170 likes | 269 Views
HCCA HIPAA Readiness Survey Results. November, 2002. Jody Noon Principal Deloitte & Touche Portland, OR. Debbie Troklus CHC Asst. VP for Compliance University of Louisville School of Medicine Louisville, KY. John Steiner Esq.
E N D
HCCA HIPAA Readiness Survey Results November, 2002 Jody Noon Principal Deloitte & Touche Portland, OR Debbie Troklus CHC Asst. VP for Compliance University of Louisville School of MedicineLouisville, KY John Steiner Esq. Chief Compliance OfficerCleveland Clinic FoundationCleveland, OH
HCCA HIPAA Readiness Survey ResultsSurvey DemographicsTotal Respondents: 289 Type of Health Care Entity
HCCA HIPAA Readiness Survey ResultsSurvey Demographics (Cont’d)Corporate Status
HCCA HIPPA Readiness Survey ResultsSurvey Demographics (cont’d)289 Total Respondents Facility Location • 37% Urban • 29% Suburban • 18% Rural • 16% N/A or Other Bed Size • 1% < 100 • 34% 101 – 500 • 11% 501 – 1000 • 1% 1001 – 5000 • 53% N/A or Other
Board of Directors 60% 1-2 hours 10% 3-5 hours 6% more than 5 hrs 20% None 4% N/A Executive Staff 36% 1-2 hours 33% 3-5 hours 26% more than 5 hrs 4% None 1% N/A Medical Staff 49%1-2 hours 10%3-5 hours 6% more than 5 hrs 25% None 10% N/A Staff 54% 1-2 hours 14% 3-5 hours 10% more than 5 hrs 20% None 1% N/A HCCA HIPAA Readiness Survey ResultsEducationTo date, how much classroom time has been spent on HIPAA education for the following?
HCCA HIPAA Readiness Survey ResultsHIPAA Planning 20012002 • Established HIPAA Task Force 87%96% • Designated Privacy Officer 73%93% • Designated Security Officer 57%70% • Assigned Privacy and Security responsibilities to one individual 54%43% • Developed organization structure delineating responsibilities for privacy and security 37%75% • Developed cost estimates for privacy, security, and transaction requirements 30%57%
HCCA HIPAA Readiness Survey ResultsHIPAA Assessment Inventories Completed20012002 • Contracts and Agreements 41%77% • Persons/entities that share electronic health information 44%79% • Qualified Business Associates 55% 70% • Relationships that may require Chain of Trust or Trading Partner Agreements 28%51% • Consent forms41%61%
HCCA HIPAA Readiness Survey ResultsHIPAA Implementation 20012002 • Established security levels for Employees, Medical Staff, and Business Associates 25%46% • Determined your organization’s designation as a covered entity (OHCA, SACE, hybrid) 75%91% • Developed an applications and data critical analysis, a data backup plan, a disaster recovery plan, and mode operations 44%55% • Reviewed employee screening and background checking practices 60%78%
HCCA HIPAA Readiness Survey ResultsHIPAA Implementation Forms Developed20012002 • Business Associate Agreements 30%76% • Chain of Trust or Trading Partner Agreements 16%33% • Consent forms 32%55% • Notice of privacy practices 29%70%
HCCA HIPAA Readiness Survey ResultsHIPAA Policies and Procedures 20012002 • Discipline for breaches of privacy principles or security 46%68% • Grievance policy for complaints and breaches of confidentiality 40%66% • Patient access to records 47%74% • Access to “minimum necessary” information 21%56% • Disclosure of PHI through viewing, paging or other operational activities 19%48%
HCCA HIPAA Readiness Survey ResultsHIPAA Policies and Procedures (cont’d) 20012002 • Verbal discussions of PHI by authorized persons 25%55% • Disposal of PHI (paper, electronic, etc.) 34%65% • De-identification of PHI 15%42% • Encryption of PHI 14%28%
HCCA HIPAA Readiness Survey ResultsHIPAA Assessment - Security 20012002 • Performed a “penetration analysis” to determine where and how security breaches may occur 24%38% • Assessed the physical location and the type of storage media to be used for all protected health information 25%52% • Addressed issue of authentication of users and receivers of health information (external and internal) and audit trail 21%36%
HCCA HIPAA Readiness Survey ResultsHIPAA Standard Transactions and Code Sets 20012002 • Identified all transaction standards and code sets 56%78% • Determined preparedness of trading partners 28%54% • Developed system for ongoing maintenance of standard transactions and code sets 25%46% • Educated business office on standard transactions and code sets 26%49% • Identified Electronic Data Interchange partners 43%67%
HCCA HIPAA Readiness Survey ResultsChange in HIPAA Compliance Activities from 2001 to 2002
Special Thanks To: Deloitte HCCA HIPAA Readiness Survey Results & Touche
HCCA HIPAA Readiness Survey Results Questions?