L I A N C E
>
> The impact of final HIPAA regulations and the scope of the work
> ahead have most experts in agreement: delays in final
> publication should not delay our preparations. The active dialog
> within our sister discussion list HIPAAlive, (subscribe at
> <http://www.healthexec.net/html/hipaalive.html>) offers clear
> (often colorful!) evidence that some have begun to prepare.
> But at several recent industry meetings many attendees have
> reported that in their organizations, no planning is underway,
> and/or their "management is clueless".
>
> What are industry members actually doing right now... and what
> SHOULD they be doing? Your "Member Survey: First Steps" should
> be in your e-mail box today. PLEASE CONTRIBUTE - THE GREATER THE
> INPUT, THE BETTER THE OUTPUT!
>
> ----------------------------------
>
> FIRST STEPS: HIPAAlert's CHECKLIST
>
> While our member survey is percolating, review (and act on!) our
> recommendations of first steps your organization should be taking
> NOW to get ready for HIPAA:
>
> -- Select a corporate HIPAA leader, and unless you're very small,
> a HIPAA team that includes key staff from your major departments.
>
> -- Make sure your leader - and at least one back-up team member -
> quickly become your internal experts on HIPAA and its
> implications. This should include tracking regulations and
> standards as they develop, and identifying evolving industry
> resources and approaches to compliance, typically through
> networking, industry seminars, and related publications. Plan
> on expending a lot of time and effort to get up to speed on
> HIPAA's complexities.
>
> -- Seek senior management buy-in early on, beginning with initial
> executive awareness sessions that summarize HIPAA and its likely
> impact on your organization. Follow up with regular reports on
> industry responses as well as your own internal HIPAA compliance
> progress.
>
> -- Send everyone with a need to know, the first two issues of
> HIPAAlert (including HIPAAprimer - Part 1 and 2), and suggest
> they subscribe. Compliance team members also should consider
> joining HIPAAlive, which is evolving into a great networking
> and problem-solving resource. Lurkers are welcome!
>
> -- Set up an education program for department heads, managers
> and other professional staff. For many, engaging outside
> consulting groups who have already developed in-depth HIPAA
> training programs may be the way to go.
>
> -- Pull out the systems inventory you developed for Y2K
> planning, determine who in the organization is responsible for
> each system, and get them into the HIPAA education loop. They
> also should begin considering how HIPAA's impact will affect
> the organization's system-related plans - and start putting
> system vendors on alert that HIPAA compliance will require
> vendor initiatives.
>
> -- Set up a Risk Assessment plan, or get an expert to develop
> one for you. This must include a gap analysis of your
> organization's current policies, procedures and systems in all
> facilities, relative to HIPAA's proposed regulations and
> standards. Though some regulations won't be finalized for a
> few months, most, according to DHHS, are not expected to depart
> significantly from the proposed rules.
>
> -- Begin executing your Risk Assessment plan, a process that
> is likely to take at least 30 to 120 man-days, depending on
> your organization's size and systems/procedures complexity.
> Remember, actual compliance implementation efforts will take
> many more months, and must be complete - for each final rule -
> within 24 months after its effective date.
