| CRITERIA MEASURE |
Met |
Not Met |
Comments |
Refer to Department |
 Privacy Officer is appointed |
|
|
|
|
| Patients sign HIPAA notifications upon initiation of care |
|
|
|
|
| Staff is trained at orientation and at least annually |
|
|
|
|
| HIPAA requirements do not interfere with care |
|
|
|
|
| Patients and staff are educated regarding patient rights |
|
|
|
|
| Patients are not photographed without written consent |
|
|
|
|
| Information is exchanged in private areas, free from visual and auditory discovery |
|
|
|
|
| Policy describes methods for patient information exchange between staff |
|
|
|
|
| Security risks are identified and managed |
|
|
|
|
| HIPAA vendor agreements are signed |
|
|
|
|
| Speaker phones are prohibited in patient areas |
|
|
|
|
| Disciplinary actions are clearly stated for breaches of confidentiality |
|
|
|
|
| HIPAA violations are reported to the identified supervisor |
|
|
|
|
| Public scheduling boards are in compliance with HIPAA |
|
|
|
|
| Central telephone system operators are educated regarding HIPAA regulations |
|
|
|
|
| All property containing patient identification is destroyed in compliance with HIPAA regulations: prescription labels, syringes, etc. |
|
|
|
|
| Unattended computer screens revert to sleep mode to avoid inadvertent HIPAA violation |
|
|
|
|
Copyright © OmniSure Consulting Group, Inc., 2008
|
