|
|
|
AAMC/UHC - Convergent Validity: A forum for AMC’s to Discuss HIPAA
Implementation
Agenda
November 12-13, 2002, Hilton San Francisco & Towers,
San Francisco, CA
Sponsored by the Association of American Medical Colleges and the
University HealthSystem Consortium
Tuesday, November 12
|
|
3:00 – 3:15p
|
Welcome/Overview
|
|
3:15 – 4:30p
|
HIPAA Planning
- How have academic health centers defined themselves for
purposes of HIPAA?
- How do we deal with the complexities of being an academic
health center and hybrid covered entity with multiple covered
functions?
- How have academic health centers identified risks? What
are the big ones?
- What have been the biggest challenges to developing an
Implementation Plan? Solutions?
- Identifying Role and Responsibilities of Privacy and
Security Officers
|
|
4:30 – 4:45p
|
Break
|
|
4:45 – 6:00p
|
HIPAA Implementation Plan
- Identifying and Documenting the Health Care Components:
What is a covered entity? What is not?
- Policy and Procedures Development: Cultural and Operational
Challenges in the Areas of Research, Education and Health
Care
- Training of the Workforce: Issues and Challenges
|
Wednesday, November 13
|
|
7:00 – 8:00a
|
Continental Breakfast
|
|
8:00 – 9:30a
|
Scenario Discussion: Sustaining the Education
Mission
- What does HIPAA say about using and disclosing PHI for
teaching purposes? What doesn't it say? What is workable?
- How do we operationalize fundraising? Does it require
cultural changes? Who do we need to educate?
- Marketing: How do we protect patient privacy and minimize
risks?
- Media Communications: Maintaining Visibility for Academic
Health Centers While Protecting Patient Privacy
|
|
9:30 – 9:45a
|
Break
|
|
9:45a - 12:00p
|
Scenario Discussion: Sustaining the Research Mission
- How does the covered entity resolve the expectation that
it will carry out its responsibilities as the "holder" of
PHI and sustain the research mission?
- When does a researcher's requested access to an individual's
health information fall within the scope of the Privacy
Rule? Who controls the access? Where are the risks to the
covered entity? The individual? What does the researcher
need to know?
- Education of the IRBs and Privacy Boards: what is the
responsibility of the covered academic medical center?
- What does HIPAA say about the transition period for Research
Studies?
- Tissue Banks and PHI: What do we do?
|
|
12:00 - 1:00p
|
Lunch
|
|
1:00 - 2:30p
|
Scenario Discussion: Maintaining Access to Care and Reducing
Operational Costs and Risks
- The Notice and Acknowledgement Process-expectations and
challenges?
- Educating the Workforce-What is required? Expected? Necessary
to provide for compliance?
- On the Front Line: Responding to Patient's Requests and
PHI Management, Documentation and Reporting-the unanswered
questions, problems, and resolutions.
|
|
2:30 –2:45p
|
Break
|
|
2:45 - 4:45p
|
Scenario Discussion: Realities of Running the Clinical
Enterprise
- How to secure the Electronic Health Record - Is it cost
or culture?.
- So You Have Polices and Procedures, Now What? - Implementing
and Enforcing Access and Audit Policies.
- Transactions and Code Sets Extension - What Does it Really
Mean?
|
|
4:45 - 5:00p
|
Summation of discussions and next steps: Did we achieve
convergent validity and on what issues? Where do we go from
here?
|
|
