|
Breach Risk Assessment |
HIPAA (45 CFR 164.530) |
WA RCW 42.19.255/HB 1071 |
Case #: | |||
|---|---|---|---|---|---|---|
|
Definitions |
Definitions | |||||
|
Exclusions |
Exclusions | |||||
|
Breach |
Breach |
Case Name: | ||||
|
Notification |
Notification | |||||
|
Time Frame |
Time Frame | |||||
|
Exceptions |
Exceptions | |||||
|
RISK ASSESSMENT | ||||||
|
Description |
Choose Best Option |
Score |
Choose Best Option |
Score |
Comments | |
|
Is Section Applicable? |
Applicable |
TRUE |
Applicable |
TRUE | ||
|
Content: Nature & Sensitivity of Info |
Content |
FALSE |
Content |
FALSE | ||
|
Person: Who was info disclosed to? |
Person |
FALSE |
Person |
FALSE | ||
|
Access: Was the info acquired or viewed? |
Access |
FALSE |
Access |
FALSE | ||
|
Mitigation: Has risk been mitigated? |
Mitigation |
FALSE |
Mitigation |
FALSE | ||
|
Calculation: Content + Person + Access - Mitigations = Risk Level |
SUBMIT REPORT? -2 THROUGH 1: Lowest Risk, No Report 2 THROUGH 5: Low Risk, No Report 6 THROUGH 9: Moderate Risk, Consider Reporting (depending on LoProCo) 10 THROUGH 14: Highest Risk, Consider Reporting (depending on LoProCo) |
0 |
SUBMIT REPORT? -2 THROUGH 1: Lowest Risk, No Report 2 THROUGH 5: Low Risk, No Report 6 THROUGH 9: Moderate Risk, Consider Reporting (depending on LoProCo) 10 THROUGH 14: Highest Risk, Consider Reporting (depending on LoProCo) |
0 | ||
|
BREACH EXCEPTIONS | ||||||
|
Description of Exceptions |
Not Applicable |
Not Applicable | ||||
|
LO PRO CO ANALYSIS | ||||||
|
Low Probability of Compromise? | ||||||
|
BREACH NOTIFICATION | ||||||
|
Breach Notification? | ||||||
|
Notification Date Calculation | ||||||
|
Accounting of Disclosures? | ||||||
|
Other Reporting Requirements | ||||||
|
SUMMARY OF INCIDENT | ||||||
|
PERSON COMPLETING ASSESSMENT | ||||||
|
Name: | ||||||
|
Title: | ||||||
|
Date: | ||||||
Risk Assessment
Resource: Privacy, Risk, and Discipline Assessment
Don't show this message again
Navigation
Table of Contents
- Front Matter
- Chapter 1: Healthcare Compliance Programs: From Murky Beginnings to Established Expectation
- Chapter 2: Healthcare Compliance Program Fundamentals
-
Chapter 3: Running an Effective Compliance Program
- Introduction to Running an Effective Compliance Program
- Developing Core Departmental Relationships
- Conducting an Organizational Compliance Assessment
- Hiring Compliance Staff
- Resource: Job Description, Compliance Officer
- Resource: Job Description, Vice President of Corporate Compliance
- Building Trust with Senior Management and the Board
- Educating Management and Physicians on Accountability
- Educating the Board and Defining Its Role
- Resource: Sample Board Report 1, Audit Status Update
- Resource: Sample Board Report 2, Quarterly Report
- Resource: Sample Board Report 3, Compliance Work Plan
- Resource: Sample Board Report 4, Annual Compliance Risk Assessment
- Risk Assessment and Management
- Resource: Sample Heat Map
- Resource: Sample Risk Assessment Summary
- Resource: Sample Risk Committee Charter
- Resource: Sample Risk Rating Survey
- Compliance Policies, Procedures, and Codes of Conduct
- Resource: Sample Policy Template
- Resource: Sample Policy Implementation Master Tracker
- Resource: Sample Written Standards Matrix
- Communication and Education
- Resource: Sample Communication Plan
- Compliance Training
- Resource: Designing Your Annual Compliance Education
- Resource: Sample Attestation Form
- Internal Reporting Systems
- Resource: Sample Non-Retaliation Policy
- Resource: Sample Corporate Compliance HelpLine Policy
- Resource: Reporting Poster
-
Chapter 4: Evaluation Processes, Investigations, and Noncompliance Response
- Introduction to Evaluation Processes, Investigations, and Noncompliance Response
- Government and Professional Resources
- Monitoring
- Auditing
- Resource: Sample Compliance Program Audit Plan
- Program Self-Assessment
- Internal Investigations
- Resource: Sample Checklist for Assessing Investigation Capabilities
- Resource: Sample Internal Investigations Policy
- Resource: Sample Upjohn Warning
- Resource: Sample Instructions to Witnesses
- Resource: Sample Evidence Collection Worksheet
- Resource: Sample Key Allegations Worksheet
- Resource: Sample Key Facts Worksheet
- Resource: Sample Investigation Report Form 1
- Resource: Sample Investigation Report Form 2
- Resource: Sample Policy Against Retaliation
