|
|
|
|
|
|
HIPAA Compliance Solutions > Free HIPAA Compliance Test
Free HIPAA Compliance Test
Below are 20 questions that will help assess the degree of your clinic’s compliance with HIPAA. Each question requires a Yes/No or True/False answer.
1. Yes or No: Our clinic prominently displays our Privacy Practice Notice in our clinic(s), or provides a copy to individuals, explaining how we use and disclose Protected Health Information (PHI), the individual’s rights and how to complain.
2. Yes or No: Our clinic keeps a complete HIPAA Policies and Procedures manual in the office, and includes the necessary forms.
3. Yes or No: Our clinic has a designated Privacy Official—I know who the person is and how to contact them.
4. Yes or No: Our clinic complies with the ‘Minimum Necessary’ provision of the Privacy Rule by meeting at least the minimum standards necessary for compliance.
5. Yes or No: Our clinic has requested and received written agreement (in the form of a Business Associate Contract/Agreement) from our outside billing company, IT support people, accountants, consultants, etc., that they will appropriately safeguard PHI.
6. Yes or No: New employees receive on-the-job training when necessary, so no formal training program is needed.
7. Yes or No: Once the requestor (of PHI) discloses that they are a close relative of the patient, it is now okay to release the patient’s PHI to them.
8. Yes or No: Our clinic receives a signed Authorization by our client (or their legal representative) before using or releasing any PHI if it is not covered in our Privacy Notice, other than for treatment, payment or health care operations.
9. Yes or No: At our clinic, we address complaints as they happen, based on our knowledge, experience and the specific circumstances. Once we have responded to the complaint (and complainant), our responsibility has been met.
10. True or False: Hypothetical example: one of your employees has failed to comply with your internal privacy-related policies and procedures for the 3rd time this month. To sufficiently comply with HIPAA, you must talk with the employee on each occasion and stress the importance of following your policies and procedures.
11. Yes or No: Our clinic has developed a formal Contingency Plan, complete with a Disaster Recovery Plan, Data Back-up Plan, Emergency Operating Plan and contact information, kept offsite and is readily available.
12. Yes or No: Our clinic has a designated Security Official—I know who this person is and how to contact them.
13. True or False: We keep paper records and do not use a computer record-keeping system. We send paper and or faxes to an outside billing service we have contracted with. We know the billing service transmits claims electronically, including ours. While the billing service must comply with HIPAA, we are exempt.
14. Yes or No: Our clinic uses HIPAA-compliant patient record-keeping software for scheduling, patient demographics and/or billing, etc. Each of our employees that utilizes it has a different (i.e., unique) user name and password. All transactions of data are encrypted (i.e., secure).
15. Yes or No: Before being donated, recycled or sold, we utilize the ‘file delete’ command to delete all files containing patient-related data to comply with HIPAA, regarding our old and obsolescent personal computers.
16. Yes or No: Our clinic makes available to authorized requestors, paper and/or electronic patient data for at least 6 years from when the data was created or last in-force.
17. True or False: Due to frequent changes in rules and operations, risk analysis and risk management is performed on an as-needed basis by the manager/owner of the clinic. No formal documentation is necessary, as change is so frequent.
18. True or False: If a business associate (e.g., IT support people) says they are HIPAA-compliant, you are not required to have a Business Associates Contract/Agreement with them.
19. Yes or No: Our clinic utilizes regular e-mail with patients to facilitate scheduling. Since no treatment-related or other sensitive information is discussed, no further security is required.
20. Yes or No: Each security incident, whether it be the discovery of a computer virus on a PC or unauthorized entry to an area containing PHI (or ePHI), is documented, including any necessary follow-up or changes. Our clinic has documented security procedures on hand.
Keep track of your answers and go to the HIPAA Compliance Test Answers page to see how well you did.
|
|
|
|
|
|
|
|
