Form Approved
OMB No. 0990-
Exp. Date XX/XX/20XX
The goal of this assessment is for OPA to learn about what privacy and security practices and policies already exist throughout the Title X network. The information will help OPA better prepare to receive de-identified encounter-level data for FPAR 2.0 and inform OPA of the anticipated technical assistance needs of the community.
The best person to complete this assessment is someone who works in a Title X-funded health center and whose role includes supporting records administration, site administration, privacy or human resources.
If you are in a network consisting of multiple Title X-funded health centers, please think of the largest center (in terms of patient volume) in your network, as you answer the following questions.
All key words, underlined throughout this assessment, will be defined appropriately as per HIPAA using links/mouse-over technology.
Which of the following does your organization do to provide clients with notice of your privacy practices and how you use and disclose their Protected Health Information (PHI)? (check all that apply)
Have a written policy
Have a poster hanging on the walls of our waiting room
Have a notice posted on our website
Provide all new clients with a pamphlet
Client signs paperwork that they have been notified about HIPAA
Have an informal process to discuss privacy with the client
Have a documented process to discuss privacy with the client
All staff are trained on the basics of how to discuss privacy with the client
Don’t know
Other (Please explain) __________________________________________
Which of the following does your organization do to respond to client complaints about privacy or to requests for amendments, restrictions or for access to their information? (check all that apply)
Have a written policy
Have an informal process to record and respond to a complaint or request
Have a documented process to record and respond to a complaint or request
Train all staff on how to collect, document, and respond to client complaints or requests that related to privacy
Use software to collect complaints or document requests
Have a form to collect the complaints or requests
Have a designated point person in the organization to escalate complex complaints or requests
Don’t know
Other (Please explain) __________________________________________
In an average month, how many clients typically make a request for restrictions, access to their information, amendment or to log complaint about privacy (i.e., how disruptive to your clinical practice are privacy-related requests)?
|
None |
1-10 |
11-25 |
26-50 |
50+ |
ALL |
We do not keep track of such requests |
Other (Please explain) |
Requests for Restrictions |
|
|
|
|
|
|
|
Open text field |
Requests for Access |
|
|
|
|
|
|
|
Open text field |
Requests for Amendment |
|
|
|
|
|
|
|
Open text field |
Complaints
|
|
|
|
|
|
|
|
Open text field |
In the event of a breach, which of the following does your organization do to prepare to handle privacy and security incidents or breaches? (Check all that apply)
Have a written policy
Have an informal process to identify, escalate, notify and manage breaches?
Have a documented process to identify, escalate, notify and manage breaches?
Train all staff on how to identify, and escalate breaches?
Have a form or method to record breach investigations and notifications?
Have a designated point person in the organization to escalate suspected breaches?
Don’t know
None of the above (Please explain)________________________________________
Other (Please explain) __________________________________________
Which of the following does your organization do to obtain authorization, where needed, for the use or disclosure of a client’s PHI?
Have a written policy describing how and when to request and record authorization
Have an informal process to request and record authorization
Have a documented process to request and record authorization
Train all staff on how to request and record authorization
Use software to request and record authorization
Have a form to request and record authorization
Have a designated point person in the organization to request and record authorization
Don’t know
Other (Please explain) __________________________________________
Which of the following does your organization do to encourage that the minimum necessary PHI is used or disclosed?
Have a written policy
Have an informal process to record and respond to a complaint or request
Have a documented process to record and respond to a complaint or request
Train all staff on how to collect, document, and respond to client complaints or requests that related to privacy
Use software to collect complaints or document requests
Have a form to collect the complaints or requests
Have a designated point person in the organization to escalate complex complaints or requests
No formal, written process for documentation or policy manual
No designated point person
Don’t know
Other (Please explain) __________________________________________
What procedures or technologies does your organization have in place to log disclosures of PHI?
Meaningful Use Compliant audit software
Other audit software
Manual sign-in/sign-out sheets
Written log/notebook
None
Other (Please describe) _________________________________________
Please describe any additional privacy or security safeguards not mentioned in this survey that your organization has worked hard to implement and that you feel are important for the protection of your clients’ privacy. Examples might include: access control, de-Identification, encryption, methods for ensuring remote access policies, risk assessment and mitigation, or secure email capability.
___________ _________________________________________________________________
___________ _________________________________________________________________
Which of the following best describes your organization’s primary Title X-funding status? (select one, *optional)
Grantee (we receive Title X funds from the Office of Population Affairs)
Sub-recipient/delegate (we receive Title X funds from a Title X grantee organization)
Service site (we receive Title X funds from a subrecipient/delegate organization)
Not sure
Which of the following best describes your workplace setting? (Select one)
Health department (e.g., state, county, local)
Hospital-based
Planned Parenthood
Free-standing Family Planning Organization
Community health center/Federally Qualified Health Center
Tribal health center
University-based
School-based
Faith-based
Correctional facility-based
Other private, non-profit
Other, please specify: _____________________________
How many Title X visits did your organization report in your most recent annual FPAR submission (e.g., visits in calendar year 2014)?
<1,000
1,000-9,999
10,000-49,999
50,000-100,000
100,000-500,000
>500,000
Not sure
What best describes your primary role at your workplace? (Select one)
Billing/Finance Assistant
Clinical Provider
Community Outreach Staff
Front Desk/Reception
Health Educator/Counselor/Health Care Associate/Medical Assistant
Manager/Administrator/Center Coordinator
Nurse
Privacy and/or Security Officer
Other, please specify: _____________________________
What state is the health center located in that you thought about as you answered the above questions?
_ _
Currently, the electronic health record system this health center is using is: SOFTWARE NAME and VERSION NUMBER
This health center is not yet using an EHR
I am not sure which EHR this health center is using
Thank you for providing us with this important information! If you would like the OPA Health IT Team to follow-up with you to discuss any successes, challenges or questions you might have in regards to your current privacy and security practices, please email us at [email protected] and someone will be in touch with you as soon as possible.
According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. The valid OMB control number for this information collection is 0990-xxxx . The time required to complete this information collection is estimated to average ___hours/ minutes per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and review the information collection. If you have comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please write to: U.S. Department of Health & Human Services, OS/OCIO/PRA, 200 Independence Ave., S.W., Suite 336-E, Washington D.C. 20201, Attention: PRA Reports Clearance Officer
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Christina Lachance |
File Modified | 0000-00-00 |
File Created | 2021-01-25 |