Security and Privacy Workgroup
SMALL PRACTICEIMPLEMENTATION
WEDI/SNIP
Security and Privacy Workgroup
White Paper
Version 2.0 – Dated
April 2004
Security and Privacy Work Group
Background
uWhite Paper based on Final SecurityRule issued February 20, 2003
uWhite Paper for education andawareness use only
Security and Privacy Work Group
Background
uWhite paper intended for use by trusted entities– associations, consultants, and others – toinform small practices about HIPAA
uOutlines awareness campaign to enable smallpractices to come into compliance with SecurityRule
uTwo central goals:
–Present strategy to inform small practices aboutHIPAA Security Rule
–Give guidance to small practices to enable them tobecome compliant with Security Rule
Security and Privacy Work Group
Background
uImportant to keep in mind small practicesneed basics – not detailed discussion of themore esoteric points
–Practices want simple, straightforward, and, toextent possible, non-technical information
–Recommended non-technical language be usedand practices be encouraged to keepimplementation as simple as possible
–Technical language will make no sense to smallpractices
Security and Privacy Work Group
HIPAA and Small Practices
uHIPAA applies to small provider practice if thatpractice submits claims electronically eitherdirectly or through a billing service or“clearinghouse”
uDoes not apply to practice that does not submitany standard transactions electronically
uASCA requires submission of electronic claimsto Medicare, except if small practice with lessthan 10 full-time equivalent employees
Security and Privacy Work Group
Initial Information
uVersion 1.0 of white paper reviews SecurityRule in detail – specification by specification
uTranslates rule into language understandableby small practices
uProvides specific guidance on how to proceedin more complex areas
–Future versions will provide more specificguidance as industry consensus starts tocontinues to take shape around these issues
Security and Privacy Work Group
Specific Requirements
uWhite paper reviews each requirement ofSecurity Rule
uAddresses administrative, physical, andtechnical security separately
uProvides initial guidance on each of the 18security “standards” in rule
uProvides initial guidance on each of the 36“implementation specifications” in rule
Security and Privacy Work Group
Future Direction
uFuture versions of white paper will providemore specific information regarding how toapproach and implement each standard andimplementation specification
uWhere appropriate, templates and otherdocuments may be developed, similar toWEDI/SNIP Small Practice PrivacyImplementation White Paper
Security and Privacy Work Group
Conclusion
uTask of ensuring small practices come intocompliance significant
uRequires concerted effort by many individualsand organizations
uWhite paper provides road map for trustedsources to provide consistent information
uInformation in white paper can be used bytrusted sources to design specific guidance fortheir small practices
Security and Privacy Work Group
White Paper
uMuch more depth and guidance in WhitePaper
uDownload White Paper at snip.wedi.org
–Go to Workgroups, Security and Privacy,White Papers
uIf you have questions, contact the Securityand Privacy Workgroup at snip@wedi.org
Security and Privacy Work Group
Acknowledgements
uWEDI/SNIP thanks the following individualfor preparing this presentation: