Business Continuity Planning and HIPAA: Business Continuity Management in the Health Care Environment [Paperback]

James C. Barnes (Author), Philip Jan Rothstein (Editor), Deborah Barnes (Editor)

Book Description

Publication Date: August 2004

This book examines business continuity planning as adapted to encompass the requirements of The Health Care Portability and Accountability Act of 1996, or HIPAA. We examine the typical business continuity planning model and highlight how the special requirements of HIPAA have shifted the emphasis. The layout of this book was designed to afford assistance, hints, and templates to the person charged with the task of implementing business continuity planning into a healthcare organization.

You will notice that this book does not address Emergency Management (building evacuations and other immediate response procedures) because this is outside the scope of the HIPAA regulations.

Upon reading and re-reading the HIPAA regulations and the "Comments and Responses" in the federal register, it becomes quite evident that the "Contingency Plan" (read Business Continuity Plan) requirements were written by those looking to protect health information data. That being said, many of the examples that I use in this book relate to information technology and disaster recovery (recovery of computer capabili-ties). What is also important, and that I try to emphasize throughout the book, is that recovering the com-puter systems of a health care organization will not necessarily get it operational again after a disaster; a multitude of other production components must be present in order to deliver services and products to customers/patients. Where appropriate, I have identified procedures and strategies that are unique to healthcare provider organizations. If not so indicated, it can be assumed that I am referring to healthcare organizations in general.

The audience for whom I have designed this book are the people who are responsible for implementing a plan in a healthcare organization that comes under the scope of the HIPAA regulations. At first reading, the book may appear to be an exact template to be used to design a business continuity plan. What I hope that you will get out of the book (perhaps on a reread once you are into the planning project) is that this is a pencil outline on a canvas and that your insights and knowledge of your healthcare organization will add the color that will make it a masterpiece.

What you will notice in this book is that we present an approach that is similar to traditional business continuity planning. This is done purposefully. The basic business continuity planning model looks to protect and/or recover all critical components of production. This model assumes an industry-specific nature not by changing the model itself, but by placing greater emphasis on the protection and recovery of those production resources that characterize that industry. In our view, "thinking outside the box" is only required if the box was ill-conceived in the first place.

This book includes the special precautions and procedures that address the unique concerns of HIPAA, but it will present them along with the other business components in order to emphasis the need to take a holistic approach when constructing and maintaining a business continuity plan.

Editorial Reviews

Review

"'must read' for all business continuity practitioners in the healthcare field... Thorough research, clear guidelines... a wealth of templates, samples." -- Endorsed by The Business Continuity Institute (BCI)

"...helps healthcare professionals crystallize ways companies comply with HIPAA. structured approach, easy to follow, conforms to best practices and standards." -- Endorsed by Disaster Recovery Institute International (DRII)

From the Inside Flap

"On August 21, 1996 the Health Insurance Portability & Accountability Act (HIPAA) became a law. The purpose of this act is to provide US citizens with better access to health insurance, limit fraud, and reduce healthcare companies' administrative costs. At the highest level, HIPAA is a set of government-mandated standards for business to business healthcare e-commerce. It mandates standard electronic transactions with standard code sets using standard identifiers in a secure environment.

"HIPAA is the result of the convergence of healthcare cost pressures, available web technologies, and growing demands by consumers. By enacting this legislation, congress has established a standard basis or framework for the healthcare industry to embrace the economies of e-business.

"Within HIPAA are five primary components identified as Titles I, II, III, IV, and V. Title II, or Administrative Simplification, is the component of HIPAA containing, among other elements, the requirement for business continuity planning. The breakdown of the HIPAA components is as follows:

- Title I guarantees health insurance access, portability, and renewal. It eliminates some pre-existing condition exclusions. It prohibits discrimination based on heath status. It guarantees coverage renewal.

- Title II prevents health care fraud and abuse, promoting administrative simplification. Within Title II are fraud and abuse controls, procedures for administrative simplification, and medical liability reform.

- Title III addresses medical savings accounts and health insurance tax deductions for self-employed individuals.

- Title IV provides for the enforcement of group health plan provisions.

- Title V addresses revenue offset provisions.

What has caused HIPAA to occur at this point in time? In 1991, it was estimated that one quarter of the total cost of healthcare was attributable to the cost of administration.

In 1995, over 5 billion claims a year were filed in the US with less than 20% submitted electronically. Over 400 different formats are used to file electronic claims. By streamlining this process, it is estimated that $9 billion annually could be saved without impacting the quality of care. The time had come when these economic forces could not be ignored.

HIPAA is the most sweeping legislation to affect the health care industry in over 30 years. It is anticipated that large health plans will have to spend $50 to $200 million to become HIPAA compliant. Nearly everyone in healthcare will need to comply: payers, employers, providers, clearinghouses, healthcare information systems vendors, billing agents, and service healthcare organizations.

Who is affected? The answer is health plans, providers, health care clearing houses, and some others. Health plans include individual or group plans that provide or pay the cost of medical care. It also includes employers who self-insure. Providers include a provider of medical or other health services and any other person furnishing health care services or supplies. Health care clearing houses are public or private entities that process or facilitate the processing of nonstandard data elements of health information into standard data elements. Finally, the "other" category which includes employers who want to do data mining and pharmaceutical companies that conduct clinical research."

See all Editorial Reviews

Product Details

• Paperback: 240 pages
• Publisher: Rothstein Associates Inc. (August 2004)
• ISBN-10: 1931332258
• ISBN-13: 978-1931332255
• Product Dimensions: 10.9 x 8.4 x 0.6 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #1,993,090 in Books (See Top 100 in Books)

More About the Author

Authored 3 books on business continuity planning (under James C Barnes) and wrote 3 articles for Disaster Recovery Journal. Worked as a consultant(Deloitte, PricewaterhouseCoopers, Sungard) and head of large corporate business continuity departments.

Was a Captain in the US Air Force from 1967 to 1973. Was Minuteman Combat Crew Commander in Strategic Air Command. In the service I receive a Masters Degree in Economics.