HRSA HIPAA contacts
Jessica Townsend
Senior Staff Fellow
Office of Planning and Evaluation
301 443-0371 - Phone
jtownsend@hrsa.gov
Forrest W. Calico, MD, MPH
Health Systems Advisor
Office of Rural Health Policy
301 443-0614 – phone
fcalico@hrsa.gov
Shannon Dunne Faltens, JD
Public Health Analyst
DHHS/HRSA/Bureau of Primary Health Care
Office of Program & Policy Development
sfaltens@hrsa.gov
Ivana Williams
Senior Program Management Officer
Office of Policy and Program Development
HIV/AIDS Bureau
301-443-8364
iwilliams@hrsa.gov
[Top]
HIPAA Overviews, New and Useful Tools
HIPAA Security for HRSA Grantees:
A Practical Approach to Compliance
For those of you unable to tune into the April 6th the audio conference, and for those who would like to have colleagues hear it, an archive of the audio conference is now available though On Demand Audio Stream.
This program assists HRSA grantees in understanding and fully implementing the HIPAA Security regulation. Implementing the new HIPAA standard for Security can be a daunting task for medical clinic administrators. This easy-to-understand session discusses each of the major components of the regulation including administrative requirements, physical safeguards and technical measures. Included are helpful tools to develop and implement practical, cost-effective policies and procedures to comply with these federal mandates.
With Steven Lazarus, PhD, FHIMSS, from Boundary Information Group Inc., and Robert Tennant, MA from MGMA’s Government Affairs Department
Presented by MGMA and Sponsored by the Health Resources and Services Administration (HRSA)
To listen to the audio conference and download the handouts visit: http://www.mgma.com/special/grantee.cfm
If, after listening to the conference, you have questions, you can post your query on a special discussion board which has been set up for HRSA grantees. Questions will be answered by the MGMA faculty. The handout for the conference includes information on how to access the discussion board.
If you have difficulty in accessing this website, please call 1.877.275.6462 ext. 1875 for assistance
HIPAA Security Standards Final Rule Published - The final
Rule adopting HIPAA standards for the security of electronic health
information was published in the Federal Register on February
20, 2003. This final rule specifies a series of administrative,
technical, and physical security procedures for covered entities
to use to assure the confidentiality of electronic protected health
information. The standards are delineated into either required
or addressable implementation specifications. Click
here to view the Final Rule (PDF 914K).
Are you a covered entity under HIPAA? To find out use
the decision tools put out by CMS http://www.cms.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp
http://hhs.gov/ocr/hipaa
-- The Office of Civil Rights (OCR) is the Departmental component
responsible for implementing and enforcing the privacy regulation. Provides viewing of the Final Privacy Regulation in various formats and policy guidance. This site also provides the offical tools, helpful information and fact sheets, and helpful Frequently Asked Questions. It should be your starting place for privacy rule implementation.
For new Frequently Asked Questions and
facts about the modifications to the Privacy rule, use this link http://hhs.gov/ocr/hipaa/whatsnew.html.
Protecting Health Information Privacy and Complying with Federal Regulations A Resource Guide for HIV Services Providers and the Health Resources and Services Administration's HIV/AIDS Bureau Staff
http://hab.hrsa.gov/publications/hippa04.htm
http://cms.hhs.gov/hipaa
-- Centers for Medicare and Medicaid Services (formerly HCFA),
official HIPAA site. Provides general information on Administrative Simplification, the Transactions and Code Sets and Securities Rules, and HIPAA related information on Medicare and Medicaid.
Here is a document that will help the writer of a Notice
of Privacy Practices create a notice that does not require
a high literacy level. The document describes principles for writing
plain English, clear layout, and presentation. It also suggests
some easily understandable words and phrases that can be used.
