privacy office roadmap-1 - weill cornell medicine · 2017-07-18 · servicenow, fairwarning,...

FY15 Q3 FY15 Q4 FY16 Q1 FY16 Q2 FY16 Q3 FY16 Q4 HIPAA TRAINING HIPAA POLICY UPDATES/ DEVELOPMENT Privacy Office Offer monthly Privacy Workshops: Release of Information Authorization, General HIPAA Refresher, Notice of Privacy Practice Fundraising RISK ASSESSMENT Evaluate HIPAA Training Compliance every six months Launch Annual FY 2016 HIPAA Update Training: Staff Final Set-up of HIPAA Training for MDs: IE11, Pre-booking, Certificate Mailing ✓ LEGEND Firm Timeframe Ongoing Timeframe Milestone Completed Milestone Delayed Milestone Tentative Timeframe Launch Annual FY 2016 HIPAA Update Training: Physicians Plan, Build, and Test HIPAA Update Training for FY2016 Launch Annual 2016 Update Training: Attestation Privacy Office Website Intranet Update RISK ASSESSMENT Evaluate HIPAA Training Compliance every six months Wrap up HIPAA 2014 Staff Training WTMS; Apply Sanction for Delinquencies HIPAA Training for MDs Post-Implementation of WTMS non- employee registration solution, discontinue MyCertificates, analyze/archive training records Authorization for Release of PHI and Revocation of Authorization Sanctions Policy/ Accountability Matrix Protecting PHI during Disaster Mode/ Contingency Plan Accounting of Disclosures Use and Disclosure of PHI for Research HIPAA Deidentification & Honest Broker Patient Requests for Amendment to Medical Record Privacy Risk Assessment Policy Offisite Storage of PHI/Record Retention/Purging of Records Retention of Voice Recordings (Phone Records) with PHI Retention of Records with PHI Annual Policy Review as part of RISK ASSESSMENT Authorization for HIE ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Marketing ✓ ✓ ✓ ✓ ✓ ✓

Upload: vuongque

Post on 17-Jun-2018

217 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Privacy Office Roadmap-1 - Weill Cornell Medicine · 2017-07-18 · ServiceNow, FairWarning, SharePoint Offsite storage survey. Part One: Where are we storing? LEGEND Firm ... Microsoft

FY15Q3 FY15Q4 FY16Q1 FY16Q2 FY16Q3 FY16Q4

HIPAATRAINING

HIPAAPOLICYUPDATES/

DEVELOPMENT

Privacy Office

OffermonthlyPrivacyWorkshops:ReleaseofInformationAuthorization,GeneralHIPAARefresher,NoticeofPrivacyPractice

Fundraising

RISKASSESSMENTEvaluateHIPAATrainingComplianceeverysixmonths

LaunchAnnualFY2016HIPAAUpdateTraining:Staff

FinalSet-upofHIPAATrainingforMDs:IE11,Pre-booking,CertificateMailing

✓ LEGENDFirmTimeframe

OngoingTimeframe Milestone Completed

MilestoneDelayedMilestone

TentativeTimeframe

LaunchAnnualFY2016HIPAAUpdateTraining:Physicians

Plan,Build,andTestHIPAAUpdateTrainingforFY2016

LaunchAnnual2016UpdateTraining:Attestation

PrivacyOfficeWebsiteIntranetUpdate

RISKASSESSMENTEvaluateHIPAATrainingComplianceeverysixmonths

WrapupHIPAA2014StaffTrainingWTMS;ApplySanctionforDelinquencies

HIPAATrainingforMDs

Post-ImplementationofWTMSnon-employeeregistrationsolution,discontinueMyCertificates,analyze/archivetrainingrecords

AuthorizationforReleaseofPHIandRevocationofAuthorization

SanctionsPolicy/AccountabilityMatrix

ProtectingPHIduringDisasterMode/ContingencyPlan AccountingofDisclosures

UseandDisclosureofPHIforResearch

HIPAADeidentification&HonestBroker

PatientRequestsforAmendmenttoMedicalRecord

PrivacyRiskAssessmentPolicy

OffisiteStorageofPHI/RecordRetention/PurgingofRecords

RetentionofVoiceRecordings(PhoneRecords)withPHI

RetentionofRecordswithPHI

AnnualPolicyReviewaspartofRISKASSESSMENT

AuthorizationforHIE

✓

✓ ✓

✓

✓ ✓

✓

✓ ✓

Marketing

✓

Page 2: Privacy Office Roadmap-1 - Weill Cornell Medicine · 2017-07-18 · ServiceNow, FairWarning, SharePoint Offsite storage survey. Part One: Where are we storing? LEGEND Firm ... Microsoft

FY15Q3 FY15Q4 FY16Q1 FY16Q2 FY16Q3 FY16Q4

BUSINESSASSOCIATE

AGREEMENTS

PRIVACYINCIDENT

MANAGEMENT

PRIVACYRISKASSESSMENTS

FAIRWARNINGMONITORING

CENTRALIZEROI

Privacy Office

Post-ImplementationofFairWarning–varioussamplingroutinesatdesignatedtimes(vs.perpetual)

Selectcentralizeddatabase–ServiceNow,FairWarning,SharePoint

Offsitestoragesurvey.PartOne:Wherearewestoring?

✓ LEGENDFirmTimeframe

OngoingTimeframe Milestone Completed

MilestoneDelayedMilestone

TentativeTimeframe

BeginRelationshipReviewProcessRolloutBAASharePointWorkflowtoallDepartmentstoInclude

ActiveVendorReviewannuallyforPossible

MissedBAAsaspartofRISKASSESSMENT

ActiveVendorReviewannuallyforPossibleMissedBAAsaspartofRISKASSESSMENTImplementprocesstosurveyBAAsaspart

ofRISKASSESSMENTduringrelationshipreview

ImplementIncidentReviewCommitteeandMeetBi-Monthly

EndofYearReportingtoHHS-OCR

Formulateproposalandbusinessplantosetupcentralunittomanagerecordrequests,patient-requestedaccountingofdisclosures,andpatient-requestedrecordamendments.

Offsitestoragesurvey.PartTwo:Purgeprocessesofoldrecord

HHS-OCRMockResponse(auditorinvestigation)Project HHS-OCRMockResponse

(auditorinvestigation)Project

Walk-ThroughSurveyPracticeSites,onedepartmentpermonth

FairWarningSetUpProject

✓