HCCA HIPAA HCCA HIPAA Readiness Survey Readiness Survey Results Results Jody Noon Jody Noon Principal Principal Deloitte & Touche Deloitte & Touche Portland, OR Portland, OR November, November, 2002 2002 John Steiner Esq. John Steiner Esq. Chief Compliance Chief Compliance Officer Officer Cleveland Clinic Cleveland Clinic Foundation Foundation Cleveland, OH Cleveland, OH Debbie Troklus CHC Debbie Troklus CHC Asst. VP for Compliance Asst. VP for Compliance University of University of Louisville School of Louisville School of Medicine Medicine Louisville, KY Louisville, KY
HCCA HIPAA Readiness Survey Results. November, 2002. Jody Noon Principal Deloitte & Touche Portland, OR. Debbie Troklus CHC Asst. VP for Compliance University of Louisville School of Medicine Louisville, KY. John Steiner Esq. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Total Respondents: 289Total Respondents: 289Type of Health Care EntityType of Health Care Entity
7
26
56
7
33
412
Academic Med Center - 7% Health Care System - 26%Physician Practice/Group - 5% Health Plan - 6%Long Term Care - 7% Hospital -33%Clinic - 4% Other - 12%
20012001 20022002 Established HIPAA Task ForceEstablished HIPAA Task Force 87%87% 96%96% Designated Privacy OfficerDesignated Privacy Officer 73%73% 93%93% Designated Security OfficerDesignated Security Officer 57%57% 70%70% Assigned Privacy and Security responsibilities to Assigned Privacy and Security responsibilities to
one individualone individual 54%54% 43%43% Developed organization structure delineating Developed organization structure delineating
responsibilities for privacy and securityresponsibilities for privacy and security 37%37% 75%75% Developed cost estimates for privacy, security, Developed cost estimates for privacy, security,
and transaction requirementsand transaction requirements 30%30% 57%57%
20012001 20022002 Established security levels for Employees,Established security levels for Employees,
Medical Staff, and Business AssociatesMedical Staff, and Business Associates 25%25% 46%46% Determined your organization’s designationDetermined your organization’s designation
as a covered entity (OHCA, SACE, hybrid)as a covered entity (OHCA, SACE, hybrid) 75%75% 91%91% Developed an applications and data critical Developed an applications and data critical
analysis, a data backup plan, a disasteranalysis, a data backup plan, a disaster
recovery plan, and mode operationsrecovery plan, and mode operations 44%44% 55%55% Reviewed employee screening and backgroundReviewed employee screening and background
Business Associate AgreementsBusiness Associate Agreements30%30% 76%76%
Chain of Trust or Trading PartnerChain of Trust or Trading PartnerAgreementsAgreements 16%16% 33%33%
Consent formsConsent forms 32%32% 55%55%
Notice of privacy practicesNotice of privacy practices 29%29% 70%70%
HCCA HIPAA Readiness Survey ResultsHCCA HIPAA Readiness Survey Results HIPAA Policies and ProceduresHIPAA Policies and Procedures
20012001 20022002
Discipline for breaches of privacy principles Discipline for breaches of privacy principles
or securityor security 46%46% 68%68% Grievance policy for complaints and breaches Grievance policy for complaints and breaches
of confidentialityof confidentiality 40%40% 66%66% Patient access to recordsPatient access to records 47%47% 74%74% Access to “minimum necessary” informationAccess to “minimum necessary” information 21%21%
56%56% Disclosure of PHI through viewing, pagingDisclosure of PHI through viewing, paging
or other operational activitiesor other operational activities 19%19% 48%48%
HCCA HIPAA Readiness Survey ResultsHCCA HIPAA Readiness Survey Results HIPAA Policies and Procedures (cont’d)HIPAA Policies and Procedures (cont’d)
20012001 20022002
Verbal discussions of PHI by authorized Verbal discussions of PHI by authorized
personspersons 25%25% 55%55%
Disposal of PHI (paper, electronic, etc.)Disposal of PHI (paper, electronic, etc.)34%34% 65%65%
De-identification of PHIDe-identification of PHI 15%15%42%42%
20012001 20022002 Performed a “penetration analysis” to determinePerformed a “penetration analysis” to determine
where and how security breaches may occurwhere and how security breaches may occur24%24% 38%38%
Assessed the physical location and the type of Assessed the physical location and the type of
storage media to be used for all protected storage media to be used for all protected
health informationhealth information 25%25% 52%52% Addressed issue of authentication of users and Addressed issue of authentication of users and
receivers of health information (external and receivers of health information (external and
internal) and audit trailinternal) and audit trail 21%21%36%36%
HCCA HIPAA Readiness Survey ResultsHCCA HIPAA Readiness Survey Results HIPAA Standard Transactions and Code SetsHIPAA Standard Transactions and Code Sets
20012001 20022002
Identified all transaction standards and code setsIdentified all transaction standards and code sets56%56% 78%78%
Determined preparedness of trading partnersDetermined preparedness of trading partners 28%28%54%54%
Developed system for ongoing maintenance of Developed system for ongoing maintenance of
standard transactions and code setsstandard transactions and code sets25%25% 46%46%
Educated business office on standard transactionsEducated business office on standard transactions
and code setsand code sets 26%26%49%49%
Identified Electronic Data Interchange partnersIdentified Electronic Data Interchange partners43%43% 67%67%
HCCA HIPAA Readiness Survey ResultsHCCA HIPAA Readiness Survey Results Change in HIPAA Compliance Activities from 2001 to Change in HIPAA Compliance Activities from 2001 to