Challenging HIPAA Omnibus Compliance Question Title * 1. Does your hospital/healthcare organization have a detailed plan in place to comply withthe HIPAA Omnibus Rule? Yes No I don't know Question Title * 2. What are the biggest challenges in implementing the HIPAA Omnibus Rule? Training and educating workforce n compliance changes Revising business associate agreements Getting new business associates to sign business associate agreements Revising breach assessmet and notification procedures Providing individuals with electronic access to their protected healthcare data Modifying notices of privacy practices Restricted disclosures to health plans when patients pay for services out of pocket Reviing policies related to PHI used for fundraising Restricting sale of protected health infomrmation and complying with revised definition of marketing Other (please specify) Question Title * 3. What steps as your organization taken to ensure that your business associates that have access to protected health information are HIPAA complant as required under te HIPAA Omnibus Rule? Modified business associate agreements to provide more details Revised our policies for business associates reporting breaches to our hospital ...or the hospital system Required completion of security questionairre Obtained copy of their security policy Obtained a cop of their security audit Commissioned a third party validation of policies and procedures Other (please specify) Question Title * 4. What changes has your hospital organization made to your Breach Assessent policies or procedures to comply with the HIPAA Onibus breach notification rule? We have instituted the "four factrs' spelled out inHIPAA Omnibus in assessing whether PHI was breaced We ave made other revisions to our breack assessent processes We have dropped the "harm standard" consideration when assessing whether breaches should be reported Other (please specify) Question Title * 5. Has your hospital conducted a test to see if its breach notification plan will work in a real time breach situation? Yes No we have already used the plan in a real-life security breach Question Title * 6. What has been the impact of security incidents at your facilty/hospital? Customer records compromised or unavailable Employee records compromised Loss or damage of internal/operations records Other (please specify) Question Title * 7. How would you grade te effectiveness of your hospital's securotu training and awareness activities for your organization's staff members ad physicians? A B C D F Incomplete Dropped while failing Dropped while passing Done