Click for Text-Only version
Back to CUA Home
The Catholic University of America - Campus Legal Clearinghouse
 
 
Collage of Pictures

Affirmative Action

ADA Compliance

Copyright

Employment
Quick Clicks
FedLaw
Publications, Video, & Web Tutorials
Q & A
Resources, Forms, & Checklists 		 

Environment

FERPA

GLB/Security

Harassment

HIPAA

Immigration

Religious Issues

Research & Patents

Student Life Issues

IDEA Scholarships

Campus Security

Tax
CLIC Home        CUA Policies        Text-Only        FedLaw        DC Law        Compliance Calendar       Compliance Partners        Links

 

HIPAA GAP ANALYSIS QUESTIONNAIRE

FOR

COLLEGE OR UNIVERSITY WITHOUT AN ACADEMIC MEDICAL CENTER

by Bettye S. Elkins, Esq.

© Miller, Canfield, Paddock and Stone, P.L.C.

February 2003

101 North Main Street, Seventh Floor

Ann Arbor, MI 48104

www.millercanfield.com

 

Definitions   Part 1   Part 2  Part 3

 

 

 

                                                                                    ____________________________________

                                                                                    Department or Unit

 

 

                                                                                    ____________________________________

                                                                                    Individual Submitting Report

 

 

                                                                                    (___)______

                                                                                    Telephone

 

                                                                                    ____________________________________

                                                                                    Date

 

Definitions:

 

As you identify and gather the information requested in this form, please take into account the following definitions: 

 

Electronic” or “Electronically” means created, executed, transcribed, accessed, modified, transmitted, stored, maintained, or retrieved in Electronic form using a computer system, local or wide area network, database, or dedicated lines or a public or private Internet or wireless communication.

 

“Health Plan” means any plan, insured or self-insured, covering health, vision, dental and prescription drugs but excluding worker’s compensation and disability plans. 

 

“Information Systems” means both financial information systems used by the Health Service or any POP and the clinical information systems used by the Health Service or a POP, and any other computer software that carries or uses PHI or Transactions. 

 

“Possible Other Provider” or “POP” is a unit or activity within the University that may be a Provider and a Covered Entity within the meaning of the HIPAA Privacy Regulations. 

 

Please identify each POP separately as follows: 

By name and administrative or educational unit,

Services provided,

Licenses, certifications or accreditations held by the POP, if any,

Population served -- students only, students and faculty/staff, individuals covered by a Health Plan or other contract with a third party payor,

Health Plan contracts and Provider ID Numbers, if any, 

Payment or other reimbursement arrangements with third parties that are not Health Plans,

Provider Identification Number, if any, for each Health Plan billed,

Manner of billing (hard copy or Electronic).  

“Protected Health Information” or “PHI” means health information transmitted or maintained in any form or medium that either identifies the individual or can reasonably be used to identify the individual and that;

1.      is created or received by a health care provider, Health Plan, employer and other designated entities; and

2.      relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or to the past, present or future payment for the provision of health care to an individual. 

 

“Security” means and includes four different kinds of protection, each of which needs to be separately identified and dealt with: 

 

1.      Physical safeguards, e.g., door, cabinet, file locks, proper locked storage of hardware and software and data, as well as Security personnel. 

2.      Electronic or physical technical data Security services.

3.      Technical Security mechanisms built into IS systems, user authorizations, passwords, firewalls, and so on.

4.      Administrative procedures and policies relating to the above that implement the above.

 

It is expected that Information Systems or other technical personnel will be primarily responsible for identifying items included in items 2 and 3 of this definition. 

 

“Third Party” means any Health Plan or other third party payer, third party administrator, third party billing agent, or third party hardware or software vendor, third party Information Systems services provider or consultant, or other outside entity with which you exchange health information or Protected Health Information or Transactions and Code Sets data Electronically. 

 

“Transactions” means activities undertaken to determine coverage for and obtain payment for health care.  The term includes items such as:

 

1.      Healthcare Claim or Encounter

2.      Enrollment and Disenrollment in a Health Plan

3.      Eligibility Verification

4.      Pretreatment Referral Authorization

5.      Claims Payment and Remittance advice

6.      Coordination of Benefits

 

Additional Transactions will be added by the Center for Medicare and Medicaid services in future regulations. Code Sets are not addressed on this Questionnaire.






links updated 6/9/08 rab
 

Last Revised 09-Jun-08 04:56 PM.