|
#
|
Question
|
Not Started
|
In Process
|
Completed
|
|
Awareness & Education
|
|
1
|
Has your organization had any Awareness Education on HIPAA Regulations and Compliance?
|
|
|
|
|
2
|
Do you monitor or receive automated information regarding changes in HIPAA regulations
|
|
|
|
|
Project Planning
|
|
3
|
Have you selected a Project Manager and Project Team for your HIPAA Project?
|
|
|
|
|
4
|
Have you created a Project Plan?
|
|
|
|
|
Electronic Transactions
|
|
5
|
Have you applied for the ACSA Electronic Transaction extension for your organization?
|
|
|
|
|
6
|
Have you completed an inventory of all information systems and work flow processes with regard to Electronic Transactions?
|
|
|
|
|
7
|
Have you compiled a list of vendors, health plans, business associates and trading partners?
|
|
|
|
|
8
|
Have you gathered, reviewed and compared your current billing forms, policies, and procedures to the HIPAA Electronic Claims Transaction and Code Set regulations?
|
|
|
|
|
Privacy
|
|
9
|
Has your organization designated an Information Privacy and Security Officer as required by HIPAA?
|
|
|
|
|
10
|
Have you developed a Notice of Information Practices to post in your office and distribute to each patient?
|
|
|
|
|
11
|
Have you gathered, reviewed and compared your current forms, policies, and procedures to the HIPAA Privacy Regulations and State Privacy Regulations?
|
|
|
|
|
12
|
Have you developed policies and procedures that meet the needs of your Human Resources Department with regard to Privacy requirements for the protection of health information of your staff?
|
|
|
|
|
13
|
Have you developed processes for documenting, retaining, distributing and discarding Protected Health Information (PHI) as required by HIPAA?
|
|
|
|
|
14
|
Have you developed processes for receiving, investigating and documenting individual complaints?
|
|
|
|
|
15
|
Have you developed or revised current consent forms for patients in line with HIPAA regulations?
|
|
|
|
|
16
|
Do you have all forms that must be read and signed by patients in languages appropriate to their culture?
|
|
|
|
|
Security
|
|
17
|
Has your organization completed a Security Evaluation on the information systems used in conjunction with maintaining your current and future Protected Health Information?
|
|
|
|
|
18
|
Does your organization have virus checking software, firewalls and operating systems that provide encryption and other security measures?
|
|
|
|
|
19
|
Does your organization perform back-ups of your data daily?
|
|
|
|
|
20
|
Does your organization have a Disaster Recovery and Contingency Plan to meet the HIPAA Security Standards?
|
|
|
|
|
21
|
Has you organization developed security policies and procedures with regard to confidentiality statements, individually identifying information system users, passwords, automatic logoff, acceptable use, e-mail, internet usage, authentication of workstations, monitoring and documenting unauthorized access, audit trails of users, sanctions for misuse or disclosure and termination checklists?
|
|
|
|
|
22
|
Has your organization provided for the overall physical security of your information systems, facility, staff, and medical records?
|
|
|
|
|
23
|
Has your organization developed job descriptions for HIPAA required positions and all other positions in your organization?
|
|
|
|
|
National Identifiers
|
|
24
|
Have you located, printed and read the Proposed Regulations for National Identifiers to include National Provider Identifier and National Payer Identifier, National Employer Identifier?
|
|
|
|
|
General Information
|
|
25
|
Have you developed a comprehensive training program for your organizations staff (both present and future) covering all HIPAA standards to include responsibilities and penalties for non-compliance?
|
|
|
|
|
26
|
Does your organization have a Compliance Officer and General Compliance Plan to cover such things as fraud and abuse, codes of conduct, whistle-blower suits, auditing and monitoring, disciplinary standards and personnel issues, responding to problems, investigations and corrective actions?
|
|
|
|
