Privacy compliance. Privacy compliance checklist
Privacy compliance
Privacy compliance checklist
YXZ HOSPITAL: PRIVACY COMPLIANCE CHECKLIST
AREA EVALUATED: DATE:
Evaluation Questions Yes No
1. Are printouts containing PHI lying in open areas? 2. Are unattended work-stations logged off? 3. Are all the IT assets, which include PDA’s memory sticks among other assets locked away or are away from easily accessible areas? 4. Are the doors of the different rooms locked? 5. Are the physical components, for example, computer hardware or locks intact? 6. Are the alarms to some of the rooms that are not in use turned on, and the rooms locked? 7. Are the electronic mechanisms in the workstations in place as they should be? 8. Are some of the electronic sessions terminated after a predetermined period of inactivity? 9. Are the protection mechanisms that secure the hospital’s systems in place? 10. Is the audit trail for the security maintenance, whose recording is done by user id, time, location and date accessible? 11. Is the recording of the security report on users as well as access levels done as per the requirements? 12. Is there any documentation available in response to a possible security incidence? Memorandum
To:
From:
Subject:
Date:
Purpose:
The intention of this memorandum is to provide information on the new compliance checklist in place, which will be used during some of the random hospital walkthroughs. The walkthroughs are a way of ensuring that the members of staff, as well as other concerned stakeholders heed to the privacy policies set by the hospital.
Summary
The hospital takes note of the fact that information about the health of a patient is something personal. For this reason, it would be necessary to protect this information, and by creating a record on some of the privacy provisions in the hospital, it will be possible for the hospital to ensure the provision of quality care to its patients. On the other hand, the privacy provisions are necessary for ensuring compliance with some of the legal requirements governing the hospital.
The memorandum focuses on ensuring that the employees heed to their pledge as provided for by the law, to protect the privacy of the medical and personal health information (PHI) of the patients. PHI is information that is identifiable to an individual, which also includes demographic information collected from the patient, received or created by the healthcare provider a healthcare clearinghouse, the patient’s employer, or information from the patient’s health plan. This information relates to the patient’s mental or physical condition or health in the past, the present or the future. It also relates to the payment provision of the past, present and future health care and the provision of health care to the patient. It is a requirement by the law that any healthcare institution should maintain the privacy of the protected health information. For this reason, it is a requirement that all employees should be able to abide by the practices outlined in this notice regarding the privacy practices.
The compliance checklist
The new compliance checklist to be used in the walkthroughs outlines some, if not all, of the provisions that will ensure compliance to the privacy policies that are necessary for fulfilling the mandate set forth by the law. As aforementioned, the walkthroughs will be randomly conducted, which is a good provision that will ensure compliance all through. During the walkthroughs, the nursing manager will accompany the privacy and security officer, who will use the checklist to visit the relevant departments to determine the level of compliance. For the determination of the various departments the officers will be visiting, as well as the determination of the items in consideration in the checklist, it would be necessary for each employee to get a copy of the checklist from the human resource management office.
One of the important things to consider is that the walkthroughs are necessary for the identification and elimination of some of the deficiencies that might compromise the security of the patient information. By performing a physical security review of the health care operations in the hospital, there is a high probability of revealing any practices that might not ensure the protection of the patients’ private information. With this provision, it will be possible to correct some of the practices that are vital for making the patients’ information vulnerable to unauthorized access. Identifying the deficiencies is also necessary for the creation of a new workflow process, or for coming up with other storage methods that will fulfill the objectives of the privacy policies.
There are two phases to the correction of a patient’s private information. The first consideration is to reveal possible deficiencies to the protection of the health information, after which the implementation of appropriate changes will follow. With this consideration, each employee will be required to obtain a copy of the checklist. The checklist addresses the implementation of security provisions that are necessary for giving directions on the appropriate measures that each person should consider.
Reference
Pozgar, G. D., & Santucci, N. M. (2009). Legal essentials of health care administration. Sudbury, Mass: Jones and Bartlett Publishers.