- Discipline and Incentives
- Resource: Sample Evaluation Form
- Resource: Sample Recognition Letter
- Corrective Action Plans
- Root Cause Analysis
- Self-Disclosure and Return of Overpayments
- External Investigations
- Government Settlements: Corporate Integrity Agreements and Integrity Agreements
- Resources
- Auditing
-
Board and Committee Reports and Documents
- Resource: Sample Compliance Committee Charter
- Resource: Sample Compliance Committee Meeting Agenda
- Resource: Sample Compliance Committee Meeting Minutes
- Resource: Sample Compliance Committee Work Plan
- Resource: Sample Corporate Compliance Report
- Resource: Sample Governance, Compliance, and Ethics Committee Charter
- Resource: Sample Quality Committee Charter
- CMS Conditions of Participation
- General Compliance Program
-
Human Research
- Resource: Sample Deferral Checklist
- Resource: Sample Exempt Research Guidance Summary
- Resource: Sample Flexible Guidance Summary
- Resource: Sample Project Transition Form
- Resource: Sample IRB Review Worksheet/Checklist
- Resource: Sample Limited IRB Review Guidance Summary
- Resource: Sample Minimal Risk Research Guidance Summary
- Resource: Sample Human Research Transition Chart
- Resource: Sample Single IRB Review Guidance Summary
- Institutional Research
- Internal Investigation
- Measuring Program Effectiveness
- Monitoring
- Post-Acute Care
- Provider-Based Rules and Regulations
- Risk Assessment
-
Chapter 5: Key Laws in Healthcare Compliance
- Anti-Kickback Statute
- Civil Monetary Penalties Law
- Emergency Medical Treatment and Labor Act
- False Claims Act
- Foreign Corrupt Practices Act
- Health Information Technology for Economic and Clinical Health Act
- Health Insurance Portability and Accountability Act of 1996
- Physician Payments Sunshine Act (Affordable Care Act)
- Physician Self-Referral Law (Stark Law)
- Resource: Stark Law Compliance Checklist for Commercial Reasonableness Review
- Resource: Sample Stark Law Compliance Checklist for Employee Arrangement Exception
- Resource: Sample Stark Law Compliance Checklist for Fair Market Value Arrangement Exception
- Resource: Sample Stark Law Compliance Checklist for Personal Services Arrangement Exception
-
Chapter 6: Healthcare Compliance Risk Areas
- Artificial Intelligence
- Clinical Research
- Conflicts of Interest
- Contracts with Referral Sources
- EMTALA
-
Health Information Management
- Health Information Management: Coding Compliance Audits and Third-Party Reviews
- Health Information Management: Coding with ICD-10 Clinical Modification (ICD-10-CM)
- Health Information Management: Coding with ICD-10 Current Procedural Terminology/Healthcare Common Procedure Coding System (ICD-10-CPT/HCPCS)
- Health Information Management: Coding with ICD-10 Procedure Coding System (ICD-10-PCS)
- Health Information Management: Effects of Complex Coding Guidelines and Increased Workloads
- Health Information Management: Electronic Health Record Systems
- Health Information Management: Patient Access, Information Blocking, and the 21st Century Cures Act
- Patient Care
-
Patient Privacy and Security
- Patient Privacy and Security: Business Associates
- Resource: Business Associate Agreement Checklist and Considerations
- Patient Privacy and Security: Cyberattacks
- Patient Privacy and Security: Hybrid Work Environment
- Resource: Sample Temporary Work from Home Agreement
- Patient Privacy and Security: Identity Theft
- Patient Privacy and Security: Protected Health Information
- Patient Privacy and Security: Right to Access
- Patient Privacy and Security: Social Media
- Pharmacy
- Physician Compensation
- Post-Acute Care
- Provider-Based Rules and Regulations
-
Revenue Cycle
- Revenue Cycle: 3-Day Payment Rule
- Revenue Cycle: The 60-Day Rule—Medicare and Medicaid Overpayments
- Revenue Cycle: Advance Beneficiary Notice of Noncoverage
- Revenue Cycle: CARES Act Relief Funds
- Revenue Cycle: Credit Balances
- Revenue Cycle: Denials Management
- Revenue Cycle: Government Audits
- Revenue Cycle: Hospital Discharge Appeal Notices
- Resource 1: Detailed Notice of Discharge
- Resource 2: Notice of Denial of Medical Coverage
- Revenue Cycle: Incident-to Billing
- Revenue Cycle: Implantable Medical Device Credit Reporting
- Revenue Cycle: Surprise Billing and the No Surprises Act
- Vendor Management
- Whistleblowers
- Back Matter