>
> ==============================================================
>
> H I P A A l i n k s: R E G B Y R E G
>
> Several readers have asked, "Where can I go to get the best
> analyses of individual HIPAA rules?" Here's our recommendations,
> reg by reg:
>
> TRANSACTION and CODE SET STANDARDS
>
> > Summary and Introduction to Proposed Rules
> <http://aspe.os.dhhs.gov/admnsimp/nprm/tx00.htm>
>
> > EDI Implementation Guides
> <http://www.wpc-edi.com/HIPAA>
>
> > JHITA - Summary of Electronic Transactions
> <http://www.jhita.org/electric.htm>
>
> -----------------------------------
>
> SECURITY AND ELECTRONIC SIGNATURE
>
> > Security Rules - Summary and Introduction
> <http://aspe.os.dhhs.gov/admnsimp/nprm/sec00.htm>
>
> > A.F.E.H.C.T. - Security Articles
> <www.afehct.org/security.html>
>
> > HIPAA Security Accreditation - EHNAC
> <www.ehnac.org/SecurityAccreditation/Default.html>
>
> > JHITA - Summary of Security & Electronic Signature Standards
> <http://www.jhita.org/security.htm>
>
> -----------------------------------
>
> PRIVACY AND CONFIDENTIALITY
>
> > Privacy Rules - Summary and Introduction
> <http://aspe.os.dhhs.gov/admnsimp/nprm/pvc00.htm>
>
> > Privacy Rules by Section
> <http://aspe.os.dhhs.gov/admnsimp/nprm/pvclist.htm>
>
> > Privacy Rules - Definitions
> <http://aspe.os.dhhs.gov/admnsimp/nprm/pvc07.htm>
>
> > Health Privacy Project - Summary of Privacy Draft Proposal
> <http://www.healthprivacy.org/latest/RegSum.fin.html>
>
> > A.F.E.H.C.T. - Privacy Documents
> <www.afehct.org/PrivacyWorkGroup.html>
>
> -----------------------------------
>
> UNIQUE HEALTH IDENTIFIERS - NATIONAL PROVIDER IDENTIFIER
>
> > Proposed Rule
> <http://aspe.os.dhhs.gov/admnsimp/nprm/npi00.htm>
>
> > JHITA -- Summary of NPI
> <http://www.jhita.org/national.htm>
>
> > HCFA NPI Overview
> <http://www.hcfa.gov/stats/npi/overview.htm>
>
> -----------------------------------
>
> UNIQUE HEALTH IDENTIFIERS - NATIONAL EMPLOYER IDENTIFIER
>
> > Proposed Rule
> <http://aspe.os.dhhs.gov/admnsimp/nprm/emp00.htm>
>
> > JHITA - Summary of NEI
> <http://www.jhita.org/nstandard.htm>
>
> -----------------------------------
>
> UNIQUE HEALTH IDENTIFIERS - NATIONAL HEALTH PLAN IDENTIFIER
>
> > HCFA - National Health Plan Identifier Overview
> <http://www.hcfa.gov/hcfainit.htm
>
> -----------------------------------
>
> UNIQUE HEALTH IDENTIFIERS - INDIVIDUAL IDENTIFIER
>
> > JHITA Summary of Intent for Individual Identifier
> <http://www.jhita.org/identif.htm>
>
> ==============================================================
>
> BRING YOUR HIPAA QUESTIONS AND IDEAS TO LIFE AT...
>
> H I P A A l i v e!
>
> Join nearly 700 other thinkers, planners, learners and lurkers
> who are already members of our sister e-mail discussion list.
> We almost make HIPAA fun! Subscribe now at:
>
> <http://www.healthexec.net/html/hipaalive.html>
>
> COMMENTS? Email us at <mailto:[EMAIL PROTECTED]>
>
> ==============================================================
> Copyright 2000, Phoenix Health Systems, Inc. All Rights Reserved.
> <http://www.phoenixhealth.com>
>
>
>
>
> =============================
> FORWARD this posting to interested associates, who may subscribe free to
> HIPAAlert by visiting: <http://hipaalert.com>
> SUBSCRIBE ALSO to HIPAAlert's "sister" discussion list, "HIPAAlive" -- an
> interactive e-mail forum enabling
> members from across the health industry to share questions, answers,
> information and support on HIPAA compliance issues.
> For more information or to subscribe to HIPAAlive, click on:
> <http://www.healthexec.net/html/hipaalive.html>
>
> You are currently subscribed to hipaalert as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
> [EMAIL PROTECTED]
> To administer your account or view past messages, click on
> <http://lists.hipaalert.com/scripts/lyris.pl?enter=hipaalert>
>
> =============================
>
=======================================================================
To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
To subscribe, mailto:[EMAIL PROTECTED]
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
