Skip to content
Challenging HIPAA Omnibus Compliance 2019
1.
Does your hospital/healthcare organization have a detailed plan in place to comply with the HIPAA Omnibus Rule?
Yes
No
I don't know
2.
What are the biggest challenges in implementing the HIPAA Omnibus Rule?
Training and educating workforce in compliance changes
Revising business associate agreements
Getting new business associates to sign business associate agreements
Revising breach assessment and notification procedures
Providing individuals with electronic access to their protected healthcare data
Modifying notices of privacy practices
Restricted disclosures to health plans when patients pay for services out of pocket
Revising policies related to PHI used for fundraising
Restricting sale of protected health information and complying with revised definition of marketing
Other (please specify)
3.
What steps as your organization taken to ensure that your business associates that have access to protected health information are HIPAA compliant as required under the HIPAA Omnibus Rule?
Modified business associate agreements to provide more details
Revised our policies for business associates reporting breaches to our hospital or the hospital system
Required completion of security questionnaire
Obtained copy of their security policy
Obtained a cop of their security audit
Commissioned a third party validation of policies and procedures
Other (please specify)
4.
What changes has your hospital organization made to your Breach Assessment policies or procedures to comply with the HIPAA Omnibus breach notification rule?
We have instituted the "four factors' spelled out in HIPAA Omnibus in assessing whether PHI was breached
We ave made other revisions to our breach assessment processes
We have dropped the "harm standard" consideration when assessing whether breaches should be reported
Other (please specify)
5.
Has your hospital conducted a test to see if its breach notification plan will work in a real-time breach situation?
Yes
No
We have already used the plan in a real-life security breach
6.
What has been the impact of security incidents at your facility/hospital?
Customer records compromised or unavailable
Employee records compromised
Loss or damage of internal/operations records
Other (please specify)
7.
How would you grade the effectiveness of your hospital's security training and awareness activities for your organization's staff members and physicians?
A
B
C
D
F
Incomplete
Dropped while failing
Dropped while passing
