HIPAA regulations apply to all UNMC, NHS, UMA employees

Sharon Welna and Sheila Wrobel face a daunting task.

Together, they are combing the 169-page Health Insurance Portability and Accountability Act of 1996 (HIPAA) to ensure that UNMC, NHS and UMA complies with the federal regulations that govern privacy, security and electronic transactions standards for health care information.

In addition, they are sorting through 588 pages of final and proposed regulations in order to implement the law on campus.

"As health care providers we've always had a responsibility to protect patient information," Welna said. "HIPAA just takes it to another level. Our goal is to establish a culture of privacy and security through training, a communication strategy and policies/procedures which comply with HIPAA guidelines."

The U.S. Department of Heath and Human Services has published final regulations related to electronic transactions and privacy. Other final and proposed regulations are expected this year. Together, the regulations will require major changes in how health care organizations handle all facets of information management, including reimbursement, coding, security, and patient records.

In short, HIPAA is the privacy policy for patients and their records. Under HIPAA, privacy regulations must be in place by April 14, 2003. Electronic transactions and code sets must be in place by Oct. 16, 2002 -- unless health centers apply for a one-year extension. UNMC, NHS and UMA will apply for the extension, Wrobel said.

Coordinating a campus approach

The hiring of Welna and Wrobel provides an affiliated campus approach for UNMC, NHS and UMA, which campus leaders deemed critical given the interaction between NHS, UMA clinics and UNMC research efforts. HIPAA regulations require each organization to have a designated privacy officer.

Welna joined UNMC March 1 after 23 years at St. Joseph Hospital, most recently as chief information officer. She serves as information security officer and is the associate director for Information Systems Compliance and Project Planning.

An attorney, Wrobel joined NHS on April 29 after working four years at Jennie Edmundson Hospital in Council Bluffs in the areas of legal support, risk management, compliance and HIPAA implementation.

HIPAA impacts all

Contrary to belief, HIPAA regulations apply to the entire UNMC, NHS and UMA workforce, even those who do not work directly with patients.

"Anyone who has access to a patient's name or information about a diagnosis has a duty to protect that data," Wrobel said. "Patients put a lot of trust into us and we have to maintain that."

Welna agreed. "We have to continue our mission of teaching and research, but we have to ensure that we do that when the patient has given us permission."

Many of the necessary practices are in place, they said, but not the policies and procedures to prove compliance.

With the help of a training video, Welna and Wrobel will provide basic HIPAA training for all employees, volunteers, students and residents later this year. The two also are working to implement the basics of HIPAA into UNMC's educational curriculum, as well as into employee orientation sessions at UNMC, UMA and NHS.

Campus involvement

Given HIPAA's complexity and size, more than 50 UNMC, NHS and UMA employees are involved in helping Welna and Wrobel meet their goals. The executive committee consists of James Campbell, David Crouse, Bill Dinsmoor, Don Leuenberger, Ernie Prentice, Cory Shaw and Steve Smith. The program management office of Yvette Holly, Cindy Owen, Welna and Wrobel will be responsible for coordinating all facets of the project.

HIPAA, Welna said, is similar to the Golden Rule. "Employees need to treat all health information they come into contact with the way they'd like their information to be treated."

For more information

For more information on HIPAA compliance, contact Welna (Computing Service Building, second floor) at 559-2545 or swelna@unmc.edu or Wrobel (Kiewit Tower, third floor) at 559-6767 or swrobel@nhsnet.org.

For more information on HIPAA, including a list of HIPAA links, visit the Nebraska Strategic National Implementation Process (SNIP) Web site at http://www.nesnip.org.

Photos: Left, Sharon Welna; Right, Sheila Wrobel.