Frequently Asked Questions About General Topics
How do I get on the local health department coordinator mailing list?
How do I get started with HIPAA compliance?
What do the HIPAA Regulations mean by "public health authority activities?"
As HIPAA consultant, are you familiar with the company TM Floyd?
How can I get a copy of my Information Flow Assessment if I entered it on the HIPAA PMO website?
Are all the deliverables sent to the local HIPAA coordinators?
Is there a sample job description available for local HIPAA Coordinator?
How do I subscribe to the Institute of Government's listserv?
Q.
How do I get on the local health department coordinator mailing list?
A. Consult with your local health director to determine who should be
designated as the local HIPAA coordinator for your health department.
Notify Frances Q. Taylor at frances.q.taylor@ncmail.net
with name, phone and fax numbers, and email address to be added to the
local coordinator mailing list.
Q.
How do I get started with HIPAA compliance?
A. Initial steps include the following:
- First determine if your agency is covered under HIPAA.
- Educate agency management and identify sources of funds available
- Designate a local agency HIPAA coordinator and define their roles and responsibilities
- Attend HIPAA training sessions
- Appoint a HIPAA implementation team within your department that includes management and first-line staff members
- Conduct base-line assessments such as Information Flow Assessment and EDI assessments
- Evaluate assessments and determine gaps within the agency
- Prioritize the gaps to develop a risk assessment
- Evaluate systems/software and work with outside vendors
- Educate staff on HIPAA regulations and why your agency must comply
Q.
What do the HIPAA Regulations mean by "public health authority activities?"
A. "Public Health Authority" is defined as an agency or authority
of the United States, a State, a territory, a political subdivision of
a State or territory, or an Indian tribe, or a person or entity acting
under a grant of authority from or contract with such public agency, including
the employees or agents of such public agency or its contractors or persons
or entities to whom it has granted authority, that is responsible for
public health matters as part of its official mandate. " Part 164.501
Q.
Can we compile a list of all questions/answers from local public health
departments to send to locals to share?
A. Yes. A website is being developed to satisfy this request.
Q.
As HIPAA consultant, are you familiar with the company TM Floyd?
A. I am aware of the company and have met several of their representatives.
I am not familiar with their presentations, costs, or services provided.
You may wish to contact other health departments with whom they have met
(Dare, Halifax, Iredell, Onslow).
Q.
After following the directions on how to view contract vendors on the
website, I was not able to locate a category for HIPAA. What category
should be used from the drop-down menu box?
A. To view the state's convenience contract listing, please view the following
website:
http://www.its.state.nc.us/ITProcurement
- then choose "Convenience Contracts" on the menu at the left
- then choose "IT Supplemental Staffing" listed in the box in the middle of the screen
- then choose "categories" listed in the text paragraph
- then from the drop-down menu box, choose the desired category, depending on the type of assistance desired.(Some examples are: Project Management Services, Network Security Services, Electronic Commerce/EDI, Computer Systems Security, etc. You must then contact a vendor within that category and inquire about their HIPAA related services.)
- then choose "rates"
in the text paragraph
The last page entitled "rates" may load very slowly, especially on a dial-up modem connection.
Q.
My email won't accommodate large attachments, how can I get a copy of
the Information Flow Assessment and User Guide?
A. Assessments and user guides are available from the NC DHHS HIPAA Project
Management (PMO) website: http://dirm.state.nc.us/hipaa
Q.
Is it a requirement to enter the Information Flow Assessment for my department
on the web-based tool that is located on the HIPAA PMO website?
A. No.
Q.
How can I get a copy of my Information Flow Assessment if I entered it
on the HIPAA PMO website?
A. Go to the HIPAA PMO website at http://dirm.state.nc.us/hipaa
and click on the "Information Flow Assessment" link. Log in
with your user id and password and visit the page on which you entered
your assessment. You may display and print a copy of each individual workgroup
assessment and you may also display and print a summary of your assessments
by clicking on the "Print A Summary" button at the bottom of
the page. It is important to keep copies of your assessments to document
due diligence of your HIPAA compliance efforts.
Q.
Would the inter-county public transportation authority fall under HIPAA
guidelines if they are included in the health department's budget and
payroll?
A. Although they may not be a covered component, they would be a part
of the overall covered entity and how they would be affected would depend
upon how implementation is being administered in your agency and county.
Q.
Are all the deliverables sent to the local HIPAA coordinators?
A. Yes. All the deliverables are sent to the local health directors via
the health directors' listserv from the Chief of the Office of Local Health
Services, Division of Public Health. In addition, the same deliverables
are sent to local HIPAA coordinators from the HIPAA Consultant.
Q.
Is there a sample job description available for local HIPAA Coordinator?
A. There is no job description available for a local HIPAA Coordinator.
The role of HIPAA Coordinator seems to be one that has been "tacked"
onto an existing person's responsibilities who will serve during the implementation
phase of HIPAA. As most people see it, the role of HIPAA Coordinator is
temporary and will be phased out over time as privacy officer and security
officer duties will replace the coordinator's role. A one page document
of suggested roles and responsibilities for a local HIPAA coordinator
was distributed in January 2002 as part of the first packet of deliverables.
Please refer to this document for detailed suggestions.
Q.
Does the HIPAA regulations cover individually identifiable information
that is displayed on computer screens? Do covered entities have an obligation
to implement safeguards to prevent unauthorized personnel from viewing
information displayed on computers monitors?
A. Yes. There are provisions in the Privacy Rule and the Security Rule
that obligate covered entities to implement safeguards to prevent unauthorized
personnel from viewing any individually identifiable health information.
Q.
How do I subscribe to the Institute of Government's listserv?
A. Instructions:
- Go to the website http://www.medicalprivacy.unc.edu/listserv.htm
- On the first page, scroll down to "To Subscribe or unsubscribe from the listserv," then click on "Click here."
- On the next page, scroll down to "If you are not a member." Click on the shaded bar that says "Join Medical Privacy."
- Complete the requested information on the next page, then click on "Save" at the bottom of the page.
- The next step says, "Your Join Request has been Saved. An administrator will now need to approve you."
- An email response will be provided to you. Once that occurs, you can assign yourself a password by simply typing in a password in the required space.
| FAQ Home Page | Electronic Data Interchange (EDI) |
| Privacy | Provider Identifiers |
| Security | Training |