Section: Administrative Requirements

 

Question #

HIPAASaysÔ Topic

Law

3

Assigned Security Responsibility

164.308 (a)(2)

5

Security Management Process

164.308 (A)(1)

8

Safeguards and Mitigation

164.530 (f)

164.530 (c)

10

Security Training

164.308 (a)(5)

 

 

Instructions: Review and re-answer these questions, as additional documentation requirements must be met.  Your organization is required to implement the appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI).

 

 

Section: Contracts and Agreements

 

Question #

HIPAASaysÔ Topic

Law

1

Business Associates

164.502 (e)

2

Business Associate Contracts

164.504 (e)

N/A

Chain of Trust (eliminated)

N/A

 

 

Instructions:  Please review this section and re-answer these questions, as additional documentation requirements must be met.  The Chain of Trust requirement was eliminated in the Final Security Rule and additional wording was added to the Business Associate Contract requirements to protect information that is exchanged electronically.  A Business Associate identification tool has been added and should be reviewed.

 

 

Section: Uses and Disclosures of Protected Health Information

 

Question #

HIPAASaysÔ Topic

Law

9

Personal Representatives

Deceased Individuals

164.502 (g)

164.502 (f)

10

Minimum Necessary Disclosure

164.514(d)

 

 

Instructions:  Please review this section and re-answer the questions, as additional documentation has been included.

 

 

New Documentation
Topic

Sample Policy Personal Representatives

Personal Representatives

Workforce Analysis Worksheet

Designated Records Set Worksheet

Minimum Necessary Disclosure

Minimum Necessary Disclosure

Section: Individual Rights

 

 

Instructions:  There are no changes to this section.

 

 

Section:  Security

 

Question #

HIPAASaysÔ Topic

Law

N/A

Security Configuration Management (eliminated)

N/A

1-5

Contingency Plans

164.308(a)(7)

6

Device and Media Controls

164.310(d) (1)

7-9

Information Access Management

Access Controls

Workforce Security

164.308(a)(4)

164.312(a)(1)

164.308(a)(3)

10-11

Facility Access Controls

164.310(a)(1)

15-16

Transmission Integrity and Security

164.312 (c)(1)

164.312 (d)

164.312 (e) (1)

17

Audit Controls

Information System Activity Review

164.312(b) 164.308 (a)(1)

18

Evaluation

164.308 (a)(8)

 

 

Instructions:  Please review this section and re-answers these questions, as additional documentation requirements have been included.  The Security Configuration Management requirement was eliminated in the Final Security Rule.

 

 

Section:  Transaction Standards

 

 

Instructions:  There are no changes to this section.

 

 

Section:  Preemption of State Law

 

 

Instructions:  There are no changes to this section.