HIPAA INTERNET REFERENCE & RESOURCE GUIDE
Regulations and Implementation Guides
Centers for Medicare & Medicaid Services (CMS)
Data Standards Maintenance Organizations (DSMOs), as defined by HIPAA
American Standards Committee (ASC) X12
National Council for Prescription Drug Programs (NCPDP)
National Uniform Billing Committee (NUBC)
National Uniform Claim Committee (NUCC)
American Dental Association (ADA)
Official DSMO Change Request System and FAQs
Advisory Body to HHS Secretary
National Committee on Vital and Health Statistics (NCVHS)
HIPAA Implementation and Advocacy Groups
Workgroup for Electronic Data Interchange (WEDI)
WEDI Strategic National Implementation Process (SNIP)
Association For Electronic Health Care Transactions (AFEHCT)
Joint Healthcare Information Technology Alliance (JHITA)
Trade Groups / Societies
Healthcare
Information Management Systems Society (HIMSS)
HIMSS members are responsible for developing many of today's key innovations
in healthcare delivery and administration, including telemedicine, computer-based
patient records, community health information networks, and portable/wireless
healthcare computing
National Managed Health Care Congress (NMHCC)
Healthcare Financial
Management Association (HFMA)
HFMA is the nation’s leading personal membership organization for
healthcare financial management professionals. HFMA is comprised of about
32,000 members employed by hospitals, integrated delivery systems, long-term
and ambulatory care facilities, managed care organizations, medical group
practices, public accounting and consulting firms, insurance companies,
government agencies and other healthcare organizations.
American Health
Information Management Association (AHIMA)
The American Health Information Management Association is the community
of professionals engaged in health information management, providing support
to members and strengthening the industry and profession.
College of
Healthcare Information Management Executives (CHIME)
To serve the professional needs of healthcare Chief Information Officers;
and to advance the strategic application of information technology in
innovative ways aimed at improving the effectiveness of healthcare delivery.
Medical Group
Management Association (MGMA)
The Medical Group Management Association (MGMA), founded in 1926, is the
nation's principal voice for medical group practice. MGMA's 19,000 members
manage and lead more than 10,200 organizations in which more than 200,000
physicians practice. MGMA leads the profession and assists members through
information, education, networking and advocacy.
American College
of Healthcare Executives (ACHE)
The American College of Healthcare Executives is an international professional
society of nearly 30,000 healthcare executives. ACHE is known for its
prestigious credentialing and educational programs. ACHE’s annual
Congress on Healthcare Management draws more than 4,000 participants each
year. ACHE is also known for its journal, Journal of Healthcare Management,
and magazine, Healthcare Executive, as well as ground-breaking research
and career development and public policy programs. ACHE’s publishing
division, Health Administration Press, is a major publisher of books and
journals on all aspects of health services management in addition to textbooks
for use in college and university courses. Through its efforts, ACHE works
toward its goal of improving the health status of society by advancing
healthcare leadership and management excellence.
American Medical
Informatics Association (AMIA)
AMIA was formed in 1990 by the merger of three organizations - the American
Association for Medical Systems and Informatics (AAMSI), the American
College of Medical Informatics (ACMI), and the Symposium on Computer Applications
in Medical Care (SCAMC). The 3,200 members of AMIA include physicians,
nurses, computer and information scientists, biomedical engineers, medical
librarians, and academic researchers and educators. AMIA is the official
United States representative organization to the International
Medical Informatics Association.
National Health Care Accrediting Bodies
Electronic Healthcare Network Accreditation Commission (EHNAC)
National Committee for Quality Assurance (NCQA)
Joint Commission on Accreditation of Healthcare Organization (JCAHO)
Regional HIPAA Implementation Efforts
California Information Exchange
MHDA - Massachusetts Health Data Consortium
NCHICA - North Carolina Healthcare Information & Communications Alliance, Inc.
UHIN – Utah Health Information Network
HHIC - Hawaii Health Information Corporation
CHITA – Community Health Information Technology Alliance
VENDORS
Assessment tools
http://www.privaplan.com
PrivaPlan HIPAA Privacy and Security Resource Kit Description
This is what you get with PrivaPlan:
- PrivaPlan Stat - the ten "first, fast and easy" steps toward total HIPAA compliance.
- Customizable template documents: Authorization Form, Business Associate Agreement, Chain of Trust Agreement, Complaint Form, Confidential Channel Communications Request, Consent Form, Designation of Personal Representative, Notice of Privacy Practices, Request for Amendment, Request for Disclosure Accounting, Request for Inspection.
- Project Plans in Microsoft Project 2000 or HTML format.
- Formatted and annotated reference material.
- List of 160 "compliance criteria."
- "How-to" guidance.
- Customizable training materials.
http://www.hipaamonitor.com
FlexTech, Inc. understands the operational issues the healthcare industry
will face to comply with HIPAA regulations governing EDI, data security
and privacy. We know that a dedicated, informed and educated staff is
needed to establish compliance with these requirements. It is important
that an organization be prepared to address the HIPAA issues that are
unique to each of its lines of business. This is why FlexTech developed
HIPAA Monitor. HIPAA Monitor is an affordable web-based assessment tool
capable of performing the most comprehensive measurement of HIPAA risk
available. It supports managed care organizations, hospitals, medical
groups, physicians and their related business associates.
