Challenging HIPAA Omnibus Compliance 2019

Yes

I don't know

Training and educating workforce in compliance changes

Revising business associate agreements

Getting new business associates to sign business associate agreements

Revising breach assessment and notification procedures

Providing individuals with electronic access to their protected healthcare data

Modifying notices of privacy practices

Restricted disclosures to health plans when patients pay for services out of pocket

Revising policies related to PHI used for fundraising

Restricting sale of protected health information and complying with revised definition of marketing

Other (please specify)

Modified business associate agreements to provide more details

Revised our policies for business associates reporting breaches to our hospital or the hospital system

Required completion of security questionnaire

Obtained copy of their security policy

Obtained a cop of their security audit

Commissioned a third party validation of policies and procedures

Other (please specify)

We have instituted the "four factors' spelled out in HIPAA Omnibus in assessing whether PHI was breached

We ave made other revisions to our breach assessment processes

We have dropped the "harm standard" consideration when assessing whether breaches should be reported

Other (please specify)

Yes

We have already used the plan in a real-life security breach

Customer records compromised or unavailable

Employee records compromised

Loss or damage of internal/operations records

Other (please specify)

Incomplete

Dropped while failing

Dropped while passing