| # |
Question |
Not
Started |
In
Process |
Completed |
|
Awareness & Education |
| 1 |
Has your organization had any
Awareness Education on HIPAA Regulations and Compliance? |
|
|
|
| 2 |
Do you monitor or receive
automated information regarding changes in HIPAA regulations
|
|
|
|
|
Project Planning |
| 3 |
Have you selected a Project
Manager and Project Team for your HIPAA Project? |
|
|
|
| 4 |
Have you created a Project
Plan? |
|
|
|
|
Electronic Transactions |
| 5 |
Have you applied for the ACSA
Electronic Transaction extension for your organization? |
|
|
|
| 6 |
Have you completed an inventory
of all information systems and work flow processes with regard
to Electronic Transactions? |
|
|
|
| 7 |
Have you compiled a list of
vendors, health plans, business associates and trading partners? |
|
|
|
| 8 |
Have you gathered, reviewed and
compared your current billing forms, policies, and procedures to
the HIPAA Electronic Claims Transaction and Code Set
regulations? |
|
|
|
|
Privacy |
| 9 |
Has your organization
designated an Information Privacy and Security Officer as
required by HIPAA? |
|
|
|
| 10 |
Have you developed a Notice of
Information Practices to post in your office and distribute to
each patient? |
|
|
|
| 11 |
Have you gathered, reviewed and
compared your current forms, policies, and procedures to the
HIPAA Privacy Regulations and State Privacy Regulations? |
|
|
|
| 12 |
Have you developed policies and
procedures that meet the needs of your Human Resources
Department with regard to Privacy requirements for the
protection of health information of your staff? |
|
|
|
| 13 |
Have you developed processes
for documenting, retaining, distributing and discarding
Protected Health Information (PHI) as required by HIPAA? |
|
|
|
| 14 |
Have you developed processes
for receiving, investigating and documenting individual
complaints? |
|
|
|
| 15 |
Have you developed or revised
current consent forms for patients in line with HIPAA
regulations? |
|
|
|
| 16 |
Do you have all forms that must
be read and signed by patients in languages appropriate to their
culture? |
|
|
|
|
Security |
| 17 |
Has your organization completed
a Security Evaluation on the information systems used in
conjunction with maintaining your current and future Protected
Health Information? |
|
|
|
| 18 |
Does your organization have
virus checking software, firewalls and operating systems that
provide encryption and other security measures? |
|
|
|
| 19 |
Does your organization perform
back-ups of your data daily? |
|
|
|
| 20 |
Does your organization have a
Disaster Recovery and Contingency Plan to meet the HIPAA
Security Standards? |
|
|
|
| 21 |
Has you organization developed
security policies and procedures with regard to confidentiality
statements, individually identifying information system users,
passwords, automatic logoff, acceptable use, e-mail, internet
usage, authentication of workstations, monitoring and
documenting unauthorized access, audit trails of users,
sanctions for misuse or disclosure and termination checklists? |
|
|
|
| 22 |
Has your organization provided
for the overall physical security of your information systems,
facility, staff, and medical records? |
|
|
|
| 23 |
Has your organization developed
job descriptions for HIPAA required positions and all other
positions in your organization? |
|
|
|
|
National Identifiers |
| 24 |
Have you located, printed and
read the Proposed Regulations for National Identifiers to
include National Provider Identifier and National Payer
Identifier, National Employer Identifier? |
|
|
|
|
General Information |
| 25 |
Have you developed a
comprehensive training program for your organizations staff
(both present and future) covering all HIPAA standards to
include responsibilities and penalties for non-compliance? |
|
|
|
| 26 |
Does your organization have a
Compliance Officer and General Compliance Plan to cover such
things as fraud and abuse, codes of conduct, whistle-blower
suits, auditing and monitoring, disciplinary standards and
personnel issues, responding to problems, investigations and
corrective actions? |
|
|
|