Mission
CPRI-HOST provides vision and leadership to promote the universal and
effective use of electronic health care information systems to improve
health and the delivery of health care.
Area of concentration
CPRI-HOST expanded from computer based patient records to health care
information systems to keep pace with changing technology, broaden its
influence and expand its membership base
http://www.privacysecuritynetwork.com/healthcare/
http://www.healthcaresecurity.org/
The Forum on Privacy and Security in Healthcare is a HOST-affiliated,
industry group working with the National Information Assurance Partnership
(NIAP), a government agency, to provide a wide-based industry view on
security issues confronting healthcare.
Forum goals
- Provide an environment for the many efforts in security standards to share technology progress and developments;
- Demonstrate the application of the Common Criteria (an ISO standard) paradigm as a way of mapping healthcare IT security policy to technology requirements, measurement and compliance;
- Provide input for further development on Protection Profiles [Common Criteria specifications activity]
- Provide a coherent voice on the technology issues of privacy, confidentiality and security to the industry and the public.
http://www.smed.com/hipaa/index.php
http://hipaa.wpc-edi.com/HIPAA_40.asp
http://www.smed.com/hipaa/news.php
Testing
http://www.authentor.com/home/index.asp
Netegrity's SiteMinder enables enterprises to centrally manage user-identity
and entitlement information and to share this information across all Web
applications, greatly reducing the cost and complexity of administering
these sites. Its platform of shared services is managed through a rules-based
policy engine, which enables administrators to define policies and deliver
services such as single sign-on, authentication management, entitlement
management and auditing.
SmartPath's authentication engine incorporates usage dynamics, a process based on predictive behavior modeling that the financial sector has used for more than 20 years to detect credit-card fraud. SmartPath determines the appropriate level of authentication for each individual user based on the consistency of his or her behavior, the presence of suspicious behavior and the security policy set by the administrator to match a risk/value profile assigned to a protected resource. With the integration of SmartPath with SiteMinder, Netegrity's customers can transparently strengthen authentication, detect potentially suspicious access, prevent fraudulent access and adapt to new threats to their Web sites.
http://McAfeeEPolicy.zzz4.net
The single most important element needed to properly defend your network
tools are doing. McAfee's ePolicy Orchestrator 2.0 does just that, offering
multi-vendor, enterprise-wide visibility. This includes the capability
of reporting on Symantec desktop products. In addition to generating detailed
graphical reports on all anti-virus products, ePolicy Orchestrator 2.0
allows administrators to manage policies on and deploy all McAfee anti-virus
products.
PUBLICATIONS
http://www.aishealth.com/Products/HIPAAGuideESC0502.html
HIPAA Patient Privacy Compliance Guide will energize
and enlighten your HIPAA compliance efforts with practical guidance and
how-to tools from many of the nation's top HIPAA lawyers, consultants,
and health care managers. (See list of authors in the Table of Contents
below)
The guide —which is updated quarterly with new and revised chapters and case studies — identifies 14 of the most complex and troublesome areas of your HIPAA compliance (see Table of Contents below) and addresses each with easy-to-understand summaries of HIPAA requirements. It's packed with sample forms, notices, waivers, checklists, decision trees, procedures, contract language, timelines, and other practical tools.
HIPAA Article Index
http://www.healthcare-informatics.com/ontopic/hipaa/hcionhipaa.htm
HIPAA White Papers
http://snip.wedi.org/public/articles/index.cfm?cat=6
http://snip.wedi.org/public/articles/index.cfm?Cat=48
http://www.hipaadvisory.com/regs/index.htm
http://www.ahima.org/infocenter/models/PrivacyOfficer2001.htm
http://www.hospitalconnect.com/aha/key_issues/hipaa/index.html
http://snip.wedi.org/public/articles/index.cfm?cat=9
The
American Health Information Management Association
Provides a HIPAA checklist; 1999
The American Hospital
Association (AHA)
HIPAA news and events
American
National Standards Institute (ANSI)
ANSI standards information and HIPAA-related articles
American Society
for Testing and Materials (ASTM)
Information on national and global standards
ASC X12
X12, EDI, and subcommittee/task group information
The Biometric
Consortium
Biometric-based technology research for U.S. Government
Bio1.com
Information about biometric vendors, products and applications
Department
of Health and Human Services (DHHS)
Milestones and NPRM schedule and deadlines
Department
of Health and Human Services (DHHS)
Official DHHS proposed privacy regulations document
Electronic Healthcare
Network Accreditation Commission (EHNAC)
HIPAA security accreditation
Forum
for Privacy and Security in Healthcare
A HOST-affiliated, industry group working with the National Information
Assurance Partnership (NIAP) to provide a wide-based industry view on
healthcare security
Health
Care Financing Administration (HCFA)
HCFA Internet policy
International
Biometric Industry Association
Trade association to advance and support international interests of the
biometrics industry
Joint Healthcare
Information Technology Alliance (JHITA)
HIPAA news and events
National Council
for Prescription Drug Programs (NCPDP)
NCPDP standards for HIPAA
PKI World Interoperability Alliance
THOMAS
Official version of the Public Law, Number 104-191 (104th Congress)
Workgroup for
Electronic Data Interchange (WEDI)
HIPAA security summit guidelines
The
Workgroup for Electronic Data Interchange's Virtual Resource Center
Includes a glossary of HIPAA-related terms
WPC
Healthcare Provider Taxonomy
X12N Taxonomy code sets