HIPAA Case Study. Long Term Care (LTC) Industry. October 26, Presented by: James Pfeiffer Brian Zoeller

Similar documents
The New England Approach to HIPAA. John D. Halamka MD Chairman, New England Health EDI Network CIO, CareGroup Healthcare System

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Healthcare Information and Management Systems Society HIMSS. U.S. Healthcare Industry Quarterly HIPAA Compliance Survey Results: Summer 2002

Certification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption

Security and Privacy Governance Program Guidelines

Summary of Gartner COMPARE Survey of HIPAA Readiness Conducted Feb-March 2003

Audit and Compliance Committee - Agenda

HIPAA Implementation: Steps to Creating a Budget for HIPAA Compliance

Projecting and Budgeting Costs and Savings of HIPAA Compliance

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

The Next Frontier in Medical Device Security

MNsure Privacy Program Strategic Plan FY

Testing for Reliable and Dependable Health Information Exchange

October Broward County Government Human Services Department. Community Partnerships Division FY2015 Provider Information

Guidance for Exchange and Medicaid Information Technology (IT) Systems

NASCIO 2018 State IT Recognition Awards

The Vision Council Winds of Change

High Confidence Transportation Cyber-Physical Systems: Automotive, Aviation, and Rail

LEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce

4. ENCOUNTER DATA PROCESSING PROCEDURES A. General Information

Information Technology (CCHIT): Report on Activities and Progress

The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion.

ERO Enterprise Strategic Planning Redesign

HIPAA Compliance Strategies for IPAs and Medical Groups

CIMA Asia. Interactive Timetable Live Online

IEEE GDPR Implementation & NTC

FROM TACTIC TO STRATEGY:

San Francisco Housing Authority (SFHA) Leased Housing Programs October 2015

SME License Order Working Group Update - Webinar #3 Call in number:

INFORMATION TECHNOLOGY CYBERSECURITY CLOUD COMPUTING

Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

State of Florida Enterprise

Nigerian Telecommunications (Services) Sector Report Q3 2016

at Kaiser Permanente Mary Henderson HIPAA Program Director Kaiser Permanente

HPH SCC CYBERSECURITY WORKING GROUP

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions

CIMA Asia. Interactive Timetable Live Online

Managing Trust in e-health with Federated Identity Management

An Integrated Approach to Technology Risk Management and Compliance

Data Backup and Contingency Planning Procedure

NAC Institutional Committee Meeting

DOD Medical Device Cybersecurity Considerations

Gateway Transportation Collaboration Forum. 21/01/2015 Gateway Transportation Collaboration Forum 1

Welcome To The. Broward County Human Services Department. Community Partnerships Division FY2016 Provider Information Workshop

Competency Definition

Implementing and Enforcing the HIPAA Security Rule

UBS Data Center Efficiency Strategy

Bruno Leiniö Latin America Health Day

Modernizing Healthcare IT for the Data-driven Cognitive Era Storage and Software-Defined Infrastructure

Prior Authorization and Clinician Burden: Updates from ONC

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011

locuz.com SOC Services

NY DFS Cybersecurity Regulations August 8, 2017

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

MeHI Grantee Forum for Behavioral Health and Long-term and Post-acute Care eqip Grantees. December 9 th, 2015

Connected & Automated Vehicle Activities

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

IT Updates. Maryland Health Benefit Exchange Board Meeting April 15, Presented by: Isabel FitzGerald Secretary, DoIT

I. The Medical Technology Industry s Cybersecurity Efforts and Requirements

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

HIPAA Compliance is not a Cybersecurity Strategy

HCISPP HealthCare Information Security and Privacy Practitioner

San Francisco Department of Public Health. IT and Epic Project Update

Nigerian Telecommunications Sector

Response to CMS. WEDI Attachment Forum Questions. August 9th Attachment Standard

CIMA Certificate BA Interactive Timetable

NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015

Expanding Sleep Care Through Telemedicine

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Energy Step Code Implementation Strategy. March 26, 2018

Kindred Healthcare, Inc.

Medical Device Cybersecurity: FDA Perspective

ADB s Energy Program in Myanmar

APNIC History and Overview

Terms of Reference (ToR) for ICAT support to MRV in the Energy Sector in Kenya

Council, 8 February 2017 Information Technology Report Executive summary and recommendations

Countermeasures against Mobile spam

Cybersecurity is a Team Sport

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Pennsylvania s HIE Journey

INNOVATIONS CENTER. Fariz T. JAFAROV Director. e-gov Development Center of Azerbaijan

Real Estate Forecast 2015

WHO-ITU National ehealth Strategy Toolkit

ASC X12 Clearinghouse Caucus

Accelerate Your Enterprise Private Cloud Initiative

Organizational Privacy Transformation: A case study from Critical Issues to Award Winning Success

10th Maintenance Cost Conference Chairman s Report Athens Sept 10& Tiymor Kalimat Manager Technical Procurement Royal Jordanian Airlines

MHBE Compliance Program SECOND QUARTER FY 2019 REPORT. TO MHBE BOARD OF TRUSTEES January 22, 2019

Cloud Communications for Healthcare

2016 Survey: A Pulse on Mobility in Healthcare

Mobile Connect Driving Global Economic Growth Through Secure Mobile Identity

HIPAA Privacy, Security and Breach Notification

01.0 Policy Responsibilities and Oversight

Agency Information Collection Activities: Proposed Collection; Comment Request

Department of Justice Policing and Victim Services BUSINESS PLAN

Transcription:

HIPAA Case Study Long Term Care (LTC) Industry October 26, 2001 Presented by: James Pfeiffer Brian Zoeller

Overview LTC Industry Characteristics LTC HIPAA Compliance Issues Kindred Healthcare s HIPAA Compliance Efforts

LTC Industry Characteristics General Information LTC Companies Market Forces Resident Characteristics

General Information The Long Term Care (LTC) market is very dynamic and is rapidly growing. Demand will exceed supply as the population ages. Population Demographics (Census Bureau 1999) 30.3 M people ages 65-84, 4.1 M people ages 85 and older 43% of people over 65 require long-term care 60% of people over 85 require assisted daily living Facility Profile (OSCAR data as of March 2000) 17,086 licensed/certified nursing facilities 1,846,391 total nursing facility beds 55.4% facilities are multi-facility owned Full-time employee breakdown: 35.4 CNAs, 11.8 LPNs, 6.3 RNs

General Information (cont.) Average Resident Mix at CMS Standard Survey 8.7% Medicare (129,473) 67.7% Medicaid (1,011,327) 23.7% Other Payer (353,618) LTC Market Growth 15% compound annual growth $287 billion industry by 2005 14% of health care spending by 2005

LTC Companies Company Name Total # of Beds # of Nursing Facilities # of States Operating Revenue Net Income Beverly Enterprises 59,799 534 30 $2.6 B <$54 M> Mariner Post Acute Network 42,000 360 25 $2.1 B <$59 M> HCR Manorcare 41,821 298 32 $2.4 B $39 M Kindred Healthcare 40,189 319 32 $2.9 B <$54 M> Integrated Health Services 38,500 324 39 $1.4 B Not available Sun Healthcare 31,748 292 25 $2.5 B <$545 M> Genesis Healthcare 30,599 255 15 $2.4 B <$841 M> Life Care Centers 20,078 210 28 $1.2 B Not available Extendicare 17,495 171 15 $1.25 B <$39.5 M> Good Samaritan 16,346 200 25 $684 M Not available Total 2956 * Data from last available annual report as of 10/1/2001

Complex LTC Market Forces Government Regulation Changing reimbursement & regulations (e.g. PPS, MDS) Managing costs, outcomes Increased reporting & compliance measures State & Federal regulations differ within continuum Population Demographics Growth in aging population Increase in chronic care needs Expanding patient influence wealth insurance knowledge Care Delivery Higher acuity in lower cost setting Shift in focus from illness to wellness Availability of best practice protocols & outcomes Advances in medical technology Industry Rivalry Market attracting traditional Integrated Delivery Systems into LTC continuum Companies horizontally consolidating for economies of scale Companies vertically integrating to offer complete care continuum Trend toward strategic partnering Nursing Center Staffing Demographics High staff turnover rate Compensation rate at lower end of scale Educational requirements at lower end of the scale Managing Care Government sponsored managed Medicare & Medicaid Traditional managed care organizations beginning to cover LTC services Proliferation of new LTC insurance products Focus on outcomes, satisfaction & cost management

Resident Characteristics Vulnerable, Fragile People Communication Barriers Interaction with Staff Hospital Transfers

LTC HIPAA Compliance Issues Contrasting Principles Resident Information Flow LTC Specific Compliance Issues Industry Compliance Efforts

Contrasting Principles Fundamental tension between complex regulatory/legal rules and low tech/unsophisticated industry Although the regulations contemplate scalability, even simple technical solutions will be difficult in the low-tech LTC industry Current reimbursement levels do not provide the opportunity to employ sophisticated, highly-educated individuals to implement privacy and security standards

Resident and PHI Flow No coordinated movement of Residents or PHI across and between care delivery systems. Acute Care DRG Hospital LT Acute Care Hospital A n c i l l a r y Resident Home Nursing Centers Private Pay Medicaid S e r v i c e s Home Health Assisted Living Medicare Private Insurance Carrier

LTC Specific Compliance Issues Handling notice, consent and authorizations with our unique resident population Complying in a cost effective way since the move to standard transactions has little positive economic impact for us Implementing a consistent HIPAA program solution in a cost effective manner across hundreds of facilities, tens of thousands of employees, that are dispersed throughout numerous states/provinces across the U.S. Maintaining an ongoing HIPAA program in a cost effective manner that ensures continuing compliance in an environment characterized by: high staff turnover low salary staffing model complex regulatory scheme that involves numerous state and federal regulations and regulatory agencies

