CHPC Study Group

Treasure Hunt Exercise

  • 1.  Treasure Hunt Exercise

    Posted 03-29-2020 01:09 PM
    I'm going to be using these "Treasure Hunt" exercises as a way for people to find "stuff" in the regulations...so here's the first one.

    Set Up:
    We often hear that to comply with the HIPAA regulations, organizations must implement policies and procedures.  OK...that makes sense but has anyone ever clearly shown whether or not this is an actual requirement.  I mean, sure it makes total sense since a HIPAA compliance program is essentially a compliance program.  That being said, P&Ps are an element of a compliance program, Therefore, a HIPAA compliance program must have P&Ps...totally legit logical statement.  However, it doesn't answer the question if having such P&Ps are required, and if so, what direction is provided in the regulations.  Aha...now that's the question.  So this Treasure Hunt asks people to find the following...if it exists at all.

    The treasure:
    Find where in the regulations there is specific mention, or maybe there is not anything that specific, as to what do the P&Ps related to the Privacy, Breach, and Security Rules need to comply with.  Hint...finding whether or not this section exists will help you identify if you must have a P&P that speaks to uses and disclosures for specialized government functions.

    Good luck!

    ------------------------------
    -------------Frank "Snake Bite Leader" Ruelas--------------
    ► We don't fail unless we quit! ◄
    Link to list of live Webs:
    https://bit.ly/Web_Links
    Bill Wong's Resource Folder: https://bit.ly/BillWong

    ░ Pass the Exam Group for 2020 ░
    Melissa Singleton - Jan - CHPC
    Julie Clutter - Jan - CHPC
    Tanisha Grant - Feb - CHC
    Lisa Bibby - Jan - CHPC
    Kelly Puida - Mar - CHPC
    Christina Serrano - Mar - CHC
    ------------------------------
    Certification Disclaimer


  • 2.  RE: Treasure Hunt Exercise

    Posted 03-30-2020 08:28 AM
    45 CFR @ 164.530(i)(1) Standard: Policies and procedures. A covered entity must implement policies and procedures with respect to protected health information...

    and

    45 CFR @ 164.530(j)(1) Standard: Documentation. A covered entity must:
    (i) Maintain the policies and procedures provided for in paragraph (i) of this section in written or electronic form;

    ------------------------------
    Carl Russell
    Compliance Analyst, CHPC
    Delta Dental of Idaho
    Boise,ID

    Anything I say is my sole opinion and not of my company.
    ------------------------------

    Certification Disclaimer


  • 3.  RE: Treasure Hunt Exercise

    Posted 03-30-2020 08:34 AM
    Carl..you are the warmest yet...as I see you found some of the treasure as it relates to the Privacy Rule...now the missing pieces of treasure are for the Security and Breach Rules...let's see if someone can find them...if they exist, that is!

    ------------------------------
    -------------Frank "Snake Bite Leader" Ruelas--------------
    ► We don't fail unless we quit! ◄
    Link to list of live Webs:
    https://bit.ly/Web_Links
    Bill Wong's Resource Folder: https://bit.ly/BillWong

    ░ Pass the Exam Group for 2020 ░
    Melissa Singleton - Jan - CHPC
    Julie Clutter - Jan - CHPC
    Tanisha Grant - Feb - CHC
    Lisa Bibby - Jan - CHPC
    Kelly Puida - Mar - CHPC
    Christina Serrano - Mar - CHC
    ------------------------------

    Certification Disclaimer


  • 4.  RE: Treasure Hunt Exercise

    Posted 03-30-2020 11:33 AM
    Here is my shot at it.
    Security 164.306(a) and 264.306(b)(1)  Have and maintain P&Ps
    Breach  164.414(a)  Comply with 164.530(i)(1) and 164.530(j)(1)
    Privacy  164.530(i)(1) and 164.530(j)(1)  Have and maintain P&Ps


    ------------------------------
    Lloyd Hemmert
    Compliance & Ethics Officer
    Hill Country MHDD Centers
    Kerrville,TX
    [lhemmert@hillcountry.org]
    ------------------------------

    Certification Disclaimer