A letter from the CMS Administrator to all providers explaining Transactions and Code Sets implementation: http://www.cms.gov/hipaa/hipaa2/Letter092203.pdf
Guidance from CMS on its approach to compliance
with the Standard Transactions and Code Sets. This also includes
ways in which entities can demonstrate good faith compliance.
http://www.cms.gov/hipaa/hipaa2/guidance-final.pdf
Below is a link to short internet videos developed by CMS on various aspects of implementing HIPAA.
http://www.eventstreams.com/cms/tm_001/launch.htm
http://www.samhsa.gov/hipaa/index.html
-- This site was developed by the Substance Abuse and Mental Health
Administration to provide information and assistance to grantees. In addition to providing an overview of HIPAA
it addresses some issues of importance to substance abuse and
mental health providers.
http://snip.wedi.org/public/articles/index.cfm?cat=9
(Not a Federal Government Site) -- This site was developed by
the Workgroup for Electronic Data Interchange-- Strategic National
Implementation Process. Succinct summary of the various parts of HIPAA.
[Top]
HRSA Bureaus and Offices
Protecting Health Information Privacy and Complying with Federal Regulations A Resource Guide for HIV Services Providers and the Health Resources and Services Administration's HIV/AIDS Bureau Staff http://hab.hrsa.gov/publications/hippa04.htm
http://bphc.hrsa.gov:80/hipaa/
-- Bureau of Primary Health Care. Site includes an example of a HIPAA specific
Risk Assessment Plan for Community Health Centers and what health
centers need to know about Transactions and Code Set Standards.
http://telehealth.hrsa.gov/pubs/hipaa.htm
-- Privacy Rule discussion and section section
on how HIPAA may affect Telemedicine providers.
[Top]
Compliance
http://hhs.gov/ocr/hipaa/contractprov.html
Sample Business Associate Contract Provisions from OCR.
www.hhs.gov/ocr/hipaa/finalmaster.html
-- OCR is responsible for enforcement of the privacy rule. Here is an excellent overview. Uses an easy to follow question and answer format
for providing guidance. Answers the “who, what, when…” of compliance issues.
http://sharpworkgroup.com/index.html
(Not a Federal Government Site) --
Southern HIPAA Administrative Regional Process. All-volunteer workgroup. Focused on regional coordination
for successful HIPAA compliance for all stakeholders in the southern
regional healthcare industry.
They have useful links and information on transactions,
code sets, identifiers and implementation assistance.
http://www.ama-assn.org/ama/pub/category/6438.html
(Not a Federal Government Site) -- AMA site. Guides the reader through
a compliance process. Physicians
are the target audience, but useful for clinics and others provider
groups.
http://www.hipaadvisory.com/regs/index.htm
(Not a Federal Government Site) -- Commercial resource sponsored
by Phoenix Health Systems. Site
has many useful links on compliance countdowns, privacy, tools
and commercial products. Daily updates on wide range of HIPAA issues.
www.nchica.org
(Not a Federal Government Site) -- The North Carolina
Healthcare Information and Communications Alliance. This site has HIPAA information including tools
(checklists, how to get started etc.) white papers, FAQs and resource
links. It also provides a job description for Privacy
Officer.
[Top]
Toolkits
and Checklists
http://snip.wedi.org/public/articles/index.cfm?Cat=17 (Not a Federal Government Site) -- Security
and Privacy White Papers developed by the Workgroup for Electronic
Data Interchange—Strategic National Implementation Process. Detailed discussion of implementation of privacy
and security provisions including immediate and longer terms steps
to take..
http://www.wpc-edi.com/hipaa/HIPAA_40.asp
(Not a Federal Government Site) -- Washington Publishing Company,
publisher of HIPAA implementation guides.
Guides may be purchased or downloaded for free in PDF format.
http://www.ama-assn.org/ama/pub/category/6698.html
(Not a Federal Government Site) -- AMA offers model forms: authorizations,
consent and Notice of Privacy Practices. Reproduction and use
of the forms by physicians and their staff is permitted. Any other
use, duplication or distribution of the forms by any other party requires the prior
written approval of the American Medical Association, Health Law
Department.
http://www.hospitalconnect.com/aha/key_issues/hipaa/index.html
(Not a Federal Government Site) -- Extensive
HIPAA information site. Offers model forms and documents, including
an Authorization Form and a Business Associate Agreement. Also provides discussions, articles, publications
and links.
Meetings, Conferences and Training Opportunities
www.sharpworkgroup.com/index.html
(Not a Federal Government Site) -- Lists various
conferences and meetings.
Public Health