LTC Specific Compliance Issues (cont.) Minimum Data Set (MDS) implications Applying the HIPAA Business Associate Performing State Privacy Regulation Assessment and keeping it up to date Identifying what is reasonable for our industry as benchmark and for our organization

Industry Compliance Efforts In December 2000, a LTC Consortium was convened and the current membership includes: AMIHA - AHCA Sun Healthcare Group, Inc - Harborside Healthcare Beverly Enterprises Corporation Centennial Healthcare - HCR - ManorCare, Inc. Complete Care Services - Integrated Health Services Evergreen Healthcare - Kindred Healthcare Inc. Extendicare Health Facilities, Inc - Life Care Centers of Genesis America Good Samaritan Society - Mariner Post-Acute Network

Industry Compliance Efforts (cont.) LTC Consortium Overview: Description Representatives from most major Nursing Home chains Monthly conference calls Discuss current issues and areas of collaboration Goals Establish LTC Industry standards Influence legislative/regulation creation and interpretation Attain cost savings through joint efforts Product Helped draft Final Rule comments for AHCA Developed Privacy Gap Analysis Tool Securing a state law privacy analysis Beginning to share policy and procedures

Kindred Compliance Efforts Business Model Health Services Division HIPAA Program Structure HIPAA Program Timeline

Kindred s Business Model Caring for people who cannot care for themselves. We are a $3 billion longterm healthcare company. We deliver services through two Divisions, supported by the Corporate Office. Corporate Office Health Services Division Hospital Division Nursing Centers 319 facilities in 32 states Rehab 193 rehab contracts in 27 states Long Term Acute Care Hospitals 56 facilities & 2 vent units in 24 states Pharmacies 33 Institutional Pharmacies, & 6 Infusion Pharmacies in 21 States Sleep Cor 11 facilities with 52 contracts in 11 states Patients/Residents/Customers Page 17

Health Services Division Structure Health Services Division 319 Facilities Pacific Region Central Region South Region Northeast Region 6 Districts 9 Districts 8 Districts 6 Districts 75 Facilities 85 Facilities 94 Facilities 65 Facilities

Kindred s HIPAA Program Compliance Department Corporate Law Dept Information Systems Human Resources Executive Sponsor Executive Board HIPAA Advisory Committee Chair: Corporate Compliance Officer HIPAA Program Office HIPAA Program Director Privacy & Security Subcommittee Chair: HIPAA Program Director Hospital Project Office Nursing Ctr Project Office Pharmacy Project Office Corporate Office Project Office TCS Work group Privacy/ Security Work group TCS Work group Privacy/ Security Work group TCS Work group Privacy/ Security Work group TCS Work group Privacy/ Security Work group projects projects projects projects projects projects projects projects

HIPAA Program Timeline 2001 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC HIPAA Advisory Committee Formed Develop HIPAA Program Proposal HIPAA Program Proposal Approved HIPAA Educational Awareness Campaign HIPAA Program Planning Privacy & Security Subcommittee Formed Develop Program P & P s TCS Workgroup Formed Application Inventory, Assessment, Solution Definition IS Security Infrastructure Projects Defined Network equipment (firewalls); security software (certs, tokens); security P & P s 2002 HIPAA Budget & Project Plan Approved Program P & P s LOB Workgroups Formed Integrate P & P s into Op Manuals Independent P & P Review Defined Remediation Projects TCS Projects: Planning & Solution Design

HIPAA Program Timeline 2002 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC HIPAA Educational Awareness Campaign HIPAA Program Monitoring and 2003 Planning State Law Privacy Assessment HIPAA Program P & P Integration TCS Projects Phase Three: Implementation & EDI Testing with Intermediaries Updated Oper P & P Manuals Compliance Training Development HIPAA Compliant EDI s Deployment of HIPAA Compliant Solution 2003 HIPAA Budget &Project Plan Training Pilots Contract Inventory, Assessment, and BA Amendment Compliance Video, Oper Training, Preparedness Guide Security Certification Program Development HIPAA TCS Compliance Date IS Security Infrastructure Projects

HIPAA Program Timeline 2003 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC HIPAA Educational Awareness Campaign HIPAA Program Monitoring and 2004 Planning Ongoing State Privacy Reg Assessment HIPAA Program P & P Updates HIPAA Compliance Training Rollout HIPAA Security Certification Test HIPAA Privacy Compliance Date HIPAA Security Compliance Report Defined IS Security Remediation Projects IS Security Remediation Project Planning & Solution Design 2004 HIPAA Budget & Project Plan Approved IS Security Remediation Solution Design IS Security Remediation Solution Implementation IS Security Infrastructure Projects

Next Steps LTC Consortium compiling concerns for possible consideration in further HHS guidance and rule changes Kindred to finish program policies and procedures by end of year Kindred will continue internal education/awareness efforts

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback