CORRECT ANSWERS TO THE HIPAA SURVEY
1. Stand where your patients check in. Do you see any protected health information (PHI) (address, phone, email, Social Security Numbers) anywhere on the desks, receptionist counter, computer monitors, or shelves?*
NO There should be no PHI available for other patients to see.
2. Walk around the office and look at every workstation. Are there sticky notes, notepads, calendars, etc. on or under monitors, keyboards, desks, or mouse pads with passwords, usernames, or PHI?*
NO There should be no passwords, usernames or PHI available for others to see.
3. Walk around the office and look at your empty workstations. Are there any computers that haven’t timed out/logged out?*
NO You are required to have unique passwords and user names for each employee and the computer they use should time out for inactivity.
4. Read through your policies and procedures. Do you have documentation of each employee’s HIPAA Privacy and Security training? *
YES You must train your staff initially upon hiring and regularly with all new HIPAA requirement changes and it must be documented.
5. When were employees last formally trained on HIPAA compliance?*
0 – 6 months There were new changes this year with HITECH and each of your employees must be trained on those changes.
6. Does your office have a designated HIPAA Privacy and Security Officer?*
YES They must be designated and trained. All patients and staff must be notified in writing of your HIPAA Privacy Officer and all staff must be notified of the HIPAA Security Officer.
7. Do you have a formal HIPAA Risk Analysis Report and Risk Management Plan?
YES This is required by law and required to attest YES to CR15 Meaningful Use, EHR
8. Do you have WRITTEN policies and procedures for HIPAA Privacy and HIPAA Security that includes all of the HITECH updates. Compliance required date September 23, 2013.*
YES You were required by law to have this in place for both HIPAA Privacy (April 14, 2003) and HIPAA Security (April 20, 2005) Changes that include the HITECH requirement (September 23, 2013.)
9. Do employees share login IDs or passwords? (e.g., all staff use the same login or password for computer, software, physical access)*
NO You are required to have unique passwords and user names for each employee. The number one cause of breech are your employees.
10. Ask an employee how they would dispose of documents containing PHI.*
SHRED OR BURN
11. If you have any personal mobile devices connected to your office network, is all the PHI encrypted? *
YES OR EVEN BETTER IS:
We do not have any personal mobile devices connected to office network OR any PHI information.
12. Do you have written non-compliance policy signed by each staff person?*
YES This is a HITECH requirement dated February, 2010.
13. Did you update your HIPAA Notice of Privacy Practices on September 23, 2013 that every current patient has signed?*
YES This is a HITECH requirement dated September 23, 2013
14. Did you update your HIPAA Business Associate Agreement on September 23, 2013 that every current business associate has signed?*
YES This is a HITECH requirement dated September 23, 2013
If you answer incorrectly to even one of the questions above you are not in compliance.
Contact us Today!
Powered by WishList Member - Membership